home

setup.exe

Tuguu SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu SL has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from www.lpcloudbox302.com.
Publisher:
Tuguu SL  (signed and verified)

MD5:
a556efe27fee431502e100eb3134203f

SHA-1:
9efe6b855148950404844e520c9155493574135e

SHA-256:
9e105ab68fa9c96e45fd804de111eef30813874e1ab59781e7f5f9b18b9be74d

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 7:48:18 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.139.20

avast!
Win32:Installer-U [PUP]
2014.9-140502

AVG
DomaIQ_r.G
2015.0.3533

Dr.Web
Adware.Downware.2259
9.0.1.0122

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9600

herdProtect (fuzzy)
variant of setup(5).exe (Adware)
2014.5.2.3

IKARUS anti.virus
AdWare.DomaIQ
t3scan.2.2.29

Malwarebytes
PUP.Optional.DomaIQ
v2014.05.02.03

Panda Antivirus
PUP/MultiToolbar.A
14.03.17.01

Reason Heuristics
PUP.Installer.TuguuSL.F
14.8.7.18

Rising Antivirus
PE:Malware.DomaIQ!6.1627
23.00.65.14430

Sophos
DomainIQ pay-per install
4.98

Total Defense
Win32/Tnega.KCDcKOB
37.0.10841

VIPRE Antivirus
DomaIQ
27768

File size:
387.7 KB (397,016 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tuguu SL

Authority:
COMODO CA Limited

Valid from:
3/19/2013 5:00:00 PM

Valid to:
3/20/2014 4:59:59 PM

Subject:
CN=Tuguu SL, O=Tuguu SL, STREET=Avd Barranco de las Torres N10 Oficina 4A, L=Adeje, S=S/C de Tenerife, PostalCode=38670, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F1F4478174C3E164CE93F4AB63CBA287

File PE Metadata
Compilation timestamp:
3/16/2014 2:16:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:gf5g6C8saYU9QoRJQXlQKWVLGP9b8msHzRObJTu8y+5TkrYPV:gq6hsUQoR6lhOGPMuup+WYV

Entry address:
0x3446

Entry point:
E8, 22, 2A, 00, 00, E9, 7F, FE, FF, FF, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B, C1...
 
[+]

Entropy:
6.2457

Code size:
38 KB (38,912 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.lpcloudbox302.com/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.