» setup.exe
Overview
Analysis
File Details

setup.exe

Tuguu SLU

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu SLU has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

setup.exe

Publisher:

Tuguu SLU (signed and verified)

MD5:

6b149beb3963e9aa9f2ce3554b849867

SHA-1:

a056c17a721f45a0cff25c92006d0a67855ab4e0

SHA-256:

2554d7041ce2a7136cb8bccaf3fac74485d07ab58ec6d9d4ee3eccd4905fee2a

Scanner detections:

34 / 68

Status:

Adware

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/16/2024 4:19:31 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.DomaIQ.P

6119830

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2014.12.12

Avira AntiVirus

APPL/DomaIQ.Gen

7.11.194.194

avast!

DomaIQ-CC [PUP]

141130-1

AVG

Adware DomaIQ_r.G

2014.0.4189

Bitdefender

Application.Bundler.DomaIQ.P

1.0.20.1730

Clam AntiVirus

Win.Adware.Domaiq-116

0.98/19768

Comodo Security

Application.Win32.DomaIQ.PUR

20343

Dr.Web

Adware.Downware.2259

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.DomaIQ.P

9.0.0.4668

ESET NOD32

Win32/DomaIQ.BB potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/DomaIQ

12/12/2014

F-Prot

W32/DomaIQ.E.gen

v6.4.7.1.166

F-Secure

Spyware: Adware:W32/DomaIQ

5.13.68

G Data

Application.Bundler.DomaIQ

14.12.24

IKARUS anti.virus

PUA.DomaIQ

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.186.14309

Kaspersky

not-a-virus:AdWare.MSIL.DomaIQ

15.0.0.543

Malwarebytes

PUP.Optional.DomaIQ

v2014.12.12.06

McAfee

Program.CryptDomaIQ

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.189.1870.0

MicroWorld eScan

Application.Bundler.DomaIQ.P

15.0.0.1038

NANO AntiVirus

Riskware.Win32.Downware.cvxwqc

0.28.6.63850

Norman

Application.Bundler.DomaIQ.P

04.12.2014 14:30:06

Panda Antivirus

PUP/MultiToolbar.A

14.12.12.06

Quick Heal

Adware.DomaIQ.BT5

12.14.14.00

Reason Heuristics

PUP.Installer.TuguuSLU.F

14.12.12.5

Sophos

PUA 'DomainIQ pay-per install'

5.08

SUPERAntiSpyware

Adware.DomaIQ/Variant

10182

Total Defense

Win32/Tnega.KCDcKOB

37.0.11326

Vba32 AntiVirus

AdWare.MSIL.DomaIQ

3.12.26.3

VIPRE Antivirus

Threat.4150696

35418

Zillya! Antivirus

Adware.DomaIQ.Win32.180

2.0.0.2004

File size:

385.8 KB (395,040 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Tuguu SLU

Authority:

Thawte, Inc.

Valid from:

3/10/2014 12:00:00 AM

Valid to:

2/21/2015 11:59:59 PM

Subject:

CN=Tuguu SLU, O=Tuguu SLU, L=Adeje, S=S/C de Tenerife, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

2257BB279AC4720BA5C67E0D2C578931

File PE Metadata

Compilation timestamp:

3/13/2014 5:43:34 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:Wf5g6CMtt7f6QRsOjL1hGn9TOYObx3d5TkhYdoj:Wq6Bt4QRsu1Yn9TvydWWoj

Entry address:

0x3446

Entry point:

E8, 22, 2A, 00, 00, E9, 7F, FE, FF, FF, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B, C1... 
[+]

Entropy:

6.2421

Code size:

38 KB (38,912 bytes)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.