home

setup.exe

tuguu sl

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by tuguu sl has been detected as adware by 35 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
tuguu sl  (signed and verified)

MD5:
8440b8213d368878891e2b9ca8dc054d

SHA-1:
a67b33edeee457cedf47c38147aeed9a42a36540

SHA-256:
3395cb14b51fdf558477669f1a59e32964f1d33f72285995655dafa99fb7aa7c

Scanner detections:
35 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 4:22:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.DomaIQ.AC
6422828

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2015.02.10

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.209.22

avast!
Win32:PUP-gen [PUP]
2014.9-150209

AVG
Adware Skodna.Bundle_r.T
2014.0.4253

Bitdefender
Dropped:Adware.DomaIQ.AC
1.0.20.200

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Domaiq-46
0.98/20049

Comodo Security
Application.Win32.DomaIQ.STX
21015

Dr.Web
Trojan.PayInt.31
9.0.1.05190

Emsisoft Anti-Malware
Dropped:Adware.DomaIQ.AC
9.0.0.4799

ESET NOD32
Win32/DomaIQ.AY.gen potentially unwanted application
7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.2671323
2/9/2015

F-Prot
W32/A-f735a5e0
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
5.13.68

G Data
Dropped:Adware.DomaIQ.AC
15.2.25

IKARUS anti.virus
Virus.Win32.Dropper
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.194.14904

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.543

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.02.09.12

McAfee
Program.CryptDomaIQ
16.8.708.2

MicroWorld eScan
Dropped:Adware.DomaIQ.AC
16.0.0.120

NANO AntiVirus
Riskware.Win32.DomaIQ.cspmgz
0.30.0.65070

Norman
Dropped:Adware.DomaIQ.AC
03.12.2014 13:20:04

nProtect
Trojan-Clicker/W32.Agent.464840
15.02.09.01

Panda Antivirus
PUP/MultiToolbar.A
15.02.09.12

Quick Heal
Adware.Domal.A5
2.15.14.00

Reason Heuristics
PUP.Installer.Tuguu
15.2.9.11

Rising Antivirus
PE:Trojan.Win32.Generic.167FA077!377462903
23.00.65.15207

Sophos
PUA 'DomainIQ pay-per install'
5.09

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4783235
36694

Zillya! Antivirus
Adware.DomaIQ.Win32.79
2.0.0.2059

File size:
453.9 KB (464,840 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
tuguu sl

Authority:
GoDaddy.com, Inc.

Valid from:
6/13/2013 7:06:55 AM

Valid to:
6/13/2014 7:06:55 AM

Subject:
CN=tuguu sl, O=tuguu sl, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B632A0CF95E4D

File PE Metadata
Compilation timestamp:
1/20/2014 3:14:36 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:svaqS4IR/kviXzd4N6qJFldlibYOlU/glqmOgDVL5ul94BhunZQpLzms7VFPXYp:D/kviXzdyGYr/eDVL5ul2unZatG

Entry address:
0xC4D7

Entry point:
E8, 10, 56, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 60, 21, 42, 00, E8, 6F, 09, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 60, 88, 42, 00, 77, 22, 6A, 04, E8, FB, 57, 00, 00, 59, 83, 65, FC, 00, 56, E8, 02, 60, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 7B, 09, 00, 00, C3, 6A, 04, E8, F6, 56, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 70, D0, 41, 00, 83, 3D, 14, 84, 42, 00, 00, 75, 18, E8, 18, 49, 00...
 
[+]

Entropy:
7.3706

Code size:
110.5 KB (113,152 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://ttb.lpcloudsvr401.com/download/request/.../VoPULcim?__tc=1390254336.371&utm_source=Advertisedotcom&utm_term=google&tgu_src_lp_domain=www.filesbunker.com&utm_medium=CPC&utm_campaign=VoPULcim&utm_content=63641-countrycode_21

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.