» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Tuguu S.L

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

setup.exe

Publisher:

Tuguu S.L (signed and verified)

MD5:

27c4697521e55e8e32008eed217e9c26

SHA-1:

a9936f0ebccf0dbf8bdb72c18e850e65127e8155

SHA-256:

3841b31e2f21b6c9bba4ea11a46d4588bdc5d898480d8c3a9579fcb2c3e91c83

Scanner detections:

32 / 68

Status:

Adware

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/23/2024 1:54:26 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.DomaIQ.Q

847

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2014.10.11

Avira AntiVirus

APPL/DomaIQ.Gen

7.11.177.164

avast!

PUP-gen [PUP]

141003-0

AVG

Adware DomaIQ_r.D

2014.0.4037

Bitdefender

Application.Bundler.DomaIQ.Q

1.0.20.1415

Clam AntiVirus

Win.Adware.Domaiq-154

0.98/19500

Comodo Security

Application.Win32.DomaIQ.PUS

19765

Dr.Web

Trojan.MulDrop5.9989

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.DomaIQ.Q

14.10.10

ESET NOD32

Win32/DomaIQ.BA potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/DomaIQ

10/10/2014

F-Prot

W32/A-b70058ff

v6.4.7.1.166

F-Secure

Application.Bundler.DomaIQ

11.2014-10-10_6

G Data

Application.Bundler.DomaIQ

14.10.24

IKARUS anti.virus

PUA.DomaIQ

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13642

Kaspersky

not-a-virus:AdWare.MSIL.DomaIQ

15.0.0.494

Malwarebytes

PUP.Optional.DomaIQ

v2014.10.10.09

McAfee

CryptDomaIQ

5600.6981

Microsoft Security Essentials

Threat.Undefined

1.185.2822.0

MicroWorld eScan

Application.Bundler.DomaIQ.Q

15.0.0.849

NANO AntiVirus

Trojan.Win32.DomaIQ.cwydit

0.28.2.62483

nProtect

Trojan-Clicker/W32.Agent.373224

14.10.10.01

Panda Antivirus

Trj/Genetic.gen

14.10.10.09

Quick Heal

Adware.DomaIQ.BT5

10.14.14.00

Reason Heuristics

PUP.Installer.TuguuSL.F

14.10.10.21

Sophos

DomainIQ pay-per install

4.98

Vba32 AntiVirus

AdWare.MSIL.DomaIQ

3.12.26.3

VIPRE Antivirus

Threat.4783262

33706

Zillya! Antivirus

Adware.DomaIQ.Win32.126

2.0.0.1949

File size:

364.5 KB (373,224 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Tuguu S.L

Authority:

GlobalSign nv-sa

Valid from:

12/3/2013 9:13:51 AM

Valid to:

12/4/2014 9:13:51 AM

Subject:

E=victor.camacho@tuguu.com, CN=Tuguu S.L, O=Tuguu S.L, L=Adeje, S=Tenerife, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121111958C6091E136AAD058195A273968F

File PE Metadata

Compilation timestamp:

2/21/2014 11:03:33 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:ILdfmIQ5cCnUQfrDD6dPvw2ONKp/gSDGEIZdlQmafsQQkwb8mVYd:mfVgcCnPrv6t7YSDGEKlQmafsQQAmk

Entry address:

0x377B

Entry point:

E8, 0B, 56, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, CC, 63, 41, 00, FF, 15, 60, 00, 41, 00, 85, C0, 75, 18, 56, E8, 7F, 42, 00, 00, 8B, F0, FF, 15, 5C, 00, 41, 00, 50, E8, 2F, 42, 00, 00, 59, 89, 06, 5E, 5D, C3, 6A, 0C, 68, A8, 2D, 41, 00, E8, B5, 42, 00, 00, 6A, 0E, E8, CE, 57, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, EC, 57, 41, 00, BA, E8, 57, 41, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A... 
[+]

Entropy:

6.3701

Code size:

57 KB (58,368 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.lpcloudsvr407.com/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.