home

setup.exe

Tuguu S.L

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from www.lpcloudbox414.com.
Publisher:
Tuguu S.L  (signed and verified)

MD5:
bbf040183ef2341617090092b226feba

SHA-1:
b566284f68b3a8bd0ecf305d73704bd2c994fd81

SHA-256:
e04c3c989c3f37d4b8b8147fbc720d0cd80b17255401040be28f39983fc450d1

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 2:53:58 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.beor
7.11.152.70

avast!
Win32:DomaIQ-BP [PUP]
140531-1

AVG
Adware DomaIQ.EJ
2014.0.3955

ESET NOD32
Win32/DomaIQ.BB potentially unwanted application
7.0.302.0

IKARUS anti.virus
PUA.Tugus
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.178.12257

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.463

Malwarebytes
PUP.Optional.DomaIQ
v2014.06.01.12

McAfee
Adware-DomaIQ!BBF040183EF2
5600.7113

Reason Heuristics
PUP.Installer.TuguuSL.F
14.5.31.22

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
Threat.4150696
29800

File size:
271 KB (277,504 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tuguu S.L

Authority:
GlobalSign nv-sa

Valid from:
12/3/2013 10:13:51 AM

Valid to:
12/4/2014 10:13:51 AM

Subject:
E=victor.camacho@tuguu.com, CN=Tuguu S.L, O=Tuguu S.L, L=Adeje, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121111958C6091E136AAD058195A273968F

File PE Metadata
Compilation timestamp:
5/28/2014 5:26:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:goHuXfi3s2s2ovMokgaECP60l4SGGvGGvGGvGGpZGQuYY:gMuXf4YMFECy0l4SGGvGGvGGvGGpBC

Entry address:
0x3FD6

Entry point:
B8, 8C, 1E, 49, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 61, 73, 64, 66, 76, 65, 73, 76, 76, 77, 00, C7, 47, 9A, 81, C7, DF, C6, 8D, E5, 4D, 0C, 69, 7A, AF, 51, DA, C5, A1, 0B, A7, 00, EF, 4C, 8D, 2E, AC, 4E, 8E, 17, E6, 98, C3, BD, BE, CE, 16, E3, 2A, 81, 1B, 3B, 5D, C4, 73, 35, 65, 4A, 9C, 98, 2D, F8, E6, D6, 93, 97, 78, E7, 5C, 4E, AB, 00, 1E, C8, 86, E8, FB, C8, E1, BD, BC, 6D, B1, CC, D5, 81, DF, 97, D3, 12, 7F, B9, 2D, BE, 38, 40, 64, 09, 1B, 67, 02, F4, 52, 9C...
 
[+]

Entropy:
7.6307

Code size:
38.5 KB (39,424 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.lpcloudbox414.com/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.