» setup.exe
Overview
Analysis
File Details
Downloads (1)

setup.exe

Tuguu S.L

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from www.lpcloudbox402.com.

File name:

setup.exe

Publisher:

Tuguu S.L (signed and verified)

MD5:

2e42601e068cdc956536e526b13b0422

SHA-1:

b89f7328900d937dca8afddffd25f6b482cddf0e

SHA-256:

410f4059cf2ad6b41880babaa80dee861b55adc6572432b8082eef1874902f5b

Scanner detections:

16 / 68

Status:

Adware

Explanation:

Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 11:14:43 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Agnitum Outpost

PUA.DomaIQ

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

14.04.25

Avira AntiVirus

APPL/DomaIQ.Gen

7.11.140.16

AVG

DomaIQ_r.G

2015.0.3494

Dr.Web

Adware.Downware.2259

9.0.1.0115

ESET NOD32

Win32/DomaIQ.BB (variant)

8.9610

herdProtect (fuzzy)

variant of player.exe (Adware)

2014.4.25.3

IKARUS anti.virus

AdWare.DomaIQ

t3scan.2.2.29

Kaspersky

not-a-virus:AdWare.MSIL.DomaIQ

14.0.0.3964

Malwarebytes

PUP.Optional.DomaIQ

v2014.04.25.03

McAfee

RDN/Generic PUP.x!bv3

5600.7150

Panda Antivirus

PUP/MultiToolbar.A

14.04.25.03

Reason Heuristics

PUP.Installer.TuguuSL.F

14.3.31.14

Sophos

DomainIQ pay-per install

4.98

Total Defense

Win32/Tnega.KCDcKOB

37.0.10846

VIPRE Antivirus

Trojan.Win32.Generic

27822

File size:

388 KB (397,288 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

TUGUU DomaIQ Setup

Common path:

C:\users\{user}\downloads\setup.exe

Digital Signature

Signed by:

Tuguu S.L

Authority:

GlobalSign nv-sa

Valid from:

12/3/2013 7:13:51 AM

Valid to:

12/4/2014 7:13:51 AM

Subject:

E=victor.camacho@tuguu.com, CN=Tuguu S.L, O=Tuguu S.L, L=Adeje, S=Tenerife, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121111958C6091E136AAD058195A273968F

File PE Metadata

Compilation timestamp:

3/13/2014 10:43:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

6144:Of5g6CMtt7f6QRsOjL1hGn9TOYObx3d5TkoY9:Oq6Bt4QRsu1Yn9TvydWp

Entry address:

0x3446

Entry point:

E8, 22, 2A, 00, 00, E9, 7F, FE, FF, FF, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B, C1... 
[+]

Entropy:

6.2532

Code size:

38 KB (38,912 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.lpcloudbox402.com/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.