home

setup.exe

Clovermedia SLU

This is the Tuguu DomaIQ download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Clovermedia SLU has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer.
Publisher:
Clovermedia SLU  (signed and verified)

MD5:
cbdec9fbeeaf308cd13ed338c6b0a556

SHA-1:
effe07812e80486cb2b9d64bfa01850acde2389f

SHA-256:
f90e5f728d4d304fea83a6fe0d7c06da0b53c43654c7265b534bb5a3118720ce

Scanner detections:
29 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 11:27:40 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.41510
931

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.19

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.162.212

avast!
PUP-gen [PUP]
140617-1

AVG
Adware DomaIQ_r.I
2014.0.3986

Bitdefender
Gen:Variant.Adware.Symmi.41510
1.0.20.1000

Clam AntiVirus
Win.Adware.Domaiq-55
0.98/19185

Comodo Security
Application.Win32.DomaIQ.PUP
18899

Emsisoft Anti-Malware
Gen:Variant.Adware.Symmi.41510
8.14.07.19.03

ESET NOD32
Win32/DomaIQ.BB potentially unwanted application
7.0.302.0

F-Prot
W32/DomaIQ.E.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Symmi.41510
11.2014-19-07_7

G Data
Gen:Variant.Adware.Symmi.41510
14.7.24

IKARUS anti.virus
AdWare.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.181.12775

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
15.0.0.494

Malwarebytes
PUP.Optional.DomaIQ
v2014.07.19.03

McAfee
CryptDomaIQ
5600.7065

Microsoft Security Essentials
Threat.Undefined
1.179.425.0

MicroWorld eScan
Gen:Variant.Adware.Symmi.41510
15.0.0.600

NANO AntiVirus
Riskware.Win32.DomaIQ.cwclcv
0.28.2.60881

Panda Antivirus
Trj/Genetic.gen
14.07.19.03

Quick Heal
AdWare.MSIL.r3 (Not a Virus)
7.14.14.00

Reason Heuristics
PUP.Installer.ClovermediaSLU.F
14.7.19.2

Rising Antivirus
PE:Trojan.Win32.Generic.16AE4D00!380521728
23.00.65.14717

Sophos
DomainIQ pay-per install
4.98

Total Defense
Win32/DomainIQ.WRCOME
37.0.11067

VIPRE Antivirus
Threat.4150696
31208

File size:
384.5 KB (393,712 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Clovermedia SLU

Authority:
VeriSign, Inc.

Valid from:
2/14/2014 2:00:00 AM

Valid to:
2/15/2015 1:59:59 AM

Subject:
CN=Clovermedia SLU, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Clovermedia SLU, L=Adeje, S=Santa Cruz de tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0524A867F334951775CD16FBB2ED7E9B

File PE Metadata
Compilation timestamp:
4/1/2014 11:43:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:qYhA8/eZDYI2w+8RGQJ5pfyQleyteqo44TL3dVl5Cbr22ouqbYA8cYj:qA/eZr2w+8BJ50Q0BbDNVl5Qrc8r

Entry address:
0x3B36

Entry point:
E8, 37, 2C, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, BC, 6C, 41, 00, FF, 15, 6C, B0, 40, 00, 85, C0, 75, 18, 56, E8, 4B, 0C, 00, 00, 8B, F0, FF, 15, 50, B0, 40, 00, 50, E8, 50, 0C, 00, 00, 59, 89, 06, 5E, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 7F, 0F, B6, 44, 24, 08, 0F, BA, 25, 88, 69, 41, 00, 01, 73, 0D, 8B, 4C, 24, 0C, 57, 8B, 7C, 24, 08, F3, AA, EB, 5D, 8B, 54, 24, 0C, 81, FA, 80, 00, 00, 00, 7C, 0E, 0F, BA...
 
[+]

Entropy:
6.4029

Code size:
39.5 KB (40,448 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.