home

setup_v2.exe

Tuguu SLU

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup_v2.exe by Tuguu SLU has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Tuguu SLU  (signed and verified)

MD5:
9f16cb4f2d168c2a3b227646554e92e1

SHA-1:
b0e9a94f60408c66b8eeee9577350e934dbc6f84

SHA-256:
99c53fa4065473208332d31850cef6f20b2afe2a5a2d0fd498c1ec3844056f2c

Scanner detections:
12 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 9:33:18 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Installer-AH [PUP]
2014.9-150826

Bitdefender
Adware.DomaIQ.P
1.0.20.1190

herdProtect (fuzzy)
variant of java.exe (Adware)
2015.8.26.21

K7 AntiVirus
Trojan
13.176.11595

Kaspersky
not-a-virus:AdWare.Win32.DomaIQ
14.0.0.1521

Malwarebytes
PUP.Optional.BundleInstaller.A
v2015.08.26.09

McAfee
Adware-DomaIQ!4F31F8D41A9C
5600.6661

MicroWorld eScan
Adware.DomaIQ.P
16.0.0.714

NANO AntiVirus
Riskware.Win32.DomaIQ.crbkiq
0.28.0.58720

nProtect
Adware.DomaIQ.P
14.03.28.01

Quick Heal
Adware.Domal.A5
8.15.12.00

Reason Heuristics
PUP.Tuguu.TuguuU.Bundler (M)
15.7.25.8

File size:
507.4 KB (519,608 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup_v2.exe

Digital Signature
Signed by:
Tuguu SLU

Authority:
VeriSign, Inc.

Valid from:
2/7/2013 6:00:00 PM

Valid to:
2/8/2014 5:59:59 PM

Subject:
CN=Tuguu SLU, OU=N/A, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Tuguu SLU, L=Adeje, S=Santa Cruz de Tenrife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
552127982028C352ADDA5CA8F6C0BAE7

File PE Metadata
Compilation timestamp:
12/13/2013 5:55:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:ZhWGS92iz3lpWgDfZrltgO+LEarjR5vGx:zS9/zDZrltt+Lpr/ux

Entry address:
0xD141

Entry point:
E8, CB, 63, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 08, 43, 42, 00, E8, C5, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 58, A8, 42, 00, 77, 22, 6A, 04, E8, B6, 65, 00, 00, 59, 83, 65, FC, 00, 56, E8, BD, 6D, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, D1, 04, 00, 00, C3, 6A, 04, E8, B1, 64, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, 80, F0, 41, 00, 83, 3D, 1C, A5, 42, 00, 00, 75, 18, E8, 71, 5C, 00...
 
[+]

Entropy:
7.4372

Code size:
119.5 KB (122,368 bytes)

The file setup_v2.exe has been seen being distributed by the following URL.

http://ttb.dllastsoft.com/download/request/.../K5MpfYvU?pub_id=176681&ce_cid=20rn.33FwNu3hCVH1OXwgK1vSgiN000.

Remove setup_v2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.