home

copylock.exe

TUGUU, SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application copylock.exe by TUGUU, SL has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. According to AVG, this software downloads additional adware offers during setup.
Publisher:
TUGUU, SL  (signed and verified)

MD5:
598ceaab635837c3b1b48618b5d70cb7

SHA-1:
66e5e76810c6187ad91df7fd691f188b193f9c94

SHA-256:
b6a2651fa328d8e9644fa7a179983f665c43fa422f61566c3596ada3c4009a07

Scanner detections:
32 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 9:34:54 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Agent.BEFC
921

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.08.14

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.166.250

avast!
Win32:DomaIQ-BO [PUP]
2014.9-140728

AVG
Trojan horse Downloader.Generic13.CLYK.dropper
2015.0.3399

Bitdefender
Trojan.Agent.BEFC
1.0.20.1045

Bkav FE
HW32.CDB
1.3.0.4959

Comodo Security
Application.Win32.DomaIQ.KAO
19181

Dr.Web
Trojan.SMSSend.4979
9.0.1.0209

Emsisoft Anti-Malware
Trojan.Agent.BEFC
8.14.07.28.10

ESET NOD32
Win32/DomaIQ.BB potentially unwanted application
8.7.0.302.0

F-Prot
W32/A-5c7b02ff
v6.4.7.1.166

F-Secure
Trojan.Agent.BEFC
11.2014-28-07_2

G Data
Trojan.Agent.BEFC
14.7.24

herdProtect (fuzzy)
variant of setup.exe (Adware)
2014.9.9.20

IKARUS anti.virus
PUA.DomaIQ
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.181.12872

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3490

Malwarebytes
PUP.Optional.Dropper.BL
v2014.07.28.10

McAfee
Program.CryptDomaIQ
5600.7055

Microsoft Security Essentials
Threat.Undefined
1.179.2954.0

MicroWorld eScan
Trojan.Agent.BEFC
15.0.0.627

NANO AntiVirus
Trojan.Win32.SMSSend.ddptxx
0.28.2.61519

nProtect
Trojan.Agent.BEFC
14.08.13.01

Panda Antivirus
PUP/MultiToolbar.A
14.09.09.04

Qihoo 360 Security
Malware.QVM17.Gen
1.0.0.1015

Reason Heuristics
PUP.TUGUUSL.I
14.7.28.21

Sophos
DomainIQ pay-per install
4.98

Total Defense
Win32/Tnega.RGMUTLD
37.0.11118

Vba32 AntiVirus
AdWare.Lollipop
3.12.26.3

VIPRE Antivirus
Threat.4150696
32186

Zillya! Antivirus
Adware.Lollipop.Win32.299
2.0.0.1880

File size:
227.6 KB (233,112 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\copylock.exe

Digital Signature
Signed by:
TUGUU, SL

Authority:
VeriSign, Inc.

Valid from:
11/26/2013 7:30:00 PM

Valid to:
11/27/2014 7:29:59 PM

Subject:
CN="TUGUU, SL", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="TUGUU, SL", L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1DE894C9D18A7BB0CFA10F699F31A9A4

File PE Metadata
Compilation timestamp:
7/23/2014 5:05:20 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:O4lwZ40243s0gJvyTZaPYZeHF/tIzi+Tk98i9goc8VRtIY6:Fn0d8PJvyQYZelVIziveo/Rte

Entry address:
0x3B7E

Entry point:
B8, 4C, 95, 48, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 38, 5A, A3, F1, 38, 63, A6, D0, 1B, BA, C0, C2, C2, 59, 48, 58, AE, 91, 37, 95, B9, A8, F0, 47, 54, CB, D0, 37, 5A, 7A, FF, 1C, 9D, 0C, F6, 2B, D9, 86, B8, D2, 2E, B5, 2A, 2A, A6, 33, B6, 0F, 2A, 5E, 4F, 5A, 18, D7, 55, 78, AF, 3D, 30, 0C, 34, 9B, 8F, EF, 7E, 28, AE, B0, F2, BA, AD, 82, A7, 47, E2, E6, A0, C1, 66, DB, 40, B3, 76, 39, 65, E6, 4E, A5, 12, 73, F7, 31, B3...
 
[+]

Packer / compiler:
PECompact v2

Code size:
112.5 KB (115,200 bytes)

Remove copylock.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.