dropbox.exe

tuguu sl

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application dropbox.exe by tuguu sl has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The installer is marketed through download protals and search ads as Dropbox but will also install additional software offers which include adware, PUPs and browser toolbars.
Publisher:
tuguu sl  (signed and verified)

MD5:
a83c401f5c4da0e14b14766ad988a1bc

SHA-1:
a1275ffa5c681dafe5252c1d18abf23707c6f223

SHA-256:
d57fa51cfe517c174ce2e555d619b689653d9edb1c72eda16b9067a53145563c

Scanner detections:
17 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/27/2024 10:03:02 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.131.104

avast!
Win32:Installer-U [PUP]
2014.9-140213

AVG
Skodna.Bundle_r.Y
2015.0.3564

Comodo Security
Application.Win32.DomaIQ.URT
17780

Dr.Web
Trojan.DownLoader9.21779
9.0.1.044

ESET NOD32
Win32/DomaIQ.AZ (variant)
8.9420

G Data
Win32.Application.DomalQ
14.2.24

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4316

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.02.13.07

McAfee
Adware-DomaIQ!F6CB534A58DC
5600.7220

NANO AntiVirus
Trojan.Win32.DomaIQ.ctadmg
0.28.0.57630

Panda Antivirus
PUP/MultiToolbar.A
14.02.13.07

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.tuguusl.H
14.8.7.18

Sophos
Generic PUA HJ
4.97

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.24.3

VIPRE Antivirus
DomaIQ
26438

File size:
312.9 KB (320,416 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/13/2013 10:06:55 AM

Valid to:
6/13/2014 10:06:55 AM

Subject:
CN=tuguu sl, O=tuguu sl, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B632A0CF95E4D

File PE Metadata
Compilation timestamp:
2/7/2014 12:47:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:HV24jwRTGLyog2fsAu6i6xgB1A/W1Z0fu96euqYvC:HV2mwRTyyog2fsz6xgBumEC

Entry address:
0x1573

Entry point:
E8, BF, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, CF, 40, 00, 89, 0D, D4, CF, 40, 00, 89, 15, D0, CF, 40, 00, 89, 1D, CC, CF, 40, 00, 89, 35, C8, CF, 40, 00, 89, 3D, C4, CF, 40, 00, 66, 8C, 15, F0, CF, 40, 00, 66, 8C, 0D, E4, CF, 40, 00, 66, 8C, 1D, C0, CF, 40, 00, 66, 8C, 05, BC, CF, 40, 00, 66, 8C, 25, B8, CF, 40, 00, 66, 8C, 2D, B4, CF, 40, 00, 9C, 8F, 05, E8, CF, 40, 00, 8B, 45, 00, A3, DC, CF, 40, 00, 8B, 45, 04, A3, E0, CF, 40, 00, 8D, 45, 08, A3, EC, CF, 40...
 
[+]

Entropy:
5.8886

Code size:
30.5 KB (31,232 bytes)

The file dropbox.exe has been seen being distributed by the following URL.

Remove dropbox.exe - Powered by Reason Core Security