lastpass.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application lastpass.exe by Tuguu S.L has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
c8530c0959d3a117b5109bb860ab5f1b

SHA-1:
6c0691eb2220c46c2b3f74af65bf4af77d207719

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 12:56:59 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Symmi.41510
1003

Agnitum Outpost
PUA.Lollipop
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.148.28

AVG
DomaIQ_r.K
2015.0.3481

Bitdefender
Gen:Variant.Adware.Kazy.374465
1.0.20.635

Dr.Web
Trojan.DownLoader11.5325
9.0.1.0127

Emsisoft Anti-Malware
Gen:Variant.Adware.Kazy.374465
8.14.05.07.01

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9769

F-Secure
Gen:Variant.Adware.Kazy.374465
11.2014-07-05_4

G Data
Gen:Variant.Adware.Kazy.374465
14.5.24

IKARUS anti.virus
AdWare.SuspectCRC
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12013

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3902

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.05.07.01

McAfee
PUP-FJP!62C17A287E12
5600.7137

MicroWorld eScan
Gen:Variant.Adware.Kazy.374465
15.0.0.381

Panda Antivirus
PUP/MultiToolbar.A
14.05.07.01

Reason Heuristics
PUP.TuguuSL.I
14.8.7.18

Rising Antivirus
PE:Malware.Lollipop!6.1932
23.00.65.14505

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
28958

File size:
488.1 KB (499,816 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\documents and settings\bengt jönsson\mina dokument\downloads\lastpass.exe

Digital Signature
Signed by:

Authority:
Starfield Technologies, Inc.

Valid from:
12/9/2013 3:56:54 PM

Valid to:
12/9/2014 3:56:54 PM

Subject:
CN=Tuguu S.L., O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=10688435, CN=Starfield Secure Certification Authority, OU=http://certificates.starfieldtech.com/repository, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B49CE87BAE8BE

File PE Metadata
Compilation timestamp:
5/1/2014 10:36:53 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:ReJpjUTGEsiklJWS4gOqN7YoNKJLf2vTMX4wC93n:apK0RmxfyTMXbCl

Entry address:
0x447B

Entry point:
E8, 7D, 2D, 00, 00, E9, 39, FE, FF, FF, E9, A0, 18, 00, 00, FF, 35, 68, F6, 42, 00, FF, 15, 80, D0, 41, 00, C3, FF, 35, 68, F6, 42, 00, FF, 15, 80, D0, 41, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, DA, 24, 00, 00, 6A, 01, 6A, 00, E8, 4C, 36, 00, 00, 83, C4, 0C, E9, 63, 36, 00, 00, 55, 8B, EC, 56, FF, 35, 68, F6, 42, 00, FF, 15, 80, D0, 41, 00, FF, 75, 08, 8B, F0, FF, 15, 7C, D0, 41, 00, A3, 68, F6, 42, 00, 8B, C6, 5E, 5D, C3, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 6F, 39, 00, 00, 59, 85, C0, 74, 0F...
 
[+]

Code size:
112 KB (114,688 bytes)

The file lastpass.exe has been seen being distributed by the following URL.

Remove lastpass.exe - Powered by Reason Core Security