new_player.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application new_player.exe by Tuguu S.L has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. It is also typically executed from the user's temporary directory.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
0bdbcd3cb2a1d83ae54c1998caae93ce

SHA-1:
863049465a97340061e967ead9beaa27a0ec0c76

SHA-256:
f6d1c146e0ed805a832a98dcc9df448648188fc69b5d18ea52cd784db49a147a

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/8/2024 8:13:52 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.OER
842

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
Adware-BQR [Adw]
141003-0

Baidu Antivirus
Adware.Win32.DomaIQ
4.0.3.141016

ESET NOD32
MSIL/NewPlayer.A potentially unwanted application
7.0.302.0

F-Secure
Adware.Agent.OER
11.2014-16-10_5

K7 AntiVirus
Trojan
13.183.13550

Malwarebytes
PUP.Optional.NewPlayer
v2014.10.16.12

McAfee
Artemis!0BDBCD3CB2A1
5600.6976

MicroWorld eScan
Adware.Agent.OER
15.0.0.867

NANO AntiVirus
Trojan.Win32.NewPlayer.deinbq
0.28.2.62440

Panda Antivirus
PUP/MultiToolbar.A
14.10.16.12

Qihoo 360 Security
Win32/RootKit.Rootkit.7e5
1.0.0.1015

Reason Heuristics
PUP.TuguuSL.K
14.8.7.18

Sophos
Generic PUA HM
4.98

Trend Micro House Call
TROJ_GE.057CA440
7.2.289

VIPRE Antivirus
Threat.4783235
33706

File size:
9.4 MB (9,856,848 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\software\new_player.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
1/14/2014 1:00:00 AM

Valid to:
1/22/2015 1:00:00 PM

Subject:
CN=Tuguu S.L., O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
099FA0FF5AB358109F600F1A845EEE88

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
196608:EHYYCGGcwC5aOGpAkiEg5gXsRn5cfd2qma7nBO5MqOMFQ958SwxsQTFyTIhf:E49bCsOGkEg5gmafseBoMW4OSEvTX9

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.9995

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove new_player.exe - Powered by Reason Core Security