Player_Setup.exe

Tuguu S.L

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application Player_Setup.exe by Tuguu S.L has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Tuguu S.L  (signed and verified)

MD5:
b9b505686f25db204549bc1a39580cbe

SHA-1:
3ec4baf0e7af846a478e05d6f1d288360559e6c2

SHA-256:
3dbd01027a71a46c43b6fd0f63920b2489fdde7be7a61f2d4f0c46cf27a6a015

Scanner detections:
11 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 5:28:56 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.142.170

AVG
DomaIQ_r.H
2015.0.3508

Comodo Security
Application.Win32.DomaIQ.PUP
18084

ESET NOD32
MSIL/DomaIQ (variant)
8.9663

K7 AntiVirus
Unwanted-Program
13.176.11721

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4035

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.04.10.11

Panda Antivirus
Trj/Genetic.gen
14.04.10.11

Reason Heuristics
PUP.Installer.TuguuSL.M
14.4.10.21

Sophos
Generic PUA IP
4.98

VIPRE Antivirus
DomaIQ
28194

File size:
430.8 KB (441,104 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\player_setup.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
12/3/2013 10:13:51 AM

Valid to:
12/4/2014 10:13:51 AM

Subject:
E=victor.camacho@tuguu.com, CN=Tuguu S.L, O=Tuguu S.L, L=Adeje, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121111958C6091E136AAD058195A273968F

File PE Metadata
Compilation timestamp:
4/9/2014 12:31:45 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:YLkL+jocfjGNouUGCDPJolfCf/EO0ksQyXYf4+UYPskubZmYaQzY86:YwL+ccfjTuUGCDholyb0YHUnd6

Entry address:
0x2315

Entry point:
E8, 53, 24, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, DD, 09, 00, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, 3B, 25, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, C7, 01, E8, C9, 41, 00, E8, B7, 24, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, B8, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, FF, 75, 08, 51, E8, 1E, 26, 00, 00, 59, 59, 5D, C2, 04, 00, 8B, FF, 51, E8, 78, 24, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08...
 
[+]

Entropy:
6.6551

Code size:
108 KB (110,592 bytes)

The file Player_Setup.exe has been seen being distributed by the following URL.

Remove Player_Setup.exe - Powered by Reason Core Security