setup.exe

Tuguu S.L

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Tuguu S.L  (signed and verified)

MD5:
ff27ea6f0f79bc834649e5d9e2d1656e

SHA-1:
141cd2543acb208eb954f51fa82b9b527a3ba659

SHA-256:
0fb45f2d4e463748e20e72973906aed3bc086b8807c024058a71a4e5fb74f6cd

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 5:45:05 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.Agent.A
994

Agnitum Outpost
PUA.Lollipop
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.150.22

avast!
DomaIQ-CJ [PUP]
140516-1

AVG
Adware DomaIQ.DO
2014.0.3950

Bitdefender
Application.Bundler.Agent.A
1.0.20.685

Emsisoft Anti-Malware
Adware.Navipromo.CIP
8.14.05.17.10

ESET NOD32
Win32/DomaIQ.BD (variant)
8.9811

F-Secure
Application.Bundler.Agent
11.2014-17-05_7

G Data
Application.Bundler.Agent
14.5.24

IKARUS anti.virus
PUA.Tugus
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12109

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
14.0.0.3854

Malwarebytes
PUP.Optional.Domalq
v2014.05.17.04

McAfee
PUP-FAO!FF27EA6F0F79
5600.7128

MicroWorld eScan
Application.Bundler.Agent.A
15.0.0.411

Panda Antivirus
Trj/Genetic.gen
14.05.17.04

Reason Heuristics
PUP.Installer.TuguuSL.K
14.5.17.3

Sophos
Generic PUA FJ
4.98

VIPRE Antivirus
Trojan.Win32.Generic
29294

File size:
838.5 KB (858,616 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
12/3/2013 4:13:51 PM

Valid to:
12/4/2014 4:13:51 PM

Subject:
E=victor.camacho@tuguu.com, CN=Tuguu S.L, O=Tuguu S.L, L=Adeje, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121111958C6091E136AAD058195A273968F

File PE Metadata
Compilation timestamp:
5/12/2014 6:12:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:eCXvkXVg8IBjLvl8NLrcgIHMlNCQQUivUqzxmmPCiR/n6YdkxVu:XvQERvWxrctHMlNCQQUi8ohVn6Y+x0

Entry address:
0x2F85

Entry point:
E8, 4E, 2D, 00, 00, E9, 39, FE, FF, FF, E9, DE, 18, 00, 00, FF, 35, 58, A5, 42, 00, FF, 15, 80, B0, 41, 00, C3, FF, 35, 58, A5, 42, 00, FF, 15, 80, B0, 41, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, AB, 24, 00, 00, 6A, 01, 6A, 00, E8, 12, 36, 00, 00, 83, C4, 0C, E9, 29, 36, 00, 00, 55, 8B, EC, 56, FF, 35, 58, A5, 42, 00, FF, 15, 80, B0, 41, 00, FF, 75, 08, 8B, F0, FF, 15, 7C, B0, 41, 00, A3, 58, A5, 42, 00, 8B, C6, 5E, 5D, C3, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 35, 39, 00, 00, 59, 85, C0, 74, 0F...
 
[+]

Code size:
103.5 KB (105,984 bytes)

Remove setup.exe - Powered by Reason Core Security