setup.exe

Clovermedia SLU

This is part of the Tuguu DomaIQ , a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Clovermedia SLU has been detected as adware by 20 anti-malware scanners. The file has been seen being downloaded from dlp.allfiles129.com.
Publisher:
Clovermedia SLU  (signed and verified)

MD5:
0df699f246398a06a7199c2a225c5ebf

SHA-1:
263469de712746305b7a4cda2d1ed0c98f4d10e1

SHA-256:
707be398307e3031517cf8be939468eb6cd9a856b1134bdf898f0b795cded951

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
11/14/2024 9:16:30 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.139070
1021

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.143.44

avast!
Win32:DomaIQ-T [PUP]
2014.9-140420

AVG
DomaIQ
2015.0.3506

Bitdefender
Gen:Variant.Adware.Graftor.139070
1.0.20.550

Comodo Security
Application.Win32.DomaIQ.PUP
18095

Dr.Web
Adware.Downware.2630
9.0.1.0103

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.139070
8.14.04.20.11

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9671

F-Secure
Gen:Variant.Adware.Graftor.139070
11.2014-20-04_1

G Data
Gen:Variant.Adware.Graftor.139070
14.4.24

K7 AntiVirus
Unwanted-Program
13.176.11806

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.4023

Malwarebytes
PUP.Optional.DomaIQ
v2014.04.13.10

MicroWorld eScan
Gen:Variant.Adware.Graftor.139070
15.0.0.330

Panda Antivirus
Trj/Genetic.gen
14.04.13.10

Reason Heuristics
PUP.Installer.ClovermediaSLU.F
14.4.13.9

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
28406

File size:
620.4 KB (635,248 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/13/2014 7:00:00 PM

Valid to:
2/14/2015 6:59:59 PM

Subject:
CN=Clovermedia SLU, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Clovermedia SLU, L=Adeje, S=Santa Cruz de tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0524A867F334951775CD16FBB2ED7E9B

File PE Metadata
Compilation timestamp:
4/11/2014 7:55:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:m7L7anD8b/2lQbZtUaQ9e0CjGO5951fWjjkcwZEV1lJwaYsE:ASnD8rAe0CjGA9fWXkclV1lJdE

Entry address:
0x2E4D

Entry point:
E8, FC, 1E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 82, 04, 00, 00, 3B, 0D, AC, 31, 42, 00, 75, 02, F3, C3, E9, 73, 1F, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 14, 56, 57, 33, FF, 3B, C7, 74, 47, 39, 7D, 08, 75, 1B, E8, C3, 25, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 31, 25, 00, 00, 83, C4, 14, 8B, C6, EB, 29, 39, 7D, 10, 74, E0, 39, 45, 0C, 73, 0E, E8, 9E, 25, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, D7, 50, FF, 75, 10, FF, 75, 08, E8, 2B, 20, 00, 00, 83, C4, 0C, 33, C0, 5F, 5E, 5D...
 
[+]

Entropy:
5.9316

Code size:
111 KB (113,664 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security