setup.exe

TUGUU SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by TUGUU SL has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from www.lpcloudbox305.com.
Publisher:
TUGUU SL  (signed and verified)

MD5:
e3a6ae29339a49c8b0fe4cbe169a8d65

SHA-1:
5b7a139893d7bb5da0edece2d4894a17d75fd9bc

SHA-256:
3838a8c25696a1bc41e12c47b6b1e56a56f54d9cf5b0fbe819aa110d04850813

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 5:28:18 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.138.220

avast!
Win32:DomaIQ-T [PUP]
2014.9-140326

AVG
DomaIQ
2015.0.3524

Dr.Web
Trojan.DownLoader9.51748
9.0.1.085

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9594

IKARUS anti.virus
AdWare.DomaIQ
t3scan.2.2.29

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
14.0.0.4115

Malwarebytes
PUP.Optional.DomalQ
v2014.03.26.01

Panda Antivirus
PUP/MultiToolbar.A
14.03.26.01

Reason Heuristics
PUP.Installer.TUGUUSL.F
14.8.7.18

Sophos
DomainIQ pay-per install
4.98

VIPRE Antivirus
DomaIQ
27744

File size:
505.5 KB (517,624 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
5/3/2013 10:24:02 AM

Valid to:
5/3/2014 10:24:02 AM

Subject:
CN=TUGUU SL, O=TUGUU SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2776B257979F9A

File PE Metadata
Compilation timestamp:
3/22/2014 4:13:37 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:J6QTlw7u7eAefuwA8dzQD1NYYueR10lFJ:J66OS7lwAf/zi

Entry address:
0x26C1

Entry point:
E8, 06, 33, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B...
 
[+]

Entropy:
6.4786

Code size:
40.5 KB (41,472 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security