setup.exe

Tuguu S.L

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu S.L has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. The file has been seen being downloaded from dlp.procloudsvr34.com.
Publisher:
Tuguu S.L  (signed and verified)

MD5:
1af668547501d34e9ecdb92d36307b62

SHA-1:
863de17d750e08c638d3004065bbf913fc16cd4c

SHA-256:
ae5ad759e03ba073fddb1a316cc6d18c0efba3fe96730f9e133d668151446cf5

Scanner detections:
20 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/25/2024 12:40:11 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Navipromo.CIP
994

Agnitum Outpost
PUA.Lollipop
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.149.178

avast!
Win32:Adware-BQE [PUP]
2014.9-140517

AVG
DomaIQ
2015.0.3474

Bitdefender
Adware.Navipromo.CIP
1.0.20.685

Emsisoft Anti-Malware
Adware.Navipromo.CIP
8.14.05.17.10

ESET NOD32
Win32/DomaIQ.BD (variant)
8.9801

F-Secure
Adware.Navipromo.CIP
11.2014-17-05_7

G Data
Adware.Navipromo.CIP
14.5.24

IKARUS anti.virus
PUA.Tugus
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.177.12080

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
14.0.0.3863

Malwarebytes
PUP.Optional.Domalq
v2014.05.15.07

McAfee
PUP-FJP!1F2E3FF39A4F
5600.7130

MicroWorld eScan
Adware.Navipromo.CIP
15.0.0.411

Panda Antivirus
Trj/Genetic.gen
14.05.15.07

Reason Heuristics
PUP.Installer.TuguuSL.F
14.5.15.7

Sophos
Generic PUA FJ
4.98

VIPRE Antivirus
Trojan.Win32.Generic
29226

File size:
838.4 KB (858,544 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
12/3/2013 4:13:51 PM

Valid to:
12/4/2014 4:13:51 PM

Subject:
E=victor.camacho@tuguu.com, CN=Tuguu S.L, O=Tuguu S.L, L=Adeje, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121111958C6091E136AAD058195A273968F

File PE Metadata
Compilation timestamp:
5/12/2014 6:12:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
12288:GCXvkXVg8IBjLvl8NLrcgIHMlNCQQUivUqzxmmPCiR/n6YdkxtS:fvQERvWxrctHMlNCQQUi8ohVn6Y+xU

Entry address:
0x2F85

Entry point:
E8, 4E, 2D, 00, 00, E9, 39, FE, FF, FF, E9, DE, 18, 00, 00, FF, 35, 58, A5, 42, 00, FF, 15, 80, B0, 41, 00, C3, FF, 35, 58, A5, 42, 00, FF, 15, 80, B0, 41, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, AB, 24, 00, 00, 6A, 01, 6A, 00, E8, 12, 36, 00, 00, 83, C4, 0C, E9, 29, 36, 00, 00, 55, 8B, EC, 56, FF, 35, 58, A5, 42, 00, FF, 15, 80, B0, 41, 00, FF, 75, 08, 8B, F0, FF, 15, 7C, B0, 41, 00, A3, 58, A5, 42, 00, 8B, C6, 5E, 5D, C3, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, 35, 39, 00, 00, 59, 85, C0, 74, 0F...
 
[+]

Code size:
103.5 KB (105,984 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security