setup.exe

Clovermedia SLU

This is part of the Tuguu DomaIQ , a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Clovermedia SLU has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from ttb.famdls.com.
Publisher:
Clovermedia SLU  (signed and verified)

MD5:
f392b9c89930803d44b3ae3cb6f28a24

SHA-1:
99ee032a29863ad08082cd55f40e8a9b773a7474

SHA-256:
3adb4183fee3a9236c14b04a34e8e3ccad402b7d4f87582bda4e1db5675d2ded

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/26/2024 10:55:23 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Tuguu (M)
16.9.25.20

File size:
597 KB (611,304 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/14/2014 7:00:00 AM

Valid to:
2/15/2015 6:59:59 AM

Subject:
CN=Clovermedia SLU, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Clovermedia SLU, L=Adeje, S=Santa Cruz de tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0524A867F334951775CD16FBB2ED7E9B

File PE Metadata
Compilation timestamp:
4/7/2014 3:33:59 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:OqxoLQLROU9VU+Fm5Vl/byM8aQg0UrOjmpit1wKX0eCuZjJSFOqoY4c:NxoOROUaV0Uqjm4lXpJZjJiOq8c

Entry address:
0x2C42

Entry point:
E8, 1E, 2E, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, 48, 02, 42, 00, E8, 04, 01, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, D8, 6F, 42, 00, 03, 75, 43, 6A, 04, E8, 20, 30, 00, 00, 59, 83, 65, FC, 00, 56, E8, 43, 31, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 64, 31, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, F4, 2E, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 4C, 6A, 42, 00, FF, 15, 64, D0, 41, 00, 85, C0, 75, 16, E8, DB, 0A, 00...
 
[+]

Entropy:
5.9355

Code size:
109.5 KB (112,128 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://ttb.famdls.com/download/request/.../RGGW7mMS?ClickID=

Remove setup.exe - Powered by Reason Core Security