home

setup.exe

Tuguu SLU

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup.exe by Tuguu SLU has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
Tuguu SLU  (signed and verified)

MD5:
47b275ff85e0af867ba8d65076daf081

SHA-1:
e32fb23d9aa4c66bc6435e64b91f5d3977368875

SHA-256:
536925c0c80f4bf328b47dde51b302d60cb86ee14b122e0d9853ccbbe3887034

Scanner detections:
1 / 68

Status:
Adware

Explanation:
Bundles third-party components such as adware in the installer.

Analysis date:
11/27/2024 12:23:35 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Tuguu (M)
16.9.12.13

File size:
313.1 KB (320,584 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Tuguu SLU

Authority:
DigiCert Inc

Valid from:
1/23/2014 6:00:00 PM

Valid to:
1/28/2015 6:00:00 AM

Subject:
CN=Tuguu SLU, O=Tuguu SLU, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B56998065C0DD285FA55AECC999816A

File PE Metadata
Compilation timestamp:
1/29/2014 1:41:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:Fwbqks+CRoRrxK00jN/wfLERu8XcN0K8XL/2qQdpt8PLcgcW9U004NOFVqDlEQZa:Fweks+CRO0mfLL8vHzstcF93YYe1

Entry address:
0x1576

Entry point:
E8, CC, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, CF, 40, 00, 89, 0D, D4, CF, 40, 00, 89, 15, D0, CF, 40, 00, 89, 1D, CC, CF, 40, 00, 89, 35, C8, CF, 40, 00, 89, 3D, C4, CF, 40, 00, 66, 8C, 15, F0, CF, 40, 00, 66, 8C, 0D, E4, CF, 40, 00, 66, 8C, 1D, C0, CF, 40, 00, 66, 8C, 05, BC, CF, 40, 00, 66, 8C, 25, B8, CF, 40, 00, 66, 8C, 2D, B4, CF, 40, 00, 9C, 8F, 05, E8, CF, 40, 00, 8B, 45, 00, A3, DC, CF, 40, 00, 8B, 45, 04, A3, E0, CF, 40, 00, 8D, 45, 08, A3, EC, CF, 40...
 
[+]

Entropy:
5.8867

Code size:
30.5 KB (31,232 bytes)

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.