setup.exe

Clovermedia SLU

This is part of the Tuguu DomaIQ , a download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Clovermedia SLU has been detected as adware by 22 anti-malware scanners. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.winrar.com.
Publisher:
Clovermedia SLU  (signed and verified)

MD5:
2883362b25e9b14fda59a212d18e68b2

SHA-1:
e438b232e057eba1a5e5e9bdec1ca2cb3cf5b3b1

SHA-256:
a2323719dddc46da6a31087884249e849159bee9d7774f7a9b7cc497a4f73638

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Analysis date:
12/25/2024 12:30:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DomaIQ.3
1002

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.148.114

AVG
DomaIQ_r.I
2015.0.3480

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.3
1.0.20.640

Comodo Security
Application.Win32.DomaIQ.PUP
18239

Dr.Web
Trojan.Packed.26405
9.0.1.0128

ESET NOD32
Win32/DomaIQ.BB (variant)
8.9775

F-Secure
Adware:W32/DomaIQ
11.2014-08-05_5

G Data
Gen:Variant.Application.Bundler.DomaIQ
14.5.24

IKARUS anti.virus
AdWare.SuspectCRC
t3scan.1.6.1.0

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.3896

Malwarebytes
PUP.Optional.DomalQ
v2014.05.08.08

McAfee
RDN/Generic PUP.x!c2r
5600.7136

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.3
15.0.0.384

NANO AntiVirus
Riskware.Win32.DomaIQ.cwclqr
0.28.0.59608

Panda Antivirus
Trj/Genetic.gen
14.05.08.08

Reason Heuristics
PUP.Installer.ClovermediaSLU.F
14.5.8.18

Sophos
DomainIQ pay-per install
4.98

Total Defense
Win32/DomainIQ.fMBIOBB
37.0.10925

VIPRE Antivirus
Trojan.Win32.Generic
29002

Zillya! Antivirus
Adware.DomaIQ.Win32.201
2.0.0.1782

File size:
616.5 KB (631,328 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
2/13/2014 7:00:00 PM

Valid to:
2/14/2015 6:59:59 PM

Subject:
CN=Clovermedia SLU, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Clovermedia SLU, L=Adeje, S=Santa Cruz de tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0524A867F334951775CD16FBB2ED7E9B

File PE Metadata
Compilation timestamp:
4/1/2014 1:12:58 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
6144:BfXWtsf5ccJzUD+LG4bc4jaiDbYWP2mNb9sXD0matGPW3CPsojvY8iiJ3Y0iy:BfWM5cc5UUc4TxA4aPW3Ckav3iiJPiy

Entry address:
0x46DB

Entry point:
E8, 0D, 3D, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, AC, AE, 42, 00, FF, 15, 6C, C0, 41, 00, 85, C0, 75, 18, 56, E8, 80, 12, 00, 00, 8B, F0, FF, 15, 50, C0, 41, 00, 50, E8, CB, 12, 00, 00, 59, 89, 06, 5E, 5D, C3, 55, 8B, EC, 56, 8B, 75, 0C, 57, 33, FF, 85, F6, 74, 1B, 6A, E0, 33, D2, 58, F7, F6, 3B, 45, 10, 73, 0F, E8, 4D, 12, 00, 00, C7, 00, 0C, 00, 00, 00, 33, C0, EB, 3C, 0F, AF, 75, 10, 53, 8B, 5D, 08, 85, DB, 74, 09, 53, E8, 30, 0C, 00, 00, 59, 8B, F8...
 
[+]

Entropy:
5.9116

Code size:
106 KB (108,544 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security