setup_v.167054232c.exe

Tuguu S.L.

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup_v.167054232c.exe by Tuguu S.L has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
Tuguu S.L.  (signed and verified)

MD5:
f81952a1955722871cc820bf192ff029

SHA-1:
65c35f2fba233070a647e58ca06525e327450d05

SHA-256:
eb31d7c9815fa5e2d1f906194feec1da13372317b8c64d9b15fd2d45a6897aab

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 10:04:00 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen7
7.11.154.66

avast!
NSIS:DomaIQ-C [PUP]
2014.9-140911

AVG
Agent.L
2015.0.3355

Comodo Security
UnclassifiedMalware
18503

Dr.Web
Adware.W3i.28
9.0.1.0254

ESET NOD32
Win32/DomaIQ
8.9924

Fortinet FortiGate
Adware/Fam.NB
9/11/2014

IKARUS anti.virus
Application.Hidden_Key
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.1712358

Kaspersky
not-a-virus:HEUR:AdWare.MSIL.DomaIQ
14.0.0.3268

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.09.11.10

McAfee
Artemis!F81952A19557
5600.7011

NANO AntiVirus
Trojan.Win32.W3i.cjebxe
0.28.0.60253

Norman
Suspicious_Gen4.EFXQK
11.20140911

Panda Antivirus
PUP/MultiToolbar.A
14.09.11.10

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.Installer.TuguuSL.R
14.9.11.10

Sophos
DomainIQ pay-per install
4.98

SUPERAntiSpyware
PUP.DomalIQ/Variant
10366

VIPRE Antivirus
DomaIQ
30168

File size:
430.9 KB (441,256 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\setup_v.167054232c.exe

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
5/14/2013 2:00:00 AM

Valid to:
7/18/2014 2:00:00 PM

Subject:
CN=Tuguu S.L., OU=U B76539535, O=Tuguu S.L., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08EC69B75B2FE31EC2C53E0E441AC0E1

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:6uAR1eJclDqI0aaO0fHvnRU21olag6pD/v:6FreKlDMUrag6prv

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file setup_v.167054232c.exe has been seen being distributed by the following 7 URLs.

http://dls.mpalyerfreeware.com/p/151/Setup/321/.../V.166401763a

http://cp.mpalyerfreeware.com/pasarela/affp/.../ClickID=ZZf1750893Za1540746Zg172Zw49Zm140Zc1856000400,1856000400Zs135Zi0ZZ&PubID=40&__tc=1370196239.94

Remove setup_v.167054232c.exe - Powered by Reason Core Security