setup_v2.exe

tuguu sl

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application setup_v2.exe by tuguu sl has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
tuguu sl  (signed and verified)

MD5:
e3a46f56ce24bd453dff3cf3ace7f35c

SHA-1:
4dc38bfb45ceab1eb59487b8437e2fcd34824984

SHA-256:
5b0885c869641302282d83a472803297381739c54f8407d7432fffd836459370

Scanner detections:
31 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 2:11:03 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.Q
853

AegisLab AV Signature
AdWare.W32.iBryte
2.1.4+

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.10.05

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.176.146

avast!
DomaIQ-AU [PUP]
141003-0

AVG
Adware Skodna.Bundle_r.P
2014.0.4025

Bitdefender
Application.Bundler.DomaIQ.Q
1.0.20.1385

Clam AntiVirus
Win.Trojan.Domaiq-27
0.98/19476

Comodo Security
Application.Win32.DomaIQ.JIK
19699

Dr.Web
Trojan.PayInt.1
9.0.1.05190

ESET NOD32
Win32/DomaIQ.AN potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/DomaIQ.AN!tr
10/4/2014

F-Prot
W32/MSIL_Troj.CL2.gen
4.6.5.141

F-Secure
Application.Bundler.DomaIQ
11.2014-04-10_7

G Data
Application.Bundler.DomaIQ
14.10.24

IKARUS anti.virus
APPL
t3scan.1.7.8.0

Kaspersky
not-a-virus:AdWare.Win32.Lollipop
15.0.0.494

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.10.04.12

McAfee
CryptDomaIQ
5600.6987

MicroWorld eScan
Application.Bundler.DomaIQ.Q
15.0.0.831

NANO AntiVirus
Trojan.Win32.PayInt.csiemm
0.28.2.62440

Panda Antivirus
PUP/MultiToolbar.A
14.10.04.12

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Quick Heal
Adware.DomaIQ.BT5
10.14.14.00

Reason Heuristics
PUP.Installer.tuguusl.I
14.10.4.11

Rising Antivirus
PE:PUF.DomaIQ!1.9EEB
23.00.65.141002

Sophos
DomainIQ pay-per install
4.98

Vba32 AntiVirus
OScope.Downware.DomaIQ
3.12.26.3

VIPRE Antivirus
Threat.4783235
33624

Zillya! Antivirus
Dropper.Agent.Win32.149498
2.0.0.1942

File size:
449.4 KB (460,144 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup

Common path:
C:\users\{user}\downloads\setup_v2.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
6/13/2013 6:06:55 PM

Valid to:
6/13/2014 6:06:55 PM

Subject:
CN=tuguu sl, O=tuguu sl, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B632A0CF95E4D

File PE Metadata
Compilation timestamp:
11/27/2013 5:03:29 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:FPfZlEh6sQyRyQpv6w0F0GAOxcy80Ssa7CAoOefF0nv3XlQo7CbkE9c7M+FysYgK:hfCRyQpv6w0FHxK3mFBFMfV9GY+cMqK

Entry address:
0xD78B

Entry point:
E8, 9A, 59, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, E0, 35, 42, 00, E8, EB, 22, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 70, A8, 42, 00, 77, 22, 6A, 04, E8, 85, 5B, 00, 00, 59, 83, 65, FC, 00, 56, E8, 8C, 63, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, F7, 22, 00, 00, C3, 6A, 04, E8, 80, 5A, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, A8, E0, 41, 00, 83, 3D, 1C, 95, 42, 00, 00, 75, 18, E8, 4C, 51, 00...
 
[+]

Entropy:
7.3884

Code size:
114 KB (116,736 bytes)

The file setup_v2.exe has been seen being distributed by the following URL.

Remove setup_v2.exe - Powered by Reason Core Security