home

Duuqu Group OU

Publisher Information

Duuqu Group OU is a software publisher located in Tallinn, Harju in Estonia*. The company is a primary distributor of unwanted software.
Authority:
Thawte, Inc.

Valid from:
8/9/2012 2:00:00 AM

Valid to:
8/10/2014 1:59:59 AM

Subject:
CN=Duuqu Group OU, O=Duuqu Group OU, L=Tallinn, S=Harju, C=EE

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
162e253d4cb8942d57dc084a3456ba93

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Service.DuuquGroupOU.L, PUP.ChromePlugin.DuuquGroupOU.O, PUP.Installer.DuuquGroupOU.Q, PUP.DuuquGroupOU.N, PUP.DuuquGroupOU.R, PUP.DuuquGroupOU.T, PUP.DuuquGroupOU.O, PUP.DuuquGroupOU.J, PUP.DuuquGroupOU.G, PUP.DuuquGroupOU.U, Threat.Installer.DuuquGroupOU, PUP.DuuquGroupOU (M), PUP.DuuquGro.Installer (M), PUP.DuuquGro (M), PUP (M)
100.00%

Dr.Web
Trojan.DownLoad3.25843
6.00%

Avira AntiVirus
APPL/Maxiget.P
4.00%

AVG
Generic
4.00%

Comodo Security
Heur.Suspicious
4.00%

herdProtect (fuzzy)
a variant of 75dc72a7bac94ad0317ff7f9a90fc13eac3488ed
4.00%

Trend Micro House Call
TROJ_GEN.F47V0801
4.00%

Rising Antivirus
PE:Trojan.GenericKDV!6.B5C
2.00%

AegisLab AV Signature
Troj.W32.Gen
2.00%

1 / 68      (Adware)
framefoxsetup_1.0.4.0.msi  (85b33baded5ec9077c68cfae6e2d3886)

1 / 68      (Adware)
DuuquUpdate.exe (Duuqu Update by Duuqu Group)  (3640daac40d21f877397fc215ec4e699)

1 / 68      (Adware)
{72351f49-a809-4540-9e5e-a125a6237e2f}.msi  (6731a5e92a22e1a2e136f323a9956ad9)

1 / 68      (Adware)
framefox20130409.exe (Duuqu Update by Duuqu Group)  (5066d1833bdd65c5a6cbfdb72f9c2800)

1 / 68      (Adware)
1bce179.msi  (4b341108cfb17e9881df7e152cd75a60)

1 / 68      (Adware)
qwertybox.exe (QwertyBox Support Program by Duuqu Group)  (a1542c6e36655a19f7de20749fb3a60d)

1 / 68      (Adware)
{bce83af3-b3c9-4a3b-bf04-2441d98b7119}.msi  (644e790deb6c304dffebfe40b14ccda8)

1 / 68      (Adware)
209802.msi  (12f908243183986696016398191d7f89)

1 / 68      (Adware)
framefox.exe (FrameFox Extensions by Duuqu Group)  (01eca800662eb1df26f897944a8ff5d4)

1 / 68      (Adware)
framefox.exe (FrameFox Extensions by Duuqu Group)  (b9c3e1fc5ae8131b2bc248dda370b6d6)

1 / 68      (Adware)
{1fbfabc7-5573-476b-942f-5da65abe3276}.msi  (290825667990a199e536cb439d505d18)

1 / 68      (Adware)
framefox.exe (FrameFox Extensions by Duuqu Group)  (789eb0eee66f46947f695331a1ca58c5)

1 / 68      (Adware)
goopdateres_ru.dll (Duuqu Update by Duuqu Group)  (ff956d4da740d1a533b7cdc4d6d9d8e1)

1 / 68      (Adware)
framefoxsetup_1.0.2.0.msi  (e214763a7acaedcb7ac3a30d887c2799)

1 / 68      (Adware)
qwertyboxsetup_1.0.2.0.msi  (dc1997fa418e98cd2f47284cb186dd1c)

1 / 68      (Adware)
psuser.dll (Duuqu Update by Duuqu Group)  (3ab8c258ca97236967adf668054ca7e9)

1 / 68      (Adware)
psmachine.dll (Duuqu Update by Duuqu Group)  (43b2e2141178e6390f51d171014af546)

1 / 68      (Adware)
goopdateres_en.dll (Duuqu Update by Duuqu Group)  (8843900f8230d79ad1880dc89fe92dd8)

1 / 68      (Adware)
goopdate.dll (Duuqu Update by Duuqu Group)  (4cbd4ea932a770880d1bb16f5b42c873)

1 / 68      (Adware)
duuquupdateondemand.exe (Duuqu Update by Duuqu Group)  (b4c5faea25ac6ac7747af7f9fb77b22e)

1 / 68      (Adware)
duuquupdatehelper.msi  (3ab173e545bde740fefdb1c301468363)

1 / 68      (Adware)
duuquupdatebroker.exe (Duuqu Update by Duuqu Group)  (091811ffc021786a3c92ca14a2e8ae65)

1 / 68      (Adware)
npDuuquUpdate3.dll (Duuqu Update by Duuqu Group)  (d732a47a16ecbe306e7164ac4b0dfc9c)

1 / 68      (Adware)
DuuquUpdate.exe (Duuqu Update by Duuqu Group)  (e8426fb17c42b1ca65f6e9f1de578c94)

1 / 68      (Adware)
b9987e4.msi  (f0f48ccb73fb8bbae5edaa34587b1dcb)

1 / 68      (Adware)
framefox.exe (FrameFox Extensions by Duuqu Group)  (1432ba058b2385392da1593bfc859ddb)

1 / 68      (Adware)
1b9707.msi  (ad6d829cf31deee3808c9efeeac3f456)

1 / 68      (Adware)
qwertybox.exe (QwertyBox Support Program by Duuqu Group)  (770fc35373a2c7c2b99ef0d9b1cdd683)

1 / 68      (Adware)
qwertybox.dll  (232d66d91abe4ef2a20766683d4e358a)

1 / 68      (Adware)
framefox.exe (FrameFox Extensions by Duuqu Group)  (894413ff7f6ded5aae568c9adaf72102)

 
Latest 30 of 52 files

Downloads URLs for files signed by Duuqu Group OU.

2 / 68      (Adware)
http://cdn.growmatecdn.us/.../DuuquUpdateSetup.exe  (55f0045d54c3425e96335ebeffa29181)

2 / 68      (Adware)
http://secured.atouristwest.us/.../duuqu.exe  (55f0045d54c3425e96335ebeffa29181)

2 / 68      (Adware)
http://cdn2.eastwhitecoal.us/.../DuuquUpdateSetup.exe  (55f0045d54c3425e96335ebeffa29181)

2 / 68      (Adware)
http://secure.fastdlcache.com/.../DuuquUpdateSetup.exe  (55f0045d54c3425e96335ebeffa29181)

2 / 68      (Adware)
http://secured.cdnawbwest.us/.../duuqu.exe  (55f0045d54c3425e96335ebeffa29181)

2 / 68      (Adware)
http://secure.rocketdlgo.com/.../DuuquUpdateSetup.exe  (55f0045d54c3425e96335ebeffa29181)

2 / 68      (Adware)
http://secured.cdnpmmm.us/.../duuqu.exe  (55f0045d54c3425e96335ebeffa29181)

The following websites host and distribute files published by Duuqu Group OU.

cdn.growmatecdn.us

secure.fastdlcache.com

secured.atouristwest.us

secured.cdnawbwest.us

secured.cdnpmmm.us

secure.rocketdlgo.com

cdn2.eastwhitecoal.us

The following publishers (by Authenticode signature organization name) are related.

Jutera Inc.

Rational Thought Solutions

ClaraLabSoftware

Start Install

Big Bulb Ideas IT Pvt Ltd

linkswift

Web Cake

BringStar

Conduit Ltd.

Jotzey

squirrelweb

Weather Warnings LLC

Browser Distribution Services, Inc.

Applon

* Note, the details and description above are based on the code signing digital signature issued to Duuqu Group OU by Thawte, Inc. on August 09, 2012 with the serial number '162e253d4cb8942d57dc084a3456ba93'.
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.