home

virusshare_62238eb9aef58c1cea8e7aa4e8b06120

Tuguu SLU

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The file virusshare_62238eb9aef58c1cea8e7aa4e8b06120 by Tuguu SLU has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer.
Publisher:
Tuguu SLU  (signed and verified)

MD5:
62238eb9aef58c1cea8e7aa4e8b06120

SHA-1:
a95b46940e1b998bce610770521543b8a90b2c7b

SHA-256:
ee1d2777f4462c46925f770bbae43ac6b2dd5ca1b02dd8a859e0267253068980

Scanner detections:
33 / 68

Status:
Adware

Explanation:
Uses the DomainIQ download manager to bundle additional potentially unwanted software without adequate consent.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/27/2024 1:08:12 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Adware.Generic.913854
463

Agnitum Outpost
PUA.DomaIQ
7.1.1

AhnLab V3 Security
Adware/Win32.DomaIQ
15.10.30

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.150.178

avast!
Win32:DomaIQ-CK [PUP]
2014.9-151030

AVG
Skodna.Generic
2016.0.2941

Baidu Antivirus
Adware.Win32.DomaIQ
4.0.3.151030

Bitdefender
Dropped:Adware.Generic.913854
1.0.20.1515

Comodo Security
Application.Win32.DomaIQ.URT
18306

Dr.Web
Trojan.DownLoader9.15042
9.0.1.0303

Emsisoft Anti-Malware
Dropped:Adware.Generic.913854
8.15.10.30.07

ESET NOD32
Win32/DomaIQ.AZ (variant)
9.9827

Fortinet FortiGate
Adware/MSIL_DomaIQ
10/30/2015

F-Prot
W32/DomaIQ.D3.gen
v6.4.7.1.166

F-Secure
Adware:W32/DomaIQ
11.2015-30-10_6

G Data
Dropped:Adware.Generic.913854
15.10.24

IKARUS anti.virus
Win32.AdWare
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.178.12140

Kaspersky
not-a-virus:AdWare.MSIL.DomaIQ
14.0.0.1198

Malwarebytes
PUP.Optional.Domalq
v2015.10.30.07

McAfee
Artemis!62238EB9AEF5
5600.6597

MicroWorld eScan
Dropped:Adware.Generic.913854
16.0.0.909

NANO AntiVirus
Trojan.Win32.DomaIQ.ctadmg
0.28.0.59921

nProtect
Dropped:Adware.Generic.913854
14.05.20.01

Panda Antivirus
PUP/MultiToolbar.A
15.10.30.07

Reason Heuristics
PUP.Tuguu.TuguuU.Bundler (M)
15.10.30.7

Sophos
DomainIQ pay-per install
4.98

SUPERAntiSpyware
Adware.DomaIQ/Variant
9538

Trend Micro House Call
TROJ_GEN.R001C0EC914
7.2.303

Trend Micro
TROJ_GEN.R001C0EC914
10.465.30

Vba32 AntiVirus
BScope.Downware.DomaIQ
3.12.26.0

VIPRE Antivirus
DomaIQ
29436

Zillya! Antivirus
Adware.DomaIQ.Win32.138
2.0.0.1795

File size:
313.1 KB (320,584 bytes)

Bundler/Installer:
TUGUU DomaIQ Setup

Digital Signature
Signed by:
Tuguu SLU

Authority:
DigiCert Inc

Valid from:
1/24/2014 1:00:00 AM

Valid to:
1/28/2015 1:00:00 PM

Subject:
CN=Tuguu SLU, O=Tuguu SLU, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
0B56998065C0DD285FA55AECC999816A

File PE Metadata
Compilation timestamp:
1/29/2014 8:41:29 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:Fwbqks+CRoRrxK00jN/wfLERu8XcN0K8XL/2qQdpt8PLcgcW9U004NOFVqDlEQZ2:Fweks+CRO0mfLL8vHzstcF93YYr4

Entry address:
0x1576

Entry point:
E8, CC, 26, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, D8, CF, 40, 00, 89, 0D, D4, CF, 40, 00, 89, 15, D0, CF, 40, 00, 89, 1D, CC, CF, 40, 00, 89, 35, C8, CF, 40, 00, 89, 3D, C4, CF, 40, 00, 66, 8C, 15, F0, CF, 40, 00, 66, 8C, 0D, E4, CF, 40, 00, 66, 8C, 1D, C0, CF, 40, 00, 66, 8C, 05, BC, CF, 40, 00, 66, 8C, 25, B8, CF, 40, 00, 66, 8C, 2D, B4, CF, 40, 00, 9C, 8F, 05, E8, CF, 40, 00, 8B, 45, 00, A3, DC, CF, 40, 00, 8B, 45, 04, A3, E0, CF, 40, 00, 8D, 45, 08, A3, EC, CF, 40...
 
[+]

Code size:
30.5 KB (31,232 bytes)

Remove virusshare_62238eb9aef58c1cea8e7aa4e8b06120 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.