home

zipper_v.4957006.exe

TUGUU SL

The Tuguu download and install manager uses the DomalIQ installer to bundle additional adware offers such as toolbars and browser extensions during the setup process. This software distributes modified installers which are not the same as the original distributed by the author. The application zipper_v.4957006.exe by TUGUU SL has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the TUGUU DomaIQ Setup installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.
Publisher:
TUGUU SL  (signed and verified)

MD5:
bb20931275a9efdac4c4a24c9b611fad

SHA-1:
4c2a2c9a5483a7f9770bb37f09648c98bddaac77

SHA-256:
5c9828637a9caa1035a46754b08798b80a2618396ad007afaf0a3941bcbc2686

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Uses the InstallIQ download installer to bundle various adware offers.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
1/13/2025 2:39:47 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Generic.583420
1047

Agnitum Outpost
PUA.DomaIQ
7.1.1

Avira AntiVirus
APPL/DomaIQ.Gen
7.11.132.168

avast!
NSIS:DomaIQ-B [PUP]
2014.9-140325

Bitdefender
Adware.Generic.583420
1.0.20.420

Bkav FE
W32.Cloda01.Trojan
1.3.0.4924

Comodo Security
ApplicUnwnt
17814

Dr.Web
Adware.W3i.29
9.0.1.084

Emsisoft Anti-Malware
Adware.Generic.583420
8.14.03.25.05

ESET NOD32
Win32/DomaIQ
8.9443

Fortinet FortiGate
Adware/DomaIQ.DT
3/25/2014

F-Secure
Adware.Generic.583420
11.2014-25-03_3

G Data
Adware.Generic.583420
14.3.24

K7 AntiVirus
Unwanted-Program
13.176.11210

McAfee
RDN/Generic PUP.x!b2r
5600.7181

MicroWorld eScan
Adware.Generic.583420
15.0.0.252

NANO AntiVirus
Trojan.Win32.Downware.csraff
0.28.0.57630

Panda Antivirus
PUP/MultiToolbar.A
14.03.25.05

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.TUGUUSL.P
14.8.7.18

Sophos
DomainIQ pay-per install
4.97

SUPERAntiSpyware
PUP.BundleInstaller
10707

Trend Micro House Call
TROJ_GEN.R00HB01KE13
7.2.84

VIPRE Antivirus
DomaIQ
26632

File size:
230.1 KB (235,648 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
TUGUU DomaIQ Setup (using Nullsoft Install System)

Common path:
C:\users\{user}\downloads\zipper_v.4957006.exe

Digital Signature
Signed by:
TUGUU SL

Authority:
GoDaddy.com, Inc.

Valid from:
5/3/2012 5:02:02 PM

Valid to:
5/3/2013 5:02:02 PM

Subject:
CN=TUGUU SL, O=TUGUU SL, L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
079402776DB199

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:aQIURTXJc45/CuDlOtY8gJdXMdfX7wsGoyg0zsLzJVbzFHB6W1AH88YrkoV1qt:as6FqSY8gJdcFbGaVbNBfSbYrkoV14

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file zipper_v.4957006.exe has been seen being distributed by the following 2 URLs.

http://dls.zippernew.com/d/31/zipper/242/.../V.4577748

http://dls.zippernew.com/d/31/zipper/242/.../V.4876824

Remove zipper_v.4957006.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.