» data.exe
Overview
Analysis
File Details

data.exe

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application data.exe by Digital Plugin SL has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from the user's temporary directory.

File name:

data.exe

Publisher:

Digital Plugin SL (signed and verified)

MD5:

6796e84b56fe8179e9061e2c83b8d28c

SHA-1:

1feeed020f2f7191729ae7692a5add5bd8557ffe

SHA-256:

95047487f0b745903ec4acf10b8b0b7e3502132d6460a5e4a150e56b6d0b2fe0

Scanner detections:

12 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/18/2024 12:29:15 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.SoftPulse

2015.03.02

Avira AntiVirus

PUA/SoftPulse.oany

7.11.213.24

avast!

Dropper-gen [Drp]

150101-1

AVG

Generic

2016.0.3183

ESET NOD32

Win32/SoftPulse.X potentially unwanted application

7.0.302.0

Malwarebytes

PUP.Optional.SoftPulse

v2015.03.02.03

NANO AntiVirus

Riskware.Win32.SoftPulse.doaizb

0.30.0.296

Norman

Troj_Generic.YVCSM

11.20150302

Reason Heuristics

PUP.Softpulse

15.3.2.3

Sophos

PUA 'SoftPulse' (of type Adware)

5.11

SUPERAntiSpyware

Trojan.Agent/Gen-Dropper

10023

VIPRE Antivirus

Threat.4150696

37588

File size:

621.5 KB (636,416 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler (using Nullsoft Install System)

Common path:

C:\users\{user}\appdata\local\temp\data.exe

Digital Signature

Signed by:

Digital Plugin SL

Authority:

GoDaddy.com, Inc.

Valid from:

7/2/2014 6:47:28 AM

Valid to:

7/2/2015 6:47:28 AM

Subject:

CN=Digital Plugin SL, O=Digital Plugin SL, L=GUIA DE ISORA, C=ES

Issuer:

CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

08030F4F595ED0

File PE Metadata

Compilation timestamp:

2/24/2012 11:20:04 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:g0gm6vn/e6aGf562DRz3Hxh3tCvJujtdA8cNtsQuLFtuKtGD:7P6ne6aGB9zhRtjhd3+tsQoFtuKt

Entry address:

0x38AF

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 68, A2, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 90, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 90, 40, 00, 55, FF, 15, C0, 92, 40, 00, 6A, 08, A3, 98, EB, 47, 00, E8, 36, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, EA, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 64, A2, 40, 00, FF, 15, 84, 91, 40, 00, 68, 4C, A2, 40, 00, 68, A0, 6A, 47, 00, E8, 18, 27, 00, 00, FF, 15, B0, 90, 40, 00, 50, BF, A0, F0, 4C, 00, 57, E8, 06, 27, 00, 00... 
[+]

Entropy:

7.9626

Packer / compiler:

Nullsoft install system v2.x

Code size:

29 KB (29,696 bytes)

Remove data.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.