» frame64.dll
Overview
Analysis
File Details

frame64.dll

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The module frame64.dll by Plugin Update SL has been detected as adware by 4 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer.

File name:

frame64.dll

Publisher:

Plugin Update SL (signed and verified)

MD5:

1fd8b148d4bb3d22f09e9bdbbee36e2e

SHA-1:

c3c8c3a6d54f905ca8c0d3bd4f5cfe31f5694d5d

SHA-256:

279d4203ac1e83e91ee0569b50f506f260e98ef0f252acf7871a89239388c644

Scanner detections:

4 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 11:24:21 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3342

Baidu Antivirus

Adware.Win32.SoftPulse

4.0.3.14923

Reason Heuristics

PUP.PluginUpdateSL.H

14.9.23.12

VIPRE Antivirus

DomaIQ

33348

File size:

628.7 KB (643,752 bytes)

File type:

Dynamic link library (Win64 DLL)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\Program Files\hostsecureplugin\frame64.dll

Digital Signature

Signed by:

Plugin Update SL

Authority:

GlobalSign nv-sa

Valid from:

6/12/2014 11:31:06 AM

Valid to:

6/13/2015 11:31:06 AM

Subject:

E=contact@pluginupdatesl.com, CN=Plugin Update SL, O=Plugin Update SL, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C2BF8ED71E96CCD55D3A79E92DAEAD78

File PE Metadata

Compilation timestamp:

9/16/2013 3:50:19 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:6lT6PtL9VBWW736byDCzH2X57Rro+jUaXntom:656PtL9VBd6bKUHSp3tt

Entry address:

0x2C2E8

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, AF, 86, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 40, 53, 48, 83, EC, 30, 48, 8B, D9, B9, 0E, 00, 00, 00, E8, 49, 67, 00, 00, 90, 48, 8B, 43, 08, 48, 85, C0, 74, 3F, 48, 8B, 0D, 4C, 75, 06, 00, 48, 8D, 15, 3D, 75, 06, 00, 48, 89, 4C, 24, 20, 48, 85, C9, 74, 19, 48, 39, 01, 75, 0F, 48, 8B, 41, 08, 48, 89... 
[+]

Entropy:

6.2874

Code size:

434 KB (444,416 bytes)

Remove frame64.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.