home

mplsetup.exe

appbundler.com

This is a component for the Pinball ad-supported platform which may deliver advertisemenst to the web browser in the form of banner and text ads. The application mplsetup.exe by appbundler.com has been detected as adware by 33 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. The file has been seen being downloaded from a.televisiontwister.com.
Publisher:
appbundler.com  (signed and verified)

Description:
Setup

Version:
3.0.113.1

MD5:
ad08de3fd885bd3de2efcafe5c1d6c6e

SHA-1:
e9a5e2422139b9dd1239dd0f199c76ba39dc5fc6

SHA-256:
4922d33425f6a825fcb79e53ca788764c9ad9195ec21974a08d8b4d35f6ace2c

Scanner detections:
33 / 68

Status:
Adware

Analysis date:
4/24/2024 6:11:24 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.ScreenSaver
7.1.1

AhnLab V3 Security
Adware/Win32.ScreenSaver
2013.02.21

Avira AntiVirus
TR/Graftor.Elzob.15338.1
7.11.62.28

avast!
Win32:Zango-AQ [PUP]
2014.9-150604

AVG
Generic5
2016.0.3089

Bitdefender
Gen:Variant.Adware.Graftor.30458
1.0.20.775

Comodo Security
ApplicUnwnt.Win32.AdWare.ScreenSaver.DI
15321

Dr.Web
Adware.Hotbar.700
9.0.1.0155

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.30458
8.15.06.04.12

ESET NOD32
Win32/Adware.HotBar (variant)
9.8032

Fortinet FortiGate
Adware/Hotbar
6/4/2015

F-Prot
W32/HotBar.O.gen
v6.4.6.5.141

F-Secure
Gen:Variant.Adware.Graftor.30458
11.2015-04-06_5

G Data
Gen:Variant.Adware.Graftor.30458
15.6.22

IKARUS anti.virus
not-a-virus:AdWare.Win32
t3scan.2.0.0.0

K7 AntiVirus
Adware
13.160.8242

Kaspersky
not-a-virus:AdWare.Win32.ScreenSaver
14.0.0.1940

Malwarebytes
Adware.AdBundle
v2015.06.04.12

McAfee
Adware-HotBar.d
5600.6745

Microsoft Security Essentials
Adware:Win32/Hotbar
1.163.1557.0

MicroWorld eScan
Gen:Variant.Adware.Graftor.30458
16.0.0.465

NANO AntiVirus
Trojan.Win32.Graftor.bbkjam
0.22.8.50637

Norman
180Solutions.BSE
11.20150604

Quick Heal
Adware.Hotbar.B5
6.15.12.00

Reason Heuristics
PUP.Pinball.Installer
15.6.4.0

Rising Antivirus
Adware.Hotbar!481A
23.00.65.15602

Sophos
Mal/Generic-S
4.86

SUPERAntiSpyware
Trojan.Agent/Gen-HotBar
9835

Total Defense
Win32/Zango.Pinball.B[HOTBAR]
37.0.10303

Trend Micro House Call
TROJ_GEN.R47CEAF
7.2.155

Trend Micro
TROJ_GEN.R47CEAF
10.465.04

Vba32 AntiVirus
AdWare.Win32.ScreenSaver.e
3.12.20.2

VIPRE Antivirus
Pinball Corporation.
15656

File size:
338.2 KB (346,288 bytes)

Product version:
3.0.113.1

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\mplsetup.exe

Digital Signature
Signed by:
appbundler.com

Authority:
VeriSign, Inc.

Valid from:
12/10/2012 11:00:00 AM

Valid to:
1/10/2015 10:59:59 AM

Subject:
CN=appbundler.com, OU=Ops, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=appbundler.com, L=Bellevue, S=Washington, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
12E277DA6E659BFE14CD01F5A2AA95C5

File PE Metadata
Compilation timestamp:
12/20/2012 4:23:32 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
6144:7A5wVdCy6wrbDY0rDqTWC4zEDzKuTrSbxc97cIEgdRTVMYfu7YDgE:7jyy64VrDqTWIzW+9YIE4pnJF

Entry address:
0xBB5C0

Entry point:
60, BE, 00, A0, 46, 00, 8D, BE, 00, 70, F9, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B...
 
[+]

Entropy:
7.8851

Packer / compiler:
UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:
328 KB (335,872 bytes)

The file mplsetup.exe has been seen being distributed by the following URL.

http://a.televisiontwister.com/IC/GPLAppBundler91/43368/0/.../MPLSetup.exe

Remove mplsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.