» notepad.exe
Overview
Analysis
File Details
Network (5)

notepad.exe

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application notepad.exe by Digital Plugin SL has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

notepad.exe

Publisher:

Digital Plugin SL (signed and verified)

MD5:

0e209a635d5df75dd6ad083d2da6f533

SHA-1:

72d4717443f94f971e83cb7e5bdf611043f6e418

SHA-256:

3c5dff9fce7b6a853d04a2b08e53828fcca234b05a0e99ff9f75355bb959eedf

Scanner detections:

26 / 68

Status:

Adware

Explanation:

Bundle or install adware offers through a modified download manager or installer.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 8:25:22 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.SoftPulse.P

5743552

Agnitum Outpost

Trojan.Domaiq

7.1.1

AhnLab V3 Security

PUP/Win32.SoftPulse

2015.06.18

Avira AntiVirus

PUA/SoftPulse.J.1

8.3.1.6

Arcabit

Application.Bundler.SoftPulse.P

1.0.0.425

AVG

Adware AdPlugin.DSL

2015.0.4355

Bitdefender

Application.Bundler.SoftPulse.P

1.0.20.840

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Trojan.Agent-882516

0.98/20576

Dr.Web

Trojan.Domaiq.175

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.SoftPulse.P

10.0.0.5366

ESET NOD32

Win32/SoftPulse.AH potentially unwanted application

7.0.302.0

F-Secure

Riskware.Application.Bundler.SoftPulse

5.14.151

G Data

Application.Bundler.SoftPulse

15.6.25

K7 AntiVirus

Unwanted-Program

13.205.16276

Kaspersky

not-a-virus:HEUR:AdWare.Win32.SoftPulse

14.0.0.1872

Malwarebytes

PUP.Optional.DomalIQ.SID.A

v2015.06.17.03

MicroWorld eScan

Application.Bundler.SoftPulse.P

16.0.0.504

Norman

Application.Bundler.SoftPulse.P

02.06.2015 14:23:46

Panda Antivirus

Trj/Genetic.gen

15.06.17.03

Quick Heal

PUA.Digitalplu8.Gen

6.15.14.00

Reason Heuristics

PUP.Softpulse.Bundler

15.6.17.11

Rising Antivirus

PE:Malware.Graftor!6.257B

23.00.65.15615

Sophos

PUA 'SoftPulse' (of type Adware)

5.15

VIPRE Antivirus

Threat.4783235

40830

Zillya! Antivirus

Backdoor.PePatch.Win32.75604

2.0.0.2230

File size:

694.9 KB (711,584 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\0jne5obm\notepad.exe

Digital Signature

Signed by:

Digital Plugin SL

Authority:

VeriSign, Inc.

Valid from:

7/27/2014 7:00:00 PM

Valid to:

7/28/2015 6:59:59 PM

Subject:

CN=Digital Plugin SL, O=Digital Plugin SL, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4ED5D9A2F23912A93AD2937C038B77F4

File PE Metadata

Compilation timestamp:

6/4/2015 3:56:44 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:CHEXvzEFWs4iSVo3DUY/ZYVlYThADtaQPbcSTpl2oKrweMBPsup30f4vSSZm58vE:CHEXvzEFWLtW3DUY/ZthawkbB2oKrwYJ

Entry address:

0x1000

Entry point:

B8, 88, 9D, 67, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 40, 6A, 6A, 8B, 82, 48, 08, AF, 86, AD, A5, DA, 2F, D8, 35, C5, B0, EF, F2, 1A, C6, A9, C0, B1, DC, FD, 23, 0B, 19, D7, 86, D3, 7C, C4, 68, 3D, 16, 0A, 2D, F6, 4C, 79, 74, A9, 3A, 96, 12, 4F, 67, 17, 6F, C5, 77, 57, 70, B8, BE, 6E, 82, 53, 97, 46, 32, DF, ED, 9B, C5, 8B, 77, 1A, 74, 49, 45, 15, 34, 48, F1, 19, 56, 85, E1, 4E, 0E, 63, DD, 86, 66, 6E, 15, 01, 24, 97, 7B... 
[+]

Entropy:

7.9671

Packer / compiler:

PECompact v2

Code size:

1 MB (1,095,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to lga25s40-in-f200.1e100.net (216.58.219.200:443)

TCP (HTTP):

Connects to ec2-54-201-116-175.us-west-2.compute.amazonaws.com (54.201.116.175:80)

TCP (HTTP):

Connects to ec2-52-10-139-14.us-west-2.compute.amazonaws.com (52.10.139.14:80)

TCP (HTTP):

Connects to a23-52-155-27.deploy.static.akamaitechnologies.com (23.52.155.27:80)

TCP (HTTP):

Connects to a23-52-149-163.deploy.static.akamaitechnologies.com (23.52.149.163:80)

Remove notepad.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.