» player setup.exe
Overview
Analysis
File Details
Downloads (1)

player setup.exe

Software Setup LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player setup.exe by Software Setup has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from dl.game-time.co.

File name:

player setup.exe

Publisher:

Software Setup LLC (signed and verified)

MD5:

7df96c4302836e727004fe19e8ff9d2a

SHA-1:

2ab84d60c460c332d7a583ba95171bb0b2433409

SHA-256:

283819c0e9d9d622120f15d4ffb3c897be79cc93fdab79c0afc94247cc594360

Scanner detections:

5 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 9:22:15 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Crypt.XPACK.Gen

7.11.30.172

Comodo Security

Application.Win32.SoftPulse.D

20886

ESET NOD32

Win32/SoftPulse.S potentially unwanted application

7.0.302.0

Malwarebytes

PUP.Optional.DigiPlug

v2015.01.29.08

Reason Heuristics

PUP.Installer.Softpulse

15.2.10.11

File size:

1 MB (1,078,984 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\downloads\player setup.exe

Digital Signature

Signed by:

Software Setup LLC

Authority:

COMODO CA Limited

Valid from:

1/9/2015 1:00:00 AM

Valid to:

1/10/2016 12:59:59 AM

Subject:

CN=Software Setup LLC, O=Software Setup LLC, STREET="501 Silverside Road, Suite 105", L=Wilmington, S=Delaware, PostalCode=19809, C=US

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

63EB9EFF9AAC93EDDBF4BF06301012E2

File PE Metadata

Compilation timestamp:

1/29/2015 12:07:23 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:EoAuONhn34Gx3f+tNLynGevKgzHm07UstAzmMQR5+o5KT0KQLGsK:HONhn3y2nvtzHn7vAzmRR5+OKTJQFK

Entry address:

0x13C1A6

Entry point:

60, E8, 00, 00, 00, 00, 58, 05, 5A, 0B, 00, 00, 8B, 30, 03, F0, 2B, C0, 8B, FE, 66, AD, C1, E0, 0C, 8B, C8, 50, AD, 2B, C8, 03, F1, 8B, C8, 57, 51, 49, 8A, 44, 39, 06, 88, 04, 31, 75, F6, 2B, C0, AC, 8B, C8, 80, E1, F0, 24, 0F, C1, E1, 0C, 8A, E8, AC, 0B, C8, 51, 02, CD, BD, 00, FD, FF, FF, D3, E5, 59, 58, 8B, DC, 8D, A4, 6C, 90, F1, FF, FF, 51, 2B, C9, 51, 51, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C, 52, 57, 83, C1, 04, 51, 50, 83, C1, 04, 56, 51, E8, 5E, 00, 00, 00, 8B, E3, 5E, 5A, 2B, C0, 89, 04, 32, B4, 10... 
[+]

Packer / compiler:

ASPack v1.08.04

Code size:

162 KB (165,888 bytes)

The file player setup.exe has been seen being distributed by the following URL.

http://dl.game-time.co/.../donwload?CID=290649&SID=IT&AFID=296968&rd=1&affiliatereferenceid=389023047018&p_r=Global_Zazazam_STT_Empire

Remove player setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.