home

player setup.exe

taskhost

Plugin Update S.L.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player setup.exe by Plugin Update S.L has been detected as adware by 40 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Plugin Update S.L.  (signed and verified)

Product:
taskhost

Version:
5. 4. 5. 4

MD5:
ca930443b3b3ed1ef24847f7c7948b5c

SHA-1:
39111a4e329ce7013785edc44fcf8e0265a46f08

SHA-256:
258c278a3b4d8740eb1ec8b310f139d9853d732429f16aee2e881a2c5d5e180c

Scanner detections:
40 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/27/2024 1:28:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.DomaIQ.V
668

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2014.12.28

Avira AntiVirus
APPL/Softpulse.aone
7.11.198.70

avast!
Win32:Malware-gen
2014.9-150408

AVG
Generic
2016.0.3146

Baidu Antivirus
PUA.Win32.SoftPulse
4.0.3.1548

Bitdefender
Gen:Variant.Adware.Symmi.49537
1.0.20.490

Bkav FE
W32.HfsAdware
1.3.0.6267

Clam AntiVirus
Win.Trojan.Softpulse-117
0.98/19869

Comodo Security
Application.Win32.SoftPulse.D
20507

Dr.Web
Trojan.DownLoader11.60009
9.0.1.098

Emsisoft Anti-Malware
Application.Bundler.DomaIQ.V
8.15.04.08.06

ESET NOD32
Win32/SoftPulse.S potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/DriverUpd
4/8/2015

F-Prot
W32/S-a12b5690
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.DomaIQ
11.2015-08-04_4

G Data
Gen:Variant.Adware.Symmi.49537
15.4.24

herdProtect (fuzzy)
variant of setup (63).exe (Adware)
2015.7.11.11

IKARUS anti.virus
not-a-virus:AdWare.SoftPulse
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14468

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
14.0.0.2224

Malwarebytes
PUP.Optional.SoftPulse
v2015.04.08.06

McAfee
SoftPulse
5600.6802

MicroWorld eScan
Application.Bundler.DomaIQ.V
16.0.0.294

NANO AntiVirus
Riskware.Win32.SoftPulse.dlfurr
0.30.0.64448

Norman
Application.Bundler.DomaIQ.V
11.20150408

nProtect
Trojan/W32.Agent.720376.B
15.01.15.01

Panda Antivirus
Trj/Genetic.gen
15.04.08.06

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Quick Heal
PUA.DriveUpd.DC4
4.15.14.00

Reason Heuristics
PUP.Bundler.Softpulse
15.4.8.2

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15406

Sophos
PUA 'SoftPulse' (of type Adware)
5.12

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9948

Trend Micro House Call
ADW_PULSOFT.SM
7.2.98

Trend Micro
ADW_PULSOFT.SM
10.465.08

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
36694

Zillya! Antivirus
Adware.Agent.Win32.29688
2.0.0.2024

File size:
703.5 KB (720,400 bytes)

Product version:
6. 5. 4. 6

Copyright:
Copyright (C) 2014

Original file name:
taskhost.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\downloads\player setup.exe

Digital Signature
Signed by:
Plugin Update S.L.

Authority:
VeriSign, Inc.

Valid from:
10/8/2014 7:00:00 AM

Valid to:
10/9/2015 6:59:59 AM

Subject:
CN=Plugin Update S.L., O=Plugin Update S.L., L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0E923B9CF60DA59FC3A43A87A8071FC2

File PE Metadata
Compilation timestamp:
12/29/2014 7:53:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:NHgLxi7Ma55+pDZIWcZWO5RgbdtK15LRCxg1RHeDpMgv4t1goX86r/:NHMiAe5aIWiFHktK7eDpMgvO11M6r/

Entry address:
0xFFF6

Entry point:
E8, 9A, 7E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, BF, 1A, 00, 00, 8B, FF, 51, C7, 01, 2C, 45, 43, 00, E8, 12, 7F, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CC, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 1F, 38, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8...
 
[+]

Entropy:
7.6980

Code size:
149 KB (152,576 bytes)

The file player setup.exe has been seen being distributed by the following URL.

http://dl.game-time.co/.../donwload?CID=277490&SID=ID&AFID=313309&rd=1&AffiliateReferenceID=1512303110_f46a3c_128f_100_54a263d5_724f3062_0_0_0_64_64_2&p_r=Global_gameoff_STT_mahjongg_2

Remove player setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.