home

player setup.exe

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player setup.exe by Digital Plugin SL has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from ttb.lpmxp2180.com.
Publisher:
Digital Plugin SL  (signed and verified)

MD5:
61b1993149e02eb02cb860a20472cba9

SHA-1:
e0c45c9741f3fb65cb11ff3c23b9fc0ba75ab2f8

SHA-256:
a0d78621459b082d798d2f4a917b2de7f78aced9c5b8c8379ecbc1a1c34c05c8

Scanner detections:
28 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 5:23:00 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.107390
864

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.09.25

Avira AntiVirus
Adware/Softpulse.107390
7.11.174.68

avast!
Win32:SoftPulse-AH [PUP]
2014.9-140923

AVG
Generic
2015.0.3342

Bitdefender
Gen:Variant.Adware.Zusy.107390
1.0.20.1330

Clam AntiVirus
Win.Adware.Agent-11309
0.98/19423

Comodo Security
Application.Win32.DomaIQ.OLV
19609

Dr.Web
Trojan.MulDrop5.40191
9.0.1.0266

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.107390
8.14.09.23.01

ESET NOD32
Win32/SoftPulse (variant)
8.10459

F-Secure
Gen:Variant.Adware.Zusy.107390
11.2014-23-09_3

G Data
Gen:Variant.Adware.Zusy.107390
14.9.24

herdProtect (fuzzy)
variant of itunes.exe (Adware)
2014.12.5.14

K7 AntiVirus
Unwanted-Program
13.183.13476

Kaspersky
Trojan.Win32.Buzus
14.0.0.2843

Malwarebytes
PUP.Optional.DomaIQ
v2014.09.23.01

McAfee
SoftPulse
5600.6998

Microsoft Security Essentials
Threat.Undefined
1.185.1001.0

MicroWorld eScan
Gen:Variant.Adware.Zusy.107390
15.0.0.798

NANO AntiVirus
Riskware.Win32.SoftPulse.dfhrtw
0.28.2.62286

Norman
SoftPulse.H
11.20140923

Panda Antivirus
Trj/Genetic.gen
14.09.23.01

Reason Heuristics
PUP.Installer.DigitalPluginSL.M
14.9.23.11

Sophos
SoftPulse
4.98

Vba32 AntiVirus
BScope.Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
33120

File size:
1.3 MB (1,382,432 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\Documents and Settings\{user}\My documents\downloads\player setup.exe

Digital Signature
Signed by:
Digital Plugin SL

Authority:
COMODO CA Limited

Valid from:
5/23/2014 1:00:00 AM

Valid to:
5/24/2015 12:59:59 AM

Subject:
CN=Digital Plugin SL, O=Digital Plugin SL, STREET=Calle el Pozo 17B, L=Adeje, S=Santa Cruz de Tenerife, PostalCode=38670, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C30222BF83B5AE2CB666E51380D11646

File PE Metadata
Compilation timestamp:
9/19/2014 8:40:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:1OiZzDXGLFP53UG7bL1HohIE6BvRx0GOb/4+a0q3bhAqtxe9J:Mi1DWLFP53UGe76x0ZUphdtG

Entry address:
0x6BFA

Entry point:
E8, FF, 3C, 00, 00, E9, 7F, FE, FF, FF, E9, 0F, 00, 00, 00, 3B, 0D, 90, 90, 46, 00, 75, 02, F3, C3, E9, FA, 43, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 10, A9, 46, 00, FF, 15, 68, 50, 41, 00, 85, C0, 75, 18, 56, E8, 03, 45, 00, 00, 8B, F0, FF, 15, B8, 50, 41, 00, 50, E8, 08, 45, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7...
 
[+]

Entropy:
7.6588

Code size:
78 KB (79,872 bytes)

The file player setup.exe has been seen being distributed by the following URL.

http://ttb.lpmxp2180.com/download/request/.../43xwlt0O?__tc=1411305598.277&lpsl=ca68f3a26cbd328df9c7bd4a61d1fb01&expire=1411391993&PubID=008149880&tgu_src_lp_domain=www.dwnlsoft.com&ClickID=008149880012489465962&fileName=Player_Setup

Remove player setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.