home

setup.exe

Wizard

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Digital Plugin SL has been detected as adware by 38 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from lp.download-free-videos.com.
Publisher:
Digital Plugin SL  (signed and verified)

Product:
Wizard

Version:
1. 9. 8. 7

MD5:
d11d39ace0f0b33f5884b5ce1afcfbe5

SHA-1:
07f0ac5354072e7cd328487f18284c9ffa8588ec

SHA-256:
212c71f4ea7b3ab57cc8d7138104df5895b9fbee9b406322d106472a8bd43582

Scanner detections:
38 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 3:10:23 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.SoftPulse.P
381

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
Win-PUP/SoftPulse
2014.12.03

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:SoftPulse-CV [PUP]
2014.9-160120

AVG
Win.Threat.High
2017.0.2859

Bitdefender
Adware.Agent.PBC
1.0.20.100

Bkav FE
W32.HfsAdware
1.3.0.6267

Clam AntiVirus
Win.Adware.MultiPlug-31138
0.98/19932

Comodo Security
Application.Win32.SoftPulse.D
20266

Dr.Web
Adware.SoftPules.3, Trojan.Domaiq.25
9.0.1.020

Emsisoft Anti-Malware
Application.Bundler.SoftPulse.P
8.16.01.20.06

ESET NOD32
Win32/SoftPulse.S potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
W32/Kryptik.BWOY!tr
1/20/2016

F-Prot
W32/A-3f31f6a7
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.SoftPulse
11.2016-20-01_4

G Data
Adware.Agent.PBC
16.1.24

IKARUS anti.virus
not-a-virus:AdWare.SoftPulse
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.186.14225

Kaspersky
not-a-virus:Downloader.Win32.DriverUpd
14.0.0.789

Malwarebytes
PUP.Optional.SmartSec
v2016.01.20.06

McAfee
Program.SoftPulse
5600.6515

MicroWorld eScan
Adware.Agent.PBC
17.0.0.60

NANO AntiVirus
Trojan.Win32.DriverUpd.djqtoc
0.28.6.63850

Norman
Gen:Variant.Adware.Kazy.494201
11.20160120

nProtect
Trojan.Agent.BGRP
14.12.05.01

Panda Antivirus
Trj/Genetic.gen
16.01.20.06

Qihoo 360 Security
Malware.QVM17.Gen
1.0.0.1015

Quick Heal
TrojanDwnldr.DriverUpd.A5
1.16.14.00

Reason Heuristics
PUP.Softpulse.DigitalPlugin.Bundler (M)
16.1.20.6

Rising Antivirus
PE:Trojan.Win32.Inject.gar!1075356071
23.00.65.16118

Sophos
PUA 'SoftPulse' (of type Adware)
59

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9374

Trend Micro House Call
TROJ_GEN.R047B01L914
7.2.20

Trend Micro
ADW_PULSOFT.SM
10.465.20

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.5064683
35224

Zillya! Antivirus
Adware.SoftPulse.Win32.14
2.0.0.2003

File size:
854 KB (874,464 bytes)

Product version:
1. 9. 8. 7

Copyright:
Copyright (C) 2014

Original file name:
Wizard.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Digital Plugin SL

Authority:
VeriSign, Inc.

Valid from:
9/23/2014 9:00:00 PM

Valid to:
7/28/2015 8:59:59 PM

Subject:
CN=Digital Plugin SL, O=Digital Plugin SL, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
457A2C44F936DD8EEF974AFC80E53578

File PE Metadata
Compilation timestamp:
12/23/2014 6:28:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:LYq2/9nnr5cDNsOQfKJL9ki1arPvi/cjaBYfv:kqaxyDC2JmSoPvikO8

Entry address:
0x1C106

Entry point:
B8, 50, B3, 51, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, D3, 52, 71, 8F, 10, 9D, 74, 62, B3, 00, 4F, B3, 31, 3B, A4, B3, FF, 83, B1, 7C, C9, 27, 43, 69, 31, 69, D3, 9B, 84, 1F, 21, 69, 1A, 5F, C4, 59, CB, 02, C8, BB, D8, 58, 37, D8, AB, 3D, 05, B0, 37, 1B, 06, 03, FB, 17, BF, 49, 9E, B9, D4, 90, 50, 86, 9B, B4, A5, AA, 1A, A8, 1D, 63, 5E, D8, 62, 02, DC, 1B, 78, A8, DF, A7, EC, E3, E2, 0B, A7, 24, 07, B9, AB, D2, B2, 3B, 0D...
 
[+]

Packer / compiler:
PECompact v2

Code size:
208 KB (212,992 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://lp.download-free-videos.com/.../setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.