home

setup.exe

Softpulse SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Softpulse SL has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from dl.downloadaixeechahgho.com and multiple other hosts.
Publisher:
Softpulse SL  (signed and verified)

MD5:
7bb8133cc6de99e776141f2bf764dc8f

SHA-1:
3ff7945ad62e29a777fed9c90347f58ed4b75c2f

SHA-256:
d3ba46424c869ded0cbed6a6cdc483e2f59d75a62c24ed364a1a277b0900c197

Scanner detections:
20 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 10:23:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Graftor.146523
937

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.07.14

Avira AntiVirus
APPL/Downloader.Gen8
7.11.160.132

avast!
Win32:SoftPulse-N [PUP]
140617-1

AVG
Generic
2015.0.3415

Bitdefender
Gen:Variant.Graftor.146523
1.0.20.970

ESET NOD32
Win32/SoftPulse.F potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Graftor.146523
11.2014-13-07_1

G Data
Gen:Variant.Graftor.146523
14.7.24

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.180.12701

McAfee
CryptDomaIQ
5600.7071

MicroWorld eScan
Gen:Variant.Graftor.146523
15.0.0.582

Panda Antivirus
Trj/Genetic.gen
14.07.13.11

Reason Heuristics
PUP.Installer.SoftpulseSL.F
14.7.13.9

Sophos
SoftPulse
4.98

SUPERAntiSpyware
PUP.DomaIQ
10486

VIPRE Antivirus
Threat.4150696
31208

Zillya! Antivirus
Downloader.Agent.Win32.200047
2.0.0.1857

File size:
1.2 MB (1,287,496 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Softpulse SL

Authority:
GlobalSign nv-sa

Valid from:
2/11/2014 11:48:56 AM

Valid to:
2/12/2015 11:48:56 AM

Subject:
CN=Softpulse SL, O=Softpulse SL, L=Guia de Isora, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210602DAEE0BE4AA7D855EE48D3D77A3CC

File PE Metadata
Compilation timestamp:
7/4/2014 8:45:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Vzx/gOW0LXXBY1EgzHWMHtLLUz1ydC3aLjARPrzY:F5WqBkELsmzgdCQjA5w

Entry address:
0x7F7C

Entry point:
E8, B6, 6A, 00, 00, E9, 39, FE, FF, FF, E9, 7B, 14, 00, 00, FF, 35, 30, C0, 44, 00, FF, 15, EC, F0, 42, 00, C3, FF, 35, 30, C0, 44, 00, FF, 15, EC, F0, 42, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, 33, 62, 00, 00, 6A, 01, 6A, 00, E8, 9F, 71, 00, 00, 83, C4, 0C, E9, B6, 71, 00, 00, 55, 8B, EC, 56, FF, 35, 30, C0, 44, 00, FF, 15, EC, F0, 42, 00, FF, 75, 08, 8B, F0, FF, 15, E8, F0, 42, 00, A3, 30, C0, 44, 00, 8B, C6, 5E, 5D, C3, 55, 8B, EC, 83, EC, 10, EB, 0D, FF, 75, 08, E8, F3, 73, 00, 00, 59, 85, C0, 74, 0F...
 
[+]

Entropy:
7.5733

Code size:
182.5 KB (186,880 bytes)

The file setup.exe has been seen being distributed by the following 2 URLs.

http://dl.downloadaixeechahgho.com/n/3.1.11.6/.../Setup.exe

http://www.free-download-now.com/en/ccleaner/download/.../809

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.