home

setup.exe

Softpulse SLU

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Softpulse SLU has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from www.lpmxp1001.com.
Publisher:
Softpulse SLU  (signed and verified)

MD5:
59408abc768c52468582831a531a56a4

SHA-1:
5e6e36d0e9831188346b8455d58c282feae42bc8

SHA-256:
13f4ab67c62b0db1a4417baa5546c7867c5ee6a6724117b5050bc47605604025

Scanner detections:
27 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 10:42:16 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.DomaIQ.15
904

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.08.15

Avira AntiVirus
APPL/Downloader.Gen8
7.11.167.76

avast!
Win32:SoftPulse-A [PUP]
140813-1

AVG
Generic
2015.0.3383

Bitdefender
Gen:Variant.Application.Bundler.DomaIQ.15
1.0.20.1130

Clam AntiVirus
Win.Trojan.Inject-10285
0.98/19280

Dr.Web
Adware.Downware.5055
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler.DomaIQ.15
9.0.0.4157

ESET NOD32
Win32/SoftPulse.D potentially unwanted application
8.7.0.302.0

F-Prot
W32/A-902f6035
v6.4.7.1.166

F-Secure
Gen:Variant.Application.Bundler
11.2014-14-08_5

G Data
Gen:Variant.Application.Bundler.DomaIQ.15
14.8.24

herdProtect (fuzzy)
variant of player.exe (Adware)
2014.10.29.20

IKARUS anti.virus
Trojan.Inject
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13054

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.3407

McAfee
Program.CryptDomaIQ
16.8.708.2

MicroWorld eScan
Gen:Variant.Application.Bundler.DomaIQ.15
15.0.0.678

NANO AntiVirus
Trojan.Win32.Inject.dbobdv
0.28.2.61519

Norman
Malware
11.20140814

Panda Antivirus
Trj/Genetic.gen
14.08.14.01

Reason Heuristics
PUP.Installer.SoftpulseSLU.F
14.8.14.10

Sophos
Adware.SoftPulse
5.04

Vba32 AntiVirus
Trojan.Inject
3.12.26.3

VIPRE Antivirus
Threat.4783235
29708

File size:
1.2 MB (1,245,696 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Softpulse SLU

Authority:
COMODO CA Limited

Valid from:
3/9/2014 9:00:00 PM

Valid to:
3/10/2015 8:59:59 PM

Subject:
CN=Softpulse SLU, O=Softpulse SLU, STREET="El Pozo, 17B", L=Guia de Isora, S=Santa Cruz de Tenerife, PostalCode=38680, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F5AD21F5B60D3815776CE20025D5B9B8

File PE Metadata
Compilation timestamp:
6/13/2014 12:15:51 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:NhRyk5BKO3gux5cGnWYu2qR3Jai7r9rfPn9vYjzNJJJJJJJJJJJJJ7JJJJJOnOnC:Nh4qvQImGWYu2w7Nmne

Entry address:
0x3B5D

Entry point:
E8, 7F, 38, 00, 00, E9, 39, FE, FF, FF, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 5C, BA, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, 5F, 00, 00, 00, C7, 06, 5C, BA, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1, E8, A0, 00, 00, 00, C7, 06, 44, BA, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 44, 00, 00, 00, C7, 06, 44, BA, 41, 00, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 56, FF, 75, 08, 8B, F1...
 
[+]

Code size:
100 KB (102,400 bytes)

The file setup.exe has been seen being distributed by the following URL.

http://www.lpmxp1001.com/.../Setup.exe

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.