home

Setup.exe

PLUGIN UPDATE S.L

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file Setup.exe by PLUGIN UPDATE S.L has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. According to AVG, this software downloads additional adware offers during setup. This downloadble file is typically blocked through Google's Safe Browsing technology in Chrome web browser.
Publisher:
PLUGIN UPDATE S.L  (signed and verified)

MD5:
514727ebe3f4464e15d2bcaf59418835

SHA-1:
a010a260f424f8fa82e8b94aa08defe7568c8a2c

SHA-256:
2068f6536be8c02e65b9aee2d28087c2026c7b2bc03a4467da93d0b52b50c27c

Scanner detections:
26 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/14/2024 3:15:53 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Graftor.182456
658

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.04.18

Avira AntiVirus
PUA/Softpulse.Gen4
3.6.1.96

AVG
Potentially harmful program Downloader
2016.0.3136

Bitdefender
Gen:Variant.Application.Graftor.182456
1.0.20.535

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Agent-862237
0.98/20338

Dr.Web
Trojan.Domaiq.175
9.0.1.0107

Emsisoft Anti-Malware
Gen:Variant.Application.Graftor.182456
8.15.04.17.06

ESET NOD32
Win32/SoftPulse.AA potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/DriverUpd
4/17/2015

F-Prot
W32/S-b76923a4
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Graftor
11.2015-17-04_6

G Data
Gen:Variant.Application.Graftor.182456
15.4.25

herdProtect (fuzzy)
variant of setup.exe (Adware)
2015.7.19.8

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.202.15633

Kaspersky
not-a-virus:Downloader.Win32.DriverUpd
14.0.0.2176

MicroWorld eScan
Gen:Variant.Application.Graftor.182456
16.0.0.321

NANO AntiVirus
Trojan.Win32.DriverUpd.dqcfvx
0.30.16.1110

Panda Antivirus
Trj/Genetic.gen
15.04.17.06

Reason Heuristics
Threat.Softpulse.Bundler
15.4.17.14

Sophos
PUA 'SoftPulse' (of type Adware)
5.14

VIPRE Antivirus
Threat.4150696
39486

Zillya! Antivirus
Downloader.DriverUpd.Win32.224
2.0.0.2142

File size:
543 KB (556,016 bytes)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
PLUGIN UPDATE S.L

Authority:
Starfield Technologies, Inc.

Valid from:
7/22/2014 10:14:26 AM

Valid to:
7/22/2015 10:14:26 AM

Subject:
CN=PLUGIN UPDATE S.L, O=PLUGIN UPDATE S.L, L=GUIA DE ISORA, C=ES

Issuer:
CN=Starfield Secure Certificate Authority - G2, OU=http://certs.starfieldtech.com/repository/, O="Starfield Technologies, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
079EA58C1A6ED1

File PE Metadata
Compilation timestamp:
4/1/2015 4:34:28 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:QLuIc4IslQfZ+Py0w42yytoRFaO+TBPIWUpk75:QLuKIuQfZ+PyZ4HTPaO+BIWU

Entry address:
0x1000

Entry point:
B8, C0, AD, 5A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, DA, FA, 69, C4, 2B, 0C, FD, 10, 21, B8, BE, BF, 26, D2, 10, 48, 75, 90, 9E, D5, E7, CE, 58, 7C, C1, 79, 6D, E9, 07, 0C, 44, EF, B3, 0A, C9, 36, 3B, 50, E9, B6, 06, 16, BF, 1C, 5B, 3A, 52, 49, D5, A6, F8, 41, D5, 4D, 5D, B2, 8E, CC, ED, 84, FB, F4, 22, F5, 0C, F2, B2, 8A, F9, 74, 4D, 82, CE, A5, 90, 4B, 23, AC, 29, 37, 56, 45, C3, BA, 0F, C2, 58, EB, 40, 29, F1, 71, E9...
 
[+]

Entropy:
7.9321

Packer / compiler:
PECompact v2

Code size:
1010.5 KB (1,034,752 bytes)

Remove Setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.