home

setup.exe

Softpulse SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Softpulse SL has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from dlp.downloadyourplayer.com and multiple other hosts.
Publisher:
Softpulse SL  (signed and verified)

MD5:
d78d5a179d4f872297741768e37ad1c8

SHA-1:
ecf0fe9216ed70fb489579eebb95b95ca2b8490f

SHA-256:
186a7277c4ee270137ac82e967a55d2c7b7814c265a36bca2c6286b5f86ef358

Scanner detections:
31 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/25/2024 1:24:01 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Win32.ProcessHijack.urX@a4STEeIi
859

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.BundleInstaller
2014.08.03

Avira AntiVirus
APPL/Downloader.Gen8
7.11.165.16

avast!
Win32:SoftPulse-C [PUP]
2014.9-140928

AVG
Generic
2015.0.3337

Bitdefender
Gen:Win32.ProcessHijack.urX@a4STEeIi
1.0.20.1355

Clam AntiVirus
Win.Trojan.Agent-748009
0.98/19452

Dr.Web
Trojan.Packed.27985
9.0.1.05190

Emsisoft Anti-Malware
Gen:Win32.ProcessHijack.urX@a4STEeIi
8.14.09.28.05

ESET NOD32
Win32/SoftPulse.E potentially unwanted application
8.7.0.302.0

F-Prot
W32/A-b3d654c0
v6.4.7.1.166

F-Secure
Gen:Win32.ProcessHijack.urX@a4STEeIi
11.2014-28-09_1

G Data
Gen:Win32.ProcessHijack.urX@a4STEeIi
14.9.24

herdProtect (fuzzy)
variant of setup(4).exe (Adware)
2014.12.10.3

IKARUS anti.virus
PUA.DigiPlug
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.180.12484

Kaspersky
Trojan.Win32.Inject
14.0.0.3181

Malwarebytes
PUP.Optional.Downloader
v2014.09.28.05

McAfee
CryptDomaIQ
5600.6993

Microsoft Security Essentials
Threat.Undefined
1.185.1297.0

MicroWorld eScan
Gen:Win32.ProcessHijack.urX@a4STEeIi
15.0.0.813

NANO AntiVirus
Trojan.Win32.Inject.dbmyct
0.28.2.61148

Norman
SoftPulse.CERT
11.20140928

nProtect
Trojan/W32.Inject.1390912
14.09.28.01

Panda Antivirus
Trj/Genetic.gen
14.09.28.05

Reason Heuristics
PUP.Installer.SoftpulseSL.F
14.9.28.17

Sophos
SoftPulse
4.98

Vba32 AntiVirus
Downloader.Agent
3.12.26.3

VIPRE Antivirus
Threat.4783235
29708

Zillya! Antivirus
Downloader.Agent.Win32.195369
2.0.0.1856

File size:
1.3 MB (1,390,912 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Signed by:
Softpulse SL

Authority:
GlobalSign nv-sa

Valid from:
2/11/2014 4:48:56 PM

Valid to:
2/12/2015 4:48:56 PM

Subject:
CN=Softpulse SL, O=Softpulse SL, L=Guia de Isora, S=Tenerife, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11210602DAEE0BE4AA7D855EE48D3D77A3CC

File PE Metadata
Compilation timestamp:
6/20/2014 5:52:32 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:0t2/JJJJJJJJJJJJJ7JJJJJOnOnOnOn3xwwncncnJEGBAFPJ8SJmU/2FYYak+F0G:mYFFYYQ0gPY43/fT

Entry address:
0x22DC

Entry point:
E8, AE, 40, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, 08, 8F, 42, 00, 83, 3C, F5, 3C, 80, 42, 00, 01, 75, 1E, 8D, 04, F5, 38, 80, 42, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, E8, 21, 41, 00, 00, 59, 59, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D2, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 38, 80, 42, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, 9C, A0, 41, 00, 56, BE, 38, 80, 42, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 3E, 41, 00, 00, 83, 26, 00, 59, 83, C6...
 
[+]

Entropy:
7.4722

Code size:
97 KB (99,328 bytes)

The file setup.exe has been seen being distributed by the following 4 URLs.

http://dlp.downloadyourplayer.com/p/151/Setup/476/.../Yg7XhLBi

http://ttb.downloadyourplayer.com/download/request/.../C3sLkMV9?ce_cid=&pub_id=176681&ce_cid=20qE8738js6aeay21zLf1D1vGIh.000.

http://network.adsmarket.com/.../iWhvm2acqZWLaW-bX8p6w4iQap5knn-XimKYnmWjfpW3YmmYYKF7w49ncZ1nnA?dp=ply_C12466056&dp2=P12051356&dp3=B12471059&dp4=cajbe4l3q3uQCwq19v393MEHZ8cqDMhRhY-wHgMu0_Z30nn1PsFY1UB85vm74DOlDxtNBNcmCT11vWeQq3vJgNvmUzpRV_m5gwMpobe5ue1QES2Uw96Gdk6A7bJtRFvObWnXNsh6zn4Mh6SeR6INyG6_UpMy4yMVvq6faeWFvzxFmgVbA2SrwKhAdEqXD2zCJYzG5EzSQFX38lueNj9IB2htPo09SnE9ytlwJADbafGo6K1L_Jjqtqeef5Kg19zEC55Q7X7MArIVc4nDXUXZJkxHHD4ee8C2xqx5uXkRdEgKktZZqVASEuiEieb6stbKz7K2J3IFxCwLogWoFtKQC0ZIoZzQPQh5AcXJGyQRoABMpvVcqY7grHmTAuU

http://s.m2pub.com/event/click/0/cajbe4l3q3uQCwq19v393MEHZ8cqDMhRhY-wHgMu0_Z30nn1PsFY1UB85vm74DOlDxtNBNcmCT11vWeQq3vJgNvmUzpRV_m5gwMpobe5ue1QES2Uw96Gdk6A7bJtRFvObWnXNsh6zn4Mh6SeR6INyG6_UpMy4yMVvq6faeWFvzxFmgVbA2SrwKhAdEqXD2zCJYzG5EzSQFX38lueNj9IB2htPo09SnE9ytlwJADbafGo6K1L_Jjqtqeef5Kg19zEC55Q7X7MArIVc4nDXUXZJkxHHD4ee8C2xqx5uXkRdEgKktZZqVASEuiEieb6stbKz7K2J3IFxCwLogWoFtKQC0ZIoZzQPQh5AcXJGyQRoABMpvVcqY7grHmTAuU/.../

Remove setup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.