driver_updater.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application driver_updater.exe by Plugin Update SL has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from xqnzz.playnow.samplefireman.eu.
Publisher:
Plugin Update SL  (signed and verified)

MD5:
0ac0f87d287d397b644c6533a42a9cdd

SHA-1:
12eeb3a5795c0c9d1b6698fef8b90ed8d16848d7

SHA-256:
ba9173c7377697e3325e0092b9a21264e413ec480b7f285f509522a7de11cf86

Scanner detections:
30 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 12:16:55 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.102350
844

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.10.14

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:SoftPulse-AH [PUP]
141003-0

AVG
Found Win32/DH{gRJ UIEHeVRPFVGBFYEJHFOBE0GBDw}
2014.0.4037

Bitdefender
Gen:Variant.Adware.Zusy.102350
1.0.20.1430

Clam AntiVirus
Win.Trojan.Agent-760438
0.98/19514

Comodo Security
Application.Win32.SoftPulse.J
19791

Dr.Web
Trojan.DownLoader11.27075
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.61140
14.10.13

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/AntiAV.AVAS!tr
10/13/2014

F-Prot
W32/A-7d805229
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Zusy.102350
11.2014-13-10_2

G Data
Gen:Variant.Adware.Zusy.102350
14.10.24

K7 AntiVirus
Unwanted-Program
13.183.13662

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
15.0.0.494

McAfee
Socrydo
5600.6978

MicroWorld eScan
Gen:Variant.Adware.Zusy.102350
15.0.0.858

NANO AntiVirus
Riskware.Win32.Agent.ddthlw
0.28.2.62671

Norman
Malware
11.20141013

nProtect
Trojan-Clicker/W32.SoftPulse.1103040
14.10.12.01

Panda Antivirus
Trj/Genetic.gen
14.10.13.06

Quick Heal
Trojan.Buzus.A4
10.14.14.00

Reason Heuristics
PUP.PluginUpdateSL.O
14.10.13.17

Sophos
SoftPulse
4.98

Vba32 AntiVirus
AdWare.Agent
3.12.26.3

VIPRE Antivirus
Threat.4150696
33706

Zillya! Antivirus
Adware.Agent.Win32.11234
2.0.0.1953

File size:
1.1 MB (1,103,040 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\driver_updater.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/12/2014 1:00:00 AM

Valid to:
6/13/2015 12:59:59 AM

Subject:
CN=Plugin Update SL, O=Plugin Update SL, L=Guia De Isora, S=Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01438AF7C5B708CB0E497C84D028BF72

File PE Metadata
Compilation timestamp:
8/12/2014 1:37:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:lGIbpkdDnlQLnnIT/Jr6K9NebA4sztscTNGaQ:pwLlQLnIrJr6K9NebAvHG

Entry address:
0x5D80

Entry point:
E8, 5F, 20, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 10, 20, 41, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B0, 10, 41, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, 4D, F0, 33, CD, E8, 30...
 
[+]

Entropy:
7.8092  (probably packed)

Code size:
61.5 KB (62,976 bytes)

The file driver_updater.exe has been seen being distributed by the following URL.

Remove driver_updater.exe - Powered by Reason Core Security