» f_0000aa
Overview
Analysis
File Details

f_0000aa

Softforce llc

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The file f_0000aa by Softforce llc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Softpulse SoftwareBundler installer.

File name:

f_0000aa

Publisher:

Softforce llc (signed and verified)

MD5:

eaa3d2a1866216cbe6e033f17b3138e5

SHA-1:

0246a150d107320079268fbce72b3642df77c3d0

SHA-256:

195b88e26b5554421597695e352a55bd0d6c38a578cc14ebe1ed5810b04c345c

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/23/2024 1:53:44 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Softpulse (M)

17.3.14.22

File size:

660.5 KB (676,336 bytes)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\appdata\local\coccoc\browser\user data\default\cache\f_0000aa

Digital Signature

Signed by:

Softforce llc

Authority:

thawte, Inc.

Valid from:

12/9/2015 7:00:00 AM

Valid to:

1/8/2017 6:59:59 AM

Subject:

CN=Softforce llc, O=Softforce llc, L=Wilmington, S=Delaware, C=US

Issuer:

CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:

021C492895C2A9321EACF11881EF9459

File PE Metadata

Compilation timestamp:

4/12/2016 5:44:25 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x1000

Entry point:

B8, 30, CC, 5A, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 8A, 08, 40, 84, C9, 75, F9, 2B, C2, FF, 75, 14, B9, 00, C7, 21, 10, 0C, 08, E8, DA, 0B, D7, CB, 1D, BA, 6D, 21, 83, C4, 10, D9, 5B, 20, 16, 00, 40, 56, 57, 8B, F9, 8B, 37, 85, F6, 74, 3C, 83, 3E, FD, 74, 37, 00, CD, C2, 37, 01, 74, 13, 8B, 06, 3B, C7, 74, 70, 04, C0, 02, 11, 8B, 75, F2, 17, 68, BD, 00, B0, 1E, C4, 02, 68, 38, 0B, 51, 04, 00, 00, FF, A2, 75, 9B, 0C, 8B... 
[+]

Entropy:

7.8794

Packer / compiler:

PECompact v2

Code size:

1.1 MB (1,106,944 bytes)

Remove f_0000aa - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.