» fastplayerpro.exe
Overview
Analysis
File Details
Downloads (1)

fastplayerpro.exe

Wizard

Plugin Update S.L.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application fastplayerpro.exe by Plugin Update S.L has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from z3lihnta6.o7di8uy4.com.

File name:

fastplayerpro.exe

Publisher:

Plugin Update S.L. (signed and verified)

Product:

Wizard

Version:

1. 9. 8. 7

MD5:

9e0844f8e1ec1258491e88a6cecb6366

SHA-1:

ac403cc67724c985e40b9368fa1061dc3457f94c

SHA-256:

06e2ebfca72ba49d92907fdbbab1e59aba0c0beec9b73dbe766ce5c4f93f6fd0

Scanner detections:

34 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/25/2024 10:23:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.168670

6357688

Agnitum Outpost

PUA.Downloader

7.1.1

AhnLab V3 Security

Win-PUP/SoftPulse

2014.12.12

Avira AntiVirus

APPL/Softpulse.aone

7.11.194.128

avast!

Win32:SoftPulse-CU [PUP]

150102-1

AVG

Generic

2016.0.3225

Bitdefender

Gen:Variant.Graftor.166365

1.0.20.90

Clam AntiVirus

Win.Adware.Multiplug-33061

0.98/19944

Comodo Security

Application.Win32.SoftPulse.D

20338

Dr.Web

Adware.SoftPules.3, Trojan.DownLoader11.54695

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.168670

9.0.0.4799

ESET NOD32

Win32/SoftPulse.S potentially unwanted application

7.0.302.0

Fortinet FortiGate

W32/Kryptik.BWOY!tr

1/18/2015

F-Prot

W32/A-3f31f6a7

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.168670

5.13.68

G Data

Win32.Application.SoftPulse

15.1.24

IKARUS anti.virus

not-a-virus:AdWare.SoftPulse

t3scan.1.8.6.0

K7 AntiVirus

Unwanted-Program

13.186.14309

Kaspersky

not-a-virus:AdWare.Win32.SoftPulse

15.0.0.543

Malwarebytes

PUP.Optional.SmartSec

v2015.01.18.04

McAfee

Program.SoftPulse

5600.6881

MicroWorld eScan

Gen:Variant.Graftor.166365

16.0.0.54

NANO AntiVirus

Trojan.Win32.DriverUpd.djrqtq

0.28.6.63850

Norman

Gen:Variant.Adware.Zusy.117871

11.20150118

nProtect

Trojan.Agent.BGRP

14.12.05.01

Panda Antivirus

Trj/Genetic.gen

15.01.18.04

Qihoo 360 Security

Malware.QVM17.Gen

1.0.0.1015

Reason Heuristics

PUP.Softpulse.PluginUpdateSL

15.1.18.16

Rising Antivirus

PE:Trojan.Win32.Buzus.fyw!1075356101

23.00.65.15116

Sophos

PUA 'SoftPulse' (of type Adware)

5.09

SUPERAntiSpyware

Trojan.Agent/Gen-Nullo[Short]

10108

Vba32 AntiVirus

Signed-Adware.Softpulse

3.12.26.3

VIPRE Antivirus

Threat.4783235

35418

Zillya! Antivirus

Adware.SoftPulse.Win32.14

2.0.0.2001

File size:

1.1 MB (1,121,664 bytes)

Product version:

1. 9. 8. 7

Original file name:

Wizard.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Language:

Spanish (Spain, International Sort)

Common path:

C:\users\{user}\downloads\fastplayerpro.exe

Digital Signature

Signed by:

Plugin Update S.L.

Authority:

VeriSign, Inc.

Valid from:

10/7/2014 7:00:00 PM

Valid to:

10/8/2015 6:59:59 PM

Subject:

CN=Plugin Update S.L., O=Plugin Update S.L., L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0E923B9CF60DA59FC3A43A87A8071FC2

File PE Metadata

Compilation timestamp:

12/16/2014 8:53:19 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:6MjtdFF1r7tQLf/9fOeEfJkgvvEEWhtkk9vrinK:ljtHf1oJA1iWyvrt

Entry address:

0x195E6

Entry point:

E8, CE, 7D, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, B8, 1C, 00, 00, 3B, 0D, 24, 32, 49, 00, 75, 02, F3, C3, E9, 45, 7E, 00, 00, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00... 
[+]

Entropy:

7.5830

Code size:

187 KB (191,488 bytes)

The file fastplayerpro.exe has been seen being distributed by the following URL.

http://z3lihnta6.o7di8uy4.com/6Rr58YpVhIq8fbDrF2X61uQmbs1e9oEgCURRV3ipL7EkxgwYccd7YEGcXxdJXetemdjvrZXn4gNHc1U2lyH4XaQm8Mw1IFm31yR2rp9MubBnZ35jz5-JOn1C8p2aSOdmWsc00l-L9R-MxoB1wUDA5A

Remove fastplayerpro.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.