fastplayerpro.exe

Wizard

Plugin Update S.L.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application fastplayerpro.exe by Plugin Update S.L has been detected as adware by 34 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from z3lihnta6.o7di8uy4.com.
Publisher:
Plugin Update S.L.  (signed and verified)

Product:
Wizard

Version:
1. 9. 8. 7

MD5:
9e0844f8e1ec1258491e88a6cecb6366

SHA-1:
ac403cc67724c985e40b9368fa1061dc3457f94c

SHA-256:
06e2ebfca72ba49d92907fdbbab1e59aba0c0beec9b73dbe766ce5c4f93f6fd0

Scanner detections:
34 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/7/2024 2:40:04 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.168670
6357688

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
Win-PUP/SoftPulse
2014.12.12

Avira AntiVirus
APPL/Softpulse.aone
7.11.194.128

avast!
Win32:SoftPulse-CU [PUP]
150102-1

AVG
Generic
2016.0.3225

Bitdefender
Gen:Variant.Graftor.166365
1.0.20.90

Clam AntiVirus
Win.Adware.Multiplug-33061
0.98/19944

Comodo Security
Application.Win32.SoftPulse.D
20338

Dr.Web
Adware.SoftPules.3, Trojan.DownLoader11.54695
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.168670
9.0.0.4799

ESET NOD32
Win32/SoftPulse.S potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Kryptik.BWOY!tr
1/18/2015

F-Prot
W32/A-3f31f6a7
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.168670
5.13.68

G Data
Win32.Application.SoftPulse
15.1.24

IKARUS anti.virus
not-a-virus:AdWare.SoftPulse
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.186.14309

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
15.0.0.543

Malwarebytes
PUP.Optional.SmartSec
v2015.01.18.04

McAfee
Program.SoftPulse
5600.6881

MicroWorld eScan
Gen:Variant.Graftor.166365
16.0.0.54

NANO AntiVirus
Trojan.Win32.DriverUpd.djrqtq
0.28.6.63850

Norman
Gen:Variant.Adware.Zusy.117871
11.20150118

nProtect
Trojan.Agent.BGRP
14.12.05.01

Panda Antivirus
Trj/Genetic.gen
15.01.18.04

Qihoo 360 Security
Malware.QVM17.Gen
1.0.0.1015

Reason Heuristics
PUP.Softpulse.PluginUpdateSL
15.1.18.16

Rising Antivirus
PE:Trojan.Win32.Buzus.fyw!1075356101
23.00.65.15116

Sophos
PUA 'SoftPulse' (of type Adware)
5.09

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
10108

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4783235
35418

Zillya! Antivirus
Adware.SoftPulse.Win32.14
2.0.0.2001

File size:
1.1 MB (1,121,664 bytes)

Product version:
1. 9. 8. 7

Copyright:
Copyright (C) 2014

Original file name:
Wizard.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\downloads\fastplayerpro.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/7/2014 7:00:00 PM

Valid to:
10/8/2015 6:59:59 PM

Subject:
CN=Plugin Update S.L., O=Plugin Update S.L., L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0E923B9CF60DA59FC3A43A87A8071FC2

File PE Metadata
Compilation timestamp:
12/16/2014 8:53:19 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:6MjtdFF1r7tQLf/9fOeEfJkgvvEEWhtkk9vrinK:ljtHf1oJA1iWyvrt

Entry address:
0x195E6

Entry point:
E8, CE, 7D, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, B8, 1C, 00, 00, 3B, 0D, 24, 32, 49, 00, 75, 02, F3, C3, E9, 45, 7E, 00, 00, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00...
 
[+]

Entropy:
7.5830

Code size:
187 KB (191,488 bytes)

The file fastplayerpro.exe has been seen being distributed by the following URL.

Remove fastplayerpro.exe - Powered by Reason Core Security