» flash_player_14_plugin.exe
Overview
Analysis
File Details
Downloads (2)

flash_player_14_plugin.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flash_player_14_plugin.exe by Plugin Update SL has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxp4013.com and multiple other hosts.

File name:

Publisher:

Plugin Update SL (signed and verified)

MD5:

c4512f72aa4afea77604bca5ebdd6d1c

SHA-1:

03bf4d846bee937e4a966d6c319f75e3c040ce3b

SHA-256:

bb10af22a71e54632f81b7d7201d9d2f6ae409e15e275ad531c143e6e23bca2b

Scanner detections:

32 / 68

Status:

Adware

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

11/14/2024 2:40:31 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Zusy.102350

6528855

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.DomaIQ

2015.02.26

Avira AntiVirus

TR/Dropper.Gen

7.11.30.172

avast!

Win32:SoftPulse-EC [Adw]

150101-1

AVG

Win32/DH{gRJ+UIEHeVRPFVGBFYEJHFOBE0GBDw}

2016.0.3187

Bitdefender

Gen:Variant.Adware.Zusy.102350

1.0.20.280

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.MultiPlug-31138

0.98/20108

Comodo Security

Application.Win32.SoftPulse.J

21210

Dr.Web

Adware.SoftPules.3, Trojan.DownLoader11.27075

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Adware.Zusy.102350

9.0.0.4799

ESET NOD32

Win32/SoftPulse.J potentially unwanted application

7.0.302.0

Fortinet FortiGate

W32/AntiAV.AVAS!tr

2/25/2015

F-Prot

W32/S-e119dc38

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Zusy.102350

5.13.68

G Data

Gen:Variant.Adware.Zusy.102350

15.2.25

K7 AntiVirus

Unwanted-Program

13.198.15085

Kaspersky

not-a-virus:AdWare.Win32.SoftPulse

15.0.0.543

McAfee

Program.SoftPulse

16.8.708.2

MicroWorld eScan

Gen:Variant.Adware.Zusy.102350

16.0.0.168

NANO AntiVirus

Riskware.Win32.Agent.ddthlw

0.30.0.296

Norman

Gen:Variant.Adware.Zusy.102350

03.12.2014 13:20:04

Panda Antivirus

Trj/Genetic.gen

15.02.25.02

Quick Heal

Trojan.Buzus.A4

2.15.14.00

Reason Heuristics

PUP.Softpulse

15.2.25.14

Sophos

PUA 'SoftPulse' (of type Adware)

5.10

Trend Micro House Call

ADW_PULSOFT.SM

7.2.56

Trend Micro

ADW_PULSOFT.SM

10.465.25

Vba32 AntiVirus

BScope.Adware.Softpulse

3.12.26.3

VIPRE Antivirus

Threat.4150696

37588

Zillya! Antivirus

Adware.Agent.Win32.11234

2.0.0.2080

File size:

1.1 MB (1,103,080 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\downloads\flash_player_14_plugin.exe

Digital Signature

Signed by:

Plugin Update SL

Authority:

VeriSign, Inc.

Valid from:

6/11/2014 9:00:00 PM

Valid to:

6/12/2015 8:59:59 PM

Subject:

CN=Plugin Update SL, O=Plugin Update SL, L=Guia De Isora, S=Tenerife, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

01438AF7C5B708CB0E497C84D028BF72

File PE Metadata

Compilation timestamp:

8/12/2014 9:37:53 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:FGIbpkdDnlQLnnIT/Jr6K9NebA4sztscTNGaT:JwLlQLnIrJr6K9NebAvHx

Entry address:

0x5D80

Entry point:

E8, 5F, 20, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 10, 20, 41, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B0, 10, 41, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, 4D, F0, 33, CD, E8, 30... 
[+]

Entropy:

7.8092 (probably packed)

Code size:

61.5 KB (62,976 bytes)

The file flash_player_14_plugin.exe has been seen being distributed by the following 2 URLs.

http://kyle.mxp4013.com/6EZ_q43xN2OyZl4b5Yz4_CaJFu6TKm_2i-HUUKxABJbawLYF4lU4LOGJ44mYTmMqAAxm0xgdIdxhqRerdlj9_jOUL6FZ73Zh2tnu5sgo-ma2mGfyTKvofvIDnpEgQWKx?sbb=CJ9yTv4QnGaLjoAx17KfGayylz1dhVH1gndosQKvrmfYbCYhA3kWrXNkL4F64BvVBLqZwPYjM91qPJIIF0IB9uisipWFsj2x6Q9lZZtgwPEtkyYPcLYiUPxiAZFOxS5tgX04kuTINzhGpXnES2671VTVaRxvFNrDzRi3UOtNPKQbFuogYmfloLCG4V4mg5H6jMSq0XBDHwraRRHMSa5rJ6gMrs3Hv7SYB3MKaNTtUJ7HlaFo4zjsjDZyP3rmjKJP8JL5hBnPnPpw6OfJbr8X7BpelYBek27irHWlpsQVWt5KecdX68W0MYpocUJkNZZwAJRe6a4IWxUEvliuCW8k4B47n6y4BIA7hriziUCEQbmH6gx2x5S8WqztgSlM6Txpf5ssgHnDgV4K0uGFOlDSZ3tmjnztGHmJvk52WhOP8daPiAS1Sp8Sr32e8lLVa5jOTXDI5mrUuR6Zqf8gGmSGf0lItshM3yqyYb51vIitWcF5D1MKv8PWZKqYsbPaiA9eNim1sPKUltucRqNE5uakuLMFvdLAEf2vCijHQ82FqEV24RnW99B4F58n3zXzqgBWwVEIeUp4ZbAdtITkcrICkJnqAwezexSUCzExmOSzSkgGiBeWXqkvMUHO4d4YFI2OMofrH2jXm5Ifk6YrL4wbC1mZyVnWFNjsslMieIFnw8QC70Bmtwfq82QZDyMzgEHwrWA6GCFyjrRubO7ZdOEmzc4esKi0ONA5Y7hNL2LfthUh4lshCGFVPeN8mcTCBzlKneYepVXrHQVrTjNoO5L0cNnZy7pt2JQumpKLZ2lDK9iAM5gwj76x8xKgc7q5CpUPWMmTy3xkzMp

http://ttb.dldnewsoft.com/download/request/.../wxX75Z7P?PubID=79_2586_2121&ClickID=6608370922

Remove flash_player_14_plugin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.