flash_player_14_plugin.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flash_player_14_plugin.exe by Plugin Update SL has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxp4117.com and multiple other hosts.
Publisher:
Plugin Update SL  (signed and verified)

MD5:
8d10782c9cc1c66928a6ac4b19833e5a

SHA-1:
116fbe1cbce0e524afdd08b785a3f9edc3030665

SHA-256:
2d1499a08e8ed1d368dfedf4de695be496460b7c4060142687758cac728abaab

Scanner detections:
28 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 2:02:03 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.107390
869

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.10.06

Avira AntiVirus
APPL/Softpulse.Gen8
7.11.176.180

avast!
Win32:SoftPulse-AH [PUP]
2014.9-140918

AVG
Found Win32/DH{gRJ UIEHeVRPFVGBFYEJHFOBE0GBDw}
2015.0.3348

Bitdefender
Gen:Variant.Adware.Zusy.107390
1.0.20.1305

Clam AntiVirus
Win.Adware.Agent-11252
0.98/19479

Dr.Web
Trojan.DownLoader11.33404
9.0.1.0327

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.107390
8.14.09.18.01

ESET NOD32
Win32/SoftPulse (variant)
8.10515

F-Prot
W32/A-87364241
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Zusy.107390
11.2014-18-09_5

G Data
Gen:Variant.Adware.Zusy.107390
14.9.24

herdProtect (fuzzy)
2014.11.23.16

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13584

Malwarebytes
PUP.Optional.DigiPlug
v2014.09.18.01

McAfee
SoftPulse
5600.7003

MicroWorld eScan
Gen:Variant.Adware.Zusy.107390
15.0.0.783

NANO AntiVirus
Trojan.Win32.Agent.dfguqj
0.28.2.62440

Norman
Malware
11.20140918

Panda Antivirus
Trj/Genetic.gen
14.09.18.01

Reason Heuristics
PUP.PluginUpdateSL.W
14.9.18.7

Sophos
SoftPulse
4.98

Vba32 AntiVirus
BScope.Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
33624

Zillya! Antivirus
Adware.Agent.Win32.12826
2.0.0.1944

File size:
1 MB (1,055,456 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\flash_player_14_plugin.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/12/2014 2:00:00 AM

Valid to:
6/13/2015 1:59:59 AM

Subject:
CN=Plugin Update SL, O=Plugin Update SL, L=Guia De Isora, S=Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01438AF7C5B708CB0E497C84D028BF72

File PE Metadata
Compilation timestamp:
9/17/2014 12:56:19 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:rFPX97BbdQstJ2C/iN7F+ClRV95ZAuvjZtD3b:rFPtVdRtJ7qT7lRv5ZAuvNp

Entry address:
0x674F

Entry point:
E8, 79, 29, 00, 00, E9, 7F, FE, FF, FF, 6A, 03, E8, 2D, 29, 00, 00, 59, 83, F8, 01, 74, 15, 6A, 03, E8, 20, 29, 00, 00, 59, 85, C0, 75, 1F, 83, 3D, F8, A2, 41, 00, 01, 75, 16, 68, FC, 00, 00, 00, E8, 31, 00, 00, 00, 68, FF, 00, 00, 00, E8, 27, 00, 00, 00, 59, 59, C3, 55, 8B, EC, 8B, 4D, 08, 33, C0, 3B, 0C, C5, A0, 33, 41, 00, 74, 0A, 40, 83, F8, 17, 72, F1, 33, C0, 5D, C3, 8B, 04, C5, A4, 33, 41, 00, 5D, C3, 55, 8B, EC, 81, EC, FC, 01, 00, 00, A1, A0, 91, 41, 00, 33, C5, 89, 45, FC, 56, 8B, 75, 08, 57, 56...
 
[+]

Entropy:
7.7957  (probably packed)

Code size:
63 KB (64,512 bytes)

The file flash_player_14_plugin.exe has been seen being distributed by the following 2 URLs.

Remove flash_player_14_plugin.exe - Powered by Reason Core Security