flash_player_14_plugin.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flash_player_14_plugin.exe by Plugin Update SL has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxp4099.com and multiple other hosts.
Publisher:
Plugin Update SL  (signed and verified)

MD5:
ea7a51a5c266857b1e7accf4e711e7b1

SHA-1:
40002a89ef071b3498c0e9e1acd72b624e0e6de7

SHA-256:
c8fd6e3fe4403285963bb80ee6d10568ad14656df0f5e4947dad3b5c6ef4197e

Scanner detections:
29 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/25/2024 4:01:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.63110
793

Agnitum Outpost
PUA.Agent
7.1.1

Avira AntiVirus
APPL/Softpulse.Gen8
7.11.170.158

avast!
Win32:SoftPulse-AH [PUP]
2014.9-140921

AVG
Win.Threat.High
2015.0.3344

Bitdefender
Gen:Variant.Adware.Strictor.63110
1.0.20.1685

Clam AntiVirus
Win.Trojan.Softpulse-37
0.98/21411

Comodo Security
Application.Win32.SoftPulse.GEE
19533

Dr.Web
Trojan.DownLoader11.30444
9.0.1.0264

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.63110
8.14.09.21.12

ESET NOD32
Win32/SoftPulse (variant)
8.10357

F-Prot
W32/A-fef09637
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.63110
11.2014-03-12_4

G Data
Win32.Application.Softpulse
14.12.24

herdProtect (fuzzy)
2014.12.3.20

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13247

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
14.0.0.2852

Malwarebytes
PUP.Optional.DomaIQ
v2014.12.03.04

McAfee
SoftPulse
5600.6927

MicroWorld eScan
Gen:Variant.Adware.Strictor.63110
15.0.0.1011

NANO AntiVirus
Riskware.Win32.Agent.denbkt
0.28.2.62151

Norman
Malware
11.20141203

Panda Antivirus
Trj/Genetic.gen
14.12.03.04

Reason Heuristics
PUP.PluginUpdateSL.W
14.9.21.12

Sophos
Smart Secure Software
4.98

Vba32 AntiVirus
BScope.Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4783235
32210

Zillya! Antivirus
Downloader.Agent.Win32.219725
2.0.0.1925

File size:
1.2 MB (1,265,376 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\flash_player_14_plugin.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/11/2014 9:00:00 PM

Valid to:
6/12/2015 8:59:59 PM

Subject:
CN=Plugin Update SL, O=Plugin Update SL, L=Guia De Isora, S=Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01438AF7C5B708CB0E497C84D028BF72

File PE Metadata
Compilation timestamp:
9/2/2014 12:34:11 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:tAGDeJQ0CY1T9/ZUC7NfRxFpdkffH2u5pZMcsV:CXTAUPxmffHta

Entry address:
0x720F

Entry point:
E8, A9, 29, 00, 00, E9, 7F, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A8, A1, 41, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 6A, 03, E8, 27, 29, 00, 00, 59, 83, F8, 01, 74, 15, 6A, 03, E8, 1A, 29, 00, 00, 59, 85, C0, 75, 1F, 83, 3D, F8, B2, 41, 00, 01, 75, 16, 68, FC, 00, 00, 00, E8, 31, 00, 00, 00, 68, FF, 00, 00, 00, E8, 27, 00, 00, 00, 59, 59, C3, 55, 8B, EC, 8B, 4D, 08, 33...
 
[+]

Code size:
66 KB (67,584 bytes)

The file flash_player_14_plugin.exe has been seen being distributed by the following 2 URLs.

Remove flash_player_14_plugin.exe - Powered by Reason Core Security