» flash_player_14_plugin.exe
Overview
Analysis
File Details
Downloads (2)

flash_player_14_plugin.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application flash_player_14_plugin.exe by Plugin Update SL has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxp4099.com and multiple other hosts.

File name:

Publisher:

Plugin Update SL (signed and verified)

MD5:

ea7a51a5c266857b1e7accf4e711e7b1

SHA-1:

40002a89ef071b3498c0e9e1acd72b624e0e6de7

SHA-256:

c8fd6e3fe4403285963bb80ee6d10568ad14656df0f5e4947dad3b5c6ef4197e

Scanner detections:

29 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/8/2024 2:49:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Strictor.63110

793

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

APPL/Softpulse.Gen8

7.11.170.158

avast!

Win32:SoftPulse-AH [PUP]

2014.9-140921

AVG

Win.Threat.High

2015.0.3344

Bitdefender

Gen:Variant.Adware.Strictor.63110

1.0.20.1685

Clam AntiVirus

Win.Trojan.Softpulse-37

0.98/21411

Comodo Security

Application.Win32.SoftPulse.GEE

19533

Dr.Web

Trojan.DownLoader11.30444

9.0.1.0264

Emsisoft Anti-Malware

Gen:Variant.Adware.Strictor.63110

8.14.09.21.12

ESET NOD32

Win32/SoftPulse (variant)

8.10357

F-Prot

W32/A-fef09637

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Strictor.63110

11.2014-03-12_4

G Data

Win32.Application.Softpulse

14.12.24

herdProtect (fuzzy)

variant of setup.exe (Adware)

2014.12.3.20

IKARUS anti.virus

PUA.SoftPulse

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.183.13247

Kaspersky

not-a-virus:AdWare.Win32.SoftPulse

14.0.0.2852

Malwarebytes

PUP.Optional.DomaIQ

v2014.12.03.04

McAfee

SoftPulse

5600.6927

MicroWorld eScan

Gen:Variant.Adware.Strictor.63110

15.0.0.1011

NANO AntiVirus

Riskware.Win32.Agent.denbkt

0.28.2.62151

Norman

Malware

11.20141203

Panda Antivirus

Trj/Genetic.gen

14.12.03.04

Reason Heuristics

PUP.PluginUpdateSL.W

14.9.21.12

Sophos

Smart Secure Software

4.98

Vba32 AntiVirus

BScope.Adware.Softpulse

3.12.26.3

VIPRE Antivirus

Threat.4783235

32210

Zillya! Antivirus

Downloader.Agent.Win32.219725

2.0.0.1925

File size:

1.2 MB (1,265,376 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\downloads\flash_player_14_plugin.exe

Digital Signature

Signed by:

Plugin Update SL

Authority:

VeriSign, Inc.

Valid from:

6/11/2014 9:00:00 PM

Valid to:

6/12/2015 8:59:59 PM

Subject:

CN=Plugin Update SL, O=Plugin Update SL, L=Guia De Isora, S=Tenerife, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

01438AF7C5B708CB0E497C84D028BF72

File PE Metadata

Compilation timestamp:

9/2/2014 12:34:11 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:tAGDeJQ0CY1T9/ZUC7NfRxFpdkffH2u5pZMcsV:CXTAUPxmffHta

Entry address:

0x720F

Entry point:

E8, A9, 29, 00, 00, E9, 7F, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A8, A1, 41, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 6A, 03, E8, 27, 29, 00, 00, 59, 83, F8, 01, 74, 15, 6A, 03, E8, 1A, 29, 00, 00, 59, 85, C0, 75, 1F, 83, 3D, F8, B2, 41, 00, 01, 75, 16, 68, FC, 00, 00, 00, E8, 31, 00, 00, 00, 68, FF, 00, 00, 00, E8, 27, 00, 00, 00, 59, 59, C3, 55, 8B, EC, 8B, 4D, 08, 33... 
[+]

Code size:

66 KB (67,584 bytes)

The file flash_player_14_plugin.exe has been seen being distributed by the following 2 URLs.

http://kyle.mxp4099.com/LRPtfpOYNnIeL_rCeTKAvPL_95w7WR3TlL-ilOluWADyjR5-TNLCuoO1zVXJdfSEMFajLpoKnydwA8zFjrySE-pb8Sh5m4yObn2ZkXUsCgS8C_LkN42wNtWGojymiGyW?sbb=qe4xkWs40P5mGua8SGuQ4bxxurBeW1KXt9Sw6T3QzhiDL9r0LYYqdB7K2WuHycLE19dxaN85syX3hslTdRXFygIUiblnH1rywwogvGrEy64N3V5AixcZFFzDWsT8MBIrWnec9xLSkAdvSDMtt5PrVI3N1a6NbmH1wqiwNWKjlNkylcbYzQWopUCbPl8GHYLbOGdIl6uxRYlKDJyJbP8SVci9LCu9DWLhkRzYKuEbjqC7k04eazTsvJZdxcyUSWgCLA33hGBWo7vJQ8XtSmSQZLaqVU0WAax3xkVEG3CCiftISBkDR2CY6cLTOWt1f9pdEOgrjtHI6rEwYGFKjHSNPA7cORGdwaxXVbmNGG7yNX4SWqQglIpT5dPkuUxpqQb1QndhSmfuxj1Olt7o39rV7cIZzK6yZyiDfwxJbGqLkAPboAmoC9eYbcAEu4UuB0XZ2VLuAcOhKhudRyfCVz5MpQwEJwXk7E71LRAVCzkTSFYfTNdngLzmupNXGyCL3GXvp2r78YCHWgYLi8sd0k0MizCmV9tuyzq6mDT687OA9dJ95fM02HZHwyCkOgASlDdRN4SgsDMBw6R9dfndAwvfQQ148RFRo4UckaHMvVyurINRmuyKhE2qnHLpb3Zk0K02IMQ3nT8xBIgjdVRWSyxKi3PauKKs75NuBj76bJDnOE5pi3DX8T3Son6cqwCNBKc0PPuVQc5JEus8RBfqvdkJgzBU68F6e0CfH5ZpOMernts9PC7DHL7DQYYwTqYpKde2lCA21uaJdbOvZnsbkK8Wi9f77s4lGBbhixzSco2zf701qV0y2gs0k83MAQjTFpUJ1tK3Q4zyDxC

http://ttb.dldnewsoft.com/download/request/.../wxX75Z7P?PubID=79_5484_4733&ClickID=6926486085

Remove flash_player_14_plugin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.