google maps.exe

Smart Secure Software S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application google maps.exe by Smart Secure Software S.l has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from the user's temporary directory.
Publisher:
Smart Secure Software S.l.  (signed and verified)

MD5:
ba280e0bc573e131dbe608bb7cb006b9

SHA-1:
81bfc6a52590d11002da624657e67b46f2d8c3ad

SHA-256:
892e0c28592f5c326d01b1a399639bf80221ae2ab5bc41f2dcde414eb889a535

Scanner detections:
19 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/5/2024 2:53:55 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Graftor.182456
5621779

AhnLab V3 Security
Win-PUP/DomaIQ.Gen
2015.06.02

Avira AntiVirus
PUA/Softpulse.Gen4
8.3.1.6

AVG
SoftPulse
2016.0.3091

Bitdefender
Gen:Variant.Application.Graftor.182456
1.0.20.765

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Domaiq.175
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Graftor.182456
10.0.0.5366

ESET NOD32
Win32/SoftPulse.AG potentially unwanted application
7.0.302.0

F-Secure
Riskware.Gen:Variant.Application.Graftor
5.14.151

G Data
Gen:Variant.Application.Graftor.182456
15.6.25

K7 AntiVirus
Unwanted-Program
13.204.16103

MicroWorld eScan
Gen:Variant.Application.Graftor.182456
16.0.0.459

Norman
Gen:Variant.Application.Graftor.182456
03.12.2014 13:20:04

Quick Heal
PUA.Smartsecur2.Gen
6.15.14.00

Reason Heuristics
PUP.Softpulse.Bundler
15.6.2.4

Sophos
PUA 'SoftPulse' (of type Adware)
5.14

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.4

VIPRE Antivirus
Threat.4783235
40552

File size:
566.9 KB (580,480 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\appdata\local\temp\google maps.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
11/27/2014 10:00:00 PM

Valid to:
11/28/2015 9:59:59 PM

Subject:
CN=Smart Secure Software S.l., O=Smart Secure Software S.l., L=Adeje, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
04AFEF8DECA6D536221E5C8647DC65FF

File PE Metadata
Compilation timestamp:
6/1/2015 11:37:45 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:F9CYh4DPlf3e42zj7OP/cIilnAT6s9OoX3JqkCPlkHQF0H5xA3txBwtxlHs:GMO24jcIQnAOs9bXZHQFyzgtbwa

Entry address:
0x1000

Entry point:
B8, D4, CC, 5C, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 0A, 54, E6, 2B, 19, 27, 7C, 0A, C0, 66, 4E, 8A, 35, 05, 5F, 48, EB, D8, 87, 74, 62, 2E, 07, AB, CF, 46, 98, F9, A7, E7, 81, 57, BC, 6D, E1, D2, 86, 21, D4, 5D, 2E, 66, EB, 05, C6, D0, 83, B7, DE, 83, 1B, 00, 5E, 20, 6C, 2F, F8, F2, C7, CC, 94, 16, 19, 51, 80, A8, 99, 9D, 12, C2, 8D, A5, EE, E3, 84, EE, 5B, C8, 8B, C8, 7A, 85, 71, 93, 9F, 23, 63, 01, 7B, F5, 38, B8, C3...
 
[+]

Packer / compiler:
PECompact v2

Code size:
1.2 MB (1,242,112 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to lga15s46-in-f30.1e100.net  (173.194.123.30:443)

TCP (HTTP):
Connects to ec2-52-25-210-45.us-west-2.compute.amazonaws.com  (52.25.210.45:80)

TCP (HTTP):
Connects to ec2-52-10-139-14.us-west-2.compute.amazonaws.com  (52.10.139.14:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-13-165-163.deploy.static.akamaitechnologies.com  (23.13.165.163:80)

Remove google maps.exe - Powered by Reason Core Security