home

incredimail.exe

Smart Secure Software S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application incredimail.exe by Smart Secure Software S.l has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxp5014.com.
Publisher:
Smart Secure Software S.l.  (signed and verified)

MD5:
95f2359290907022ab3b6da362002c0e

SHA-1:
99e06cd99ae461d492ad9dc7d956fd94b6477f07

SHA-256:
dba27761d2cbab394dd40015e4d6058de268529934abb3bb296f01d33b6b4788

Scanner detections:
32 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
2/27/2025 3:15:07 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Zusy.107390
868

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.11.02

Avira AntiVirus
Adware/Softpulse.107390
7.11.182.186

avast!
Win32:SoftPulse-AH [PUP]
2014.9-140920

AVG
Generic
2015.0.3273

Bitdefender
Gen:Variant.Adware.Zusy.107390
1.0.20.1315

Clam AntiVirus
Win.Adware.Agent-11309
0.98/21411

Comodo Security
Application.Win32.DomaIQ.FSX
19960

Dr.Web
Trojan.MulDrop5.40191
9.0.1.0336

Emsisoft Anti-Malware
Gen:Variant.Adware.Zusy.107390
8.14.09.20.10

ESET NOD32
Win32/SoftPulse (variant)
8.10655

Fortinet FortiGate
W32/Buzus.SBAD!tr
12/2/2014

F-Prot
W32/A-3f18f33f
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Zusy.107390
11.2014-20-09_7

G Data
Gen:Variant.Adware.Zusy.107390
14.9.24

herdProtect (fuzzy)
variant of player setup.exe (Adware)
2014.12.2.8

K7 AntiVirus
Unwanted-Program
13.185.13866

Kaspersky
Trojan.Win32.Buzus
14.0.0.2859

Malwarebytes
PUP.Optional.DomaIQ
v2014.09.20.10

McAfee
SoftPulse
5600.7002

MicroWorld eScan
Gen:Variant.Adware.Zusy.107390
15.0.0.789

NANO AntiVirus
Riskware.Win32.SoftPulse.dfhrtw
0.28.6.62995

Norman
SoftPulse.H
11.20141202

nProtect
Trojan/W32.Buzus.1382400.C
14.10.31.01

Panda Antivirus
Trj/Genetic.gen
14.09.20.10

Quick Heal
Trojan.Buzus.A4
12.14.14.00

Reason Heuristics
PUP.SmartSecureSoftwareSl.L
14.9.20.10

Sophos
SoftPulse
4.98

Vba32 AntiVirus
Trojan.Buzus
3.12.26.3

VIPRE Antivirus
Threat.4150696
34232

Zillya! Antivirus
Adware.Agent.Win32.12999
2.0.0.1973

File size:
1.3 MB (1,382,256 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\incredimail.exe

Digital Signature
Signed by:
Smart Secure Software S.l.

Authority:
COMODO CA Limited

Valid from:
6/16/2014 5:00:00 PM

Valid to:
6/17/2015 4:59:59 PM

Subject:
CN=Smart Secure Software S.l., O=Smart Secure Software S.l., STREET=Calle el Pozo 17B, L=Guia de isora, S=Santa Cruz de Tenerife, PostalCode=38680, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00D60847E39B584310D58407A5090B843C

File PE Metadata
Compilation timestamp:
9/19/2014 12:40:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:YOiZzDXGLFP53UG7bL1HohIE6BvRx0GOb/4+a0q3bhAqtxe9Z:xi1DWLFP53UGe76x0ZUphdt6

Entry address:
0x6BFA

Entry point:
E8, FF, 3C, 00, 00, E9, 7F, FE, FF, FF, E9, 0F, 00, 00, 00, 3B, 0D, 90, 90, 46, 00, 75, 02, F3, C3, E9, FA, 43, 00, 00, 55, 8B, EC, 83, 7D, 08, 00, 74, 2D, FF, 75, 08, 6A, 00, FF, 35, 10, A9, 46, 00, FF, 15, 68, 50, 41, 00, 85, C0, 75, 18, 56, E8, 03, 45, 00, 00, 8B, F0, FF, 15, B8, 50, 41, 00, 50, E8, 08, 45, 00, 00, 59, 89, 06, 5E, 5D, C3, 8B, 44, 24, 0C, 53, 85, C0, 74, 52, 8B, 54, 24, 08, 33, DB, 8A, 5C, 24, 0C, F7, C2, 03, 00, 00, 00, 74, 16, 8A, 0A, 83, C2, 01, 32, CB, 74, 72, 83, E8, 01, 74, 32, F7...
 
[+]

Entropy:
7.6589

Code size:
78 KB (79,872 bytes)

The file incredimail.exe has been seen being distributed by the following URL.

http://kyle.mxp5014.com/oKZX8YxPctq_K34QofGoDxtBWdwr1ZTG7zN28lbTijPr-KUViI1e8q1-KI0_PJSbxzbD2MvHW8ZYiG5Wlohy1kRri8tNq0O8VICecg2gLDtMybai2P1ewfne0RsHJUgz

Remove incredimail.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.