jvlsetup.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application jvlsetup.exe by Plugin Update SL has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from kyle.mxp438.com.
Publisher:
Plugin Update SL  (signed and verified)

MD5:
d79a9399924d6adba854ecd788b883ce

SHA-1:
47ef11e30941d143747089b80b356199b867b1b6

SHA-256:
971ca9d4bb86c061d598e9f95d44e7fe0b89c5b548051b10f3a55aadd42855fe

Scanner detections:
32 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/6/2024 12:44:54 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.AY
6375733

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OptimizerPro
2015.02.19

Avira AntiVirus
TR/Dropper.A.26241
7.11.210.224

avast!
Win32:SoftPulse-EC [Adw]
150129-1

AVG
Dropper.Generic9
2016.0.3194

Bitdefender
Application.Bundler.AY
1.0.20.245

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.MultiPlug-31138
0.98/21511

Comodo Security
Application.Win32.SoftPulse.HEYS
21124

Dr.Web
Adware.SoftPules.3, Trojan.Packed.28213
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.AY
9.0.0.4799

ESET NOD32
Win32/SoftPulse.H potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Buzus.OVQC!tr
2/18/2015

F-Prot
W32/A-93d66bbd
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.AY
5.13.68

G Data
Application.Bundler.AY
15.2.25

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.196.15008

McAfee
Program.Socrydo
16.8.708.2

MicroWorld eScan
Application.Bundler.AY
16.0.0.147

NANO AntiVirus
Trojan.Win32.MLW.dcgbac
0.30.0.126

Norman
Application.Bundler.AY
02.01.2015 13:58:24

nProtect
Trojan/W32.Inject.1210488
15.02.17.01

Quick Heal
Trojan.Buzus.A4
2.15.14.00

Reason Heuristics
PUP.Installer.Softpulse
15.2.18.11

Sophos
PUA 'SoftPulse' (of type Adware)
5.10

Trend Micro House Call
ADW_PULSOFT.SM
7.2.49

Trend Micro
ADW_PULSOFT.SM
10.465.18

Vba32 AntiVirus
Trojan.Inject
3.12.26.3

VIPRE Antivirus
Threat.4150696
36694

Zillya! Antivirus
Trojan.Inject.Win32.78259
2.0.0.2072

File size:
1.2 MB (1,210,488 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\jvlsetup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/11/2014 5:00:00 PM

Valid to:
6/12/2015 4:59:59 PM

Subject:
CN=Plugin Update SL, O=Plugin Update SL, L=Guia De Isora, S=Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01438AF7C5B708CB0E497C84D028BF72

File PE Metadata
Compilation timestamp:
7/11/2014 4:50:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:SUyrumsLQIB+JSZ3FuZMGrU0IzoMn4AADw49M:LyrxyBtkZMGo0IzoM4Ayq

Entry address:
0xC4BA

Entry point:
E8, 37, 3B, 00, 00, E9, 39, FE, FF, FF, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, 4D, F0, 33, CD, E8, 92, C1, FF, FF, E9, DD, FF, FF, FF, 8B, 4D, EC, 33, CD, E8, 83, C1, FF, FF, E9, CE, FF, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 78, 62, 44, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53...
 
[+]

Entropy:
7.3783

Code size:
146 KB (149,504 bytes)

The file jvlsetup.exe has been seen being distributed by the following URL.

Remove jvlsetup.exe - Powered by Reason Core Security