league of legends.exe

Volvan Premium SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application league of legends.exe by Volvan Premium SL has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from ttb.friprogramvare.com.
Publisher:
Volvan Premium SL  (signed and verified)

MD5:
a1ac8a7ddee33fb1418d6fdb156dc904

SHA-1:
a2461769aff4c3467f71e7b46378ea0c1e4686ee

SHA-256:
65648762de72af130a6ae899d536e128bf4cf1918908f136f7ae1cc87908523a

Scanner detections:
13 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/25/2024 2:39:14 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Mikey.2334
515

avast!
Win32:SoftPulse-CU [PUP]
2014.9-150907

AVG
Adware BundleApp
2016.0.2993

Clam AntiVirus
Win.Trojan.Softpulse-128
0.98/20157

Dr.Web
Trojan.Domaiq.114
9.0.1.0250

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.2334
8.15.09.07.12

ESET NOD32
Win32/SoftPulse.W potentially unwanted application
9.7.0.302.0

F-Secure
Gen:Variant.Adware.Mikey
11.2015-07-09_2

herdProtect (fuzzy)
2015.9.7.12

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
14.0.0.1462

McAfee
Program.SoftPulse
5600.6649

Reason Heuristics
PUP.Softpulse.VolvanPremium.Bundler (M)
15.8.2.17

VIPRE Antivirus
Threat.5064683
36666

File size:
873.1 KB (894,056 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\league of legends.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/20/2014 2:00:00 AM

Valid to:
8/21/2015 1:59:59 AM

Subject:
CN=Volvan Premium SL, O=Volvan Premium SL, L=Barcelona, S=Barcelona, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
248F413947247E20924C496ECEB61F8A

File PE Metadata
Compilation timestamp:
1/24/2015 5:53:20 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:333f6iBcSgv6QpC6pvQcHeIFTpQuUmAHoEl:3f6YcS01vQgVdcFl

Entry address:
0x9E76

Entry point:
E8, 9D, 52, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 6F, 05, 00, 00, 3B, 0D, A0, 41, 42, 00, 75, 02, F3, C3, E9, 14, 53, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 3E, 54, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, FD, 04, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 4C, 2B, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 4B, 3C, 00, 00, 83...
 
[+]

Code size:
107 KB (109,568 bytes)

The file league of legends.exe has been seen being distributed by the following URL.

Remove league of legends.exe - Powered by Reason Core Security