» microsoft publisher.exe
Overview
Analysis
File Details

microsoft publisher.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application microsoft publisher.exe by Plugin Update SL has been detected as adware by 29 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.

File name:

Publisher:

Plugin Update SL (signed and verified)

MD5:

f82f758960ee34a7085241352f4e181e

SHA-1:

6391cb05d33296c53b2f9727e642c5fed2285771

SHA-256:

7eca5c4e36a9c4284e5d452e2ae14ea0db9f4b41094cdd3d3a53aecfda7a5648

Scanner detections:

29 / 68

Status:

Adware

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

11/6/2024 7:52:55 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.SoftPulse.E

6387165

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.SoftPulse

2015.01.22

Avira AntiVirus

APPL/Softpulse.aonc

7.11.203.222

avast!

SoftPulse-BB [PUP]

150102-1

AVG

Pluginup

2016.0.3222

Bitdefender

Application.Bundler.SoftPulse.E

1.0.20.105

Bkav FE

W32.HfsAdware

1.3.0.6379

Comodo Security

Application.Win32.SoftPulse.D

20795

Dr.Web

Adware.SoftPules.3

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.SoftPulse

9.0.0.4799

ESET NOD32

Win32/SoftPulse.S potentially unwanted application

7.0.302.0

Fortinet FortiGate

Riskware/SoftPulse

1/21/2015

F-Prot

W32/S-76752e8b

v6.4.7.1.166

F-Secure

Riskware.Application.Bundler.SoftPulse

5.13.68

G Data

Application.Bundler.SoftPulse

15.1.24

K7 AntiVirus

Trojan

13.191.14711

Malwarebytes

PUP.Optional.DomaIQ

v2015.01.21.04

McAfee

SoftPulse

5600.6878

MicroWorld eScan

Application.Bundler.SoftPulse.E

16.0.0.63

NANO AntiVirus

Trojan.Win32.SoftPulse.diongu

0.30.0.64812

Norman

Application.Bundler.SoftPulse.E

02.01.2015 13:58:24

Panda Antivirus

Trj/Genetic.gen

15.01.21.04

Quick Heal

Trojan.Inject.T4

1.15.14.00

Reason Heuristics

PUP.Softpulse

15.1.21.16

Sophos

PUA 'SoftPulse' (of type Adware)

5.09

Vba32 AntiVirus

AdWare.SoftPulse

3.12.26.3

VIPRE Antivirus

Threat.5064683

36694

Zillya! Antivirus

Downloader.DriverUpd.Win32.46

2.0.0.2042

File size:

1 MB (1,059,136 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\downloads\microsoft publisher.exe

Digital Signature

Signed by:

Plugin Update SL

Authority:

VeriSign, Inc.

Valid from:

7/22/2014 8:00:00 PM

Valid to:

7/23/2015 7:59:59 PM

Subject:

CN=Plugin Update SL, O=Plugin Update SL, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

23D0DE494A0B1445D561131B4AEDA90C

File PE Metadata

Compilation timestamp:

11/25/2014 9:53:27 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:RQqAkwwlUSvS3U2wb0aZTKzqCGw1L3v5dGjnA3KbR:RQqhqS32wIcTfQ3v5ok0R

Entry address:

0x17FB50

Entry point:

60, BE, 00, 70, 48, 00, 8D, BE, 00, A0, F7, FF, 57, EB, 0B, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, 0B, 75, 28, 8B, 1E, 83, EE, FC, 11, DB, 72, 1F, 48, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, EB, D4, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, EB, 52, 31, C9, 83, E8, 03, 72, 11, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 75, D1, F8, 89, C5, EB, 0B, 01, DB, 75, 07, 8B... 
[+]

Entropy:

7.8934

Packer / compiler:

UPX v0.89.6 - v1.02 / v1.05 -v1.24

Code size:

996 KB (1,019,904 bytes)

Remove microsoft publisher.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.