MixVideoPlayer.exe

MixVideoPlayer

Softforce LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application MixVideoPlayer.exe by Softforce has been detected as adware by 8 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This file is typically installed with the program MixVideoPlayer by SoftForce LLC.
Publisher:
Softforce LLC  (signed and verified)

Product:
MixVideoPlayer

Version:
1.0.0.25

MD5:
534d670be6b030e29f94da3f6390ab52

SHA-1:
1abdb9d19a2876ac78ecd4da66d36954a6d4e6a7

SHA-256:
3d58bef81f67511315db81f74a01d5336c214895bb306ab55f7967e325fe8eb9

Scanner detections:
8 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 4:33:30 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3024

Baidu Antivirus
PUA.Win32.SoftPulse
4.0.3.1588

Bkav FE
W32.HfsAdware
1.3.0.7062

Dr.Web
Trojan.Domaiq.325
9.0.1.0220

ESET NOD32
MSIL/NewPlayer.A potentially unwanted (variant)
9.12060

K7 AntiVirus
Adware
13.207.16825

Panda Antivirus
PUP/Multitoolbar
15.08.08.06

Reason Heuristics
PUP.Softpulse.Softforce.Bundler (M)
15.8.8.6

File size:
2.6 MB (2,719,912 bytes)

Product version:
1.0.0.25

Copyright:
Copyright © 2014

Original file name:
MixVideoPlayer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Language Neutral

Common path:
C:\Program Files\mixvideoplayer\mixvideoplayer.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/18/2014 5:30:00 AM

Valid to:
12/19/2015 5:29:59 AM

Subject:
CN=Softforce LLC, O=Softforce LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
39EFBC248CD996B345705A5A0ED70147

File PE Metadata
Compilation timestamp:
8/7/2015 3:47:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:RCa/p+NqRmR/4O03Mm4LnLnQe5w/tSnLHzkK3FPI8MAjRmR/4O8:RCtNqRmR/4O01anQP8YKmbyRmR/4O8

Entry address:
0x23D63E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.6109

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.2 MB (2,340,864 bytes)

The file MixVideoPlayer.exe has been discovered within the following programs.

MixVideoPlayer  by SoftForce LLC
About 2% of users remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-54-213-145-21.us-west-2.compute.amazonaws.com  (54.213.145.21:80)

TCP (HTTP):
Connects to ec2-54-187-119-69.us-west-2.compute.amazonaws.com  (54.187.119.69:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to ec2-52-26-110-152.us-west-2.compute.amazonaws.com  (52.26.110.152:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):
Connects to server-54-230-163-231.jax1.r.cloudfront.net  (54.230.163.231:80)

TCP (HTTP):
Connects to server-52-85-63-143.lhr50.r.cloudfront.net  (52.85.63.143:80)

TCP (HTTP):
Connects to server-52-85-133-175.iad53.r.cloudfront.net  (52.85.133.175:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

Remove MixVideoPlayer.exe - Powered by Reason Core Security