mixvideoplayersetup.exe

Softpulse SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mixvideoplayersetup.exe by Softpulse SL has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from staticrr.mixvideoplayer.com.
Publisher:
Softpulse SL  (signed and verified)

MD5:
89141b275caa516023f3ee932a1d1ebd

SHA-1:
b749d540ae8ddb746e8424f6f3f20f9a51f84409

SHA-256:
f0e1270fe895779ebdeec5c4ca2fcb4bb8ff469453db3493e3943187757fb8ee

Scanner detections:
27 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
12/25/2024 3:19:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2494118
597

Agnitum Outpost
Trojan.Agent
7.1.1

AhnLab V3 Security
Win-PUP/SoftPulse
2015.06.18

Arcabit
Trojan.Strictor.D15BC2
1.0.0.425

avast!
Win32:Dropper-gen [Drp]
2014.9-150617

AVG
Packed2_c
2016.0.3075

Baidu Antivirus
PUA.MSIL.NewPlayer
4.0.3.15617

Bitdefender
Trojan.GenericKD.2494118
1.0.20.840

Dr.Web
Trojan.DownLoader12.43354
9.0.1.0168

Emsisoft Anti-Malware
Trojan.GenericKD.2494118
8.15.06.17.05

ESET NOD32
MSIL/NewPlayer.A potentially unwanted (variant)
9.11799

Fortinet FortiGate
Adware/Grp
6/17/2015

F-Secure
Trojan.GenericKD.2494118
11.2015-17-06_4

G Data
Trojan.GenericKD.2494118
15.6.25

IKARUS anti.virus
PUA.MSIL.Newplayer
t3scan.1.9.5.0

K7 AntiVirus
Adware
13.205.16270

Malwarebytes
PUP.Optional.MixVideoPlayer.A
v2015.06.17.05

McAfee
Artemis!37959B2CB7B8
5600.6731

MicroWorld eScan
Trojan.GenericKD.2494118
16.0.0.504

NANO AntiVirus
Trojan.Win32.Confuser.dsqmyh
0.30.24.2086

nProtect
Trojan.GenericKD.2494118
15.06.17.01

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.Softpulse.Bundler
15.6.17.17

Trend Micro House Call
Suspici.33CA0397
7.2.168

Trend Micro
TROJ_GE.0CA98D50
10.465.17

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
41206

File size:
3.5 MB (3,690,288 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mixvideoplayersetup.exe

Digital Signature
Signed by:

Authority:
Symantec Corporation

Valid from:
6/8/2015 1:00:00 AM

Valid to:
6/8/2016 12:59:59 AM

Subject:
CN=Softpulse SL, O=Softpulse SL, L=Guia de Isora, S=Tenerife, C=ES

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
751CA4EC274652129846FC39FB5C2930

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:8R/4Odd0ZTY5J3tGERMfQGEiSvKQWWZwoRyGnCIRnmk+Mex+EFTsQD0ESfO2ZXQR:8R/4OddI85J9GEifz549/T1o+dQCiaG

Entry address:
0x325E

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, EC, 42, 00, E8, 09, 2C, 00, 00, A3, A4, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, C0, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, E3, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8328

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mixvideoplayersetup.exe has been seen being distributed by the following URL.

Remove mixvideoplayersetup.exe - Powered by Reason Core Security