mixvideoplayersetup.exe

Softforce LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mixvideoplayersetup.exe by Softforce has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from staticrr.mixvideoplayer.com and multiple other hosts.
Publisher:
Softforce LLC  (signed and verified)

MD5:
6861f86ea1399c09d2c55ccea62516e1

SHA-1:
ba7274b28ea0a8c98d63da6605cfd44b75dd06af

SHA-256:
97725ec139ab09764d2572c7d13b7a81a502da510e5ae4c485b679528cf0f2c6

Scanner detections:
23 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 4:22:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Bawswerps.1
569

Agnitum Outpost
Riskware.Agent
7.1.1

Arcabit
Trojan.Adware.Bawswerps.1
1.0.0.425

avast!
MSIL:Adware-N [Adw]
2014.9-150715

AVG
Generic
2016.0.3047

Baidu Antivirus
PUA.Win32.SoftPulse
4.0.3.15715

Bitdefender
Gen:Variant.Adware.Bawswerps.1
1.0.20.980

Dr.Web
Trojan.Domaiq.325
9.0.1.0196

Emsisoft Anti-Malware
Gen:Variant.Adware.Bawswerps
8.15.07.15.06

ESET NOD32
MSIL/NewPlayer.A potentially unwanted (variant)
9.11941

F-Secure
Gen:Variant.Adware.Bawswerps
11.2015-15-07_4

G Data
Gen:Variant.Adware.Bawswerps
15.7.25

K7 AntiVirus
Trojan
13.206.16562

Malwarebytes
PUP.Optional.MixVideoPlayer.A
v2015.07.15.06

Microsoft Security Essentials
Adware:MSIL/Bawswerps
1.1.11804.0

MicroWorld eScan
Gen:Variant.Adware.Bawswerps.1
16.0.0.588

NANO AntiVirus
Riskware.Nsis.Adware.dqabed
0.30.24.2487

Panda Antivirus
PUP/Multitoolbar
15.07.15.06

Reason Heuristics
PUP.Softpulse.Softforce.Bundler (M)
15.7.15.18

Trend Micro House Call
TROJ_GE.AC6A92DA
7.2.196

Trend Micro
TROJ_GE.AC6A92DA
10.465.15

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
42018

File size:
3.6 MB (3,733,272 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\local\temp\mixvideoplayersetup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/18/2014 3:00:00 AM

Valid to:
12/19/2015 2:59:59 AM

Subject:
CN=Softforce LLC, O=Softforce LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
39EFBC248CD996B345705A5A0ED70147

File PE Metadata
Compilation timestamp:
12/6/2009 1:50:58 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:hR/4OddOIpPS8onQWrZifDv39Q6AH+H2GbWomyFM1Gh:TpGdlwez+HP418

Entry address:
0x325E

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, EC, 42, 00, E8, 09, 2C, 00, 00, A3, A4, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, C0, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, E3, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8357

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mixvideoplayersetup.exe has been seen being distributed by the following 2 URLs.

Remove mixvideoplayersetup.exe - Powered by Reason Core Security