mixvideoplayersetup.exe

Softforce LLC

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application mixvideoplayersetup.exe by Softforce has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from staticrr.mixvideoplayer.com.
Publisher:
Softforce LLC  (signed and verified)

MD5:
e3c3d225d1e1855346064abb983a7664

SHA-1:
d12a00dda21223db2a11c9593689bcd0bde8bbc2

SHA-256:
9bb822293581ba680e56e22fca6ac6ec76d3bb8f17201e270244d7362f655129

Scanner detections:
14 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/25/2024 4:20:03 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

avast!
MSIL:Adware-N [Adw]
2014.9-150709

Baidu Antivirus
PUA.MSIL.NewPlayer
4.0.3.1579

Dr.Web
Trojan.Domaiq.325
9.0.1.0190

ESET NOD32
MSIL/NewPlayer.A potentially unwanted (variant)
9.11914

K7 AntiVirus
Adware
13.205.16511

Malwarebytes
PUP.Optional.MixVideoPlayer.A
v2015.07.09.12

McAfee
Artemis!7FB1E4D23B20
5600.6709

NANO AntiVirus
Riskware.Nsis.Adware.dqabed
0.30.24.2487

Panda Antivirus
PUP/Multitoolbar
15.07.09.12

Reason Heuristics
PUP.Softpulse.Softforce.Bundler (M)
15.7.9.12

Trend Micro
TROJ_GE.AC6A92DA
10.465.09

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
41850

File size:
3.6 MB (3,733,208 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler (using Nullsoft Install System)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\mixvideoplayersetup.exe

Digital Signature
Signed by:

Authority:
thawte, Inc.

Valid from:
12/18/2014 1:00:00 AM

Valid to:
12/19/2015 12:59:59 AM

Subject:
CN=Softforce LLC, O=Softforce LLC, L=Wilmington, S=Delaware, C=US

Issuer:
CN=thawte SHA256 Code Signing CA, O="thawte, Inc.", C=US

Serial number:
39EFBC248CD996B345705A5A0ED70147

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:58 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
98304:aR/4Oddg8lRSIUYUrY0snUCWlLMX2omC7eKbcn:kvU1NXlYX/YKa

Entry address:
0x325E

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, EC, 42, 00, E8, 09, 2C, 00, 00, A3, A4, EB, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, C0, 8F, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, E3, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 40, 43, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23.5 KB (24,064 bytes)

The file mixvideoplayersetup.exe has been seen being distributed by the following URL.

Remove mixvideoplayersetup.exe - Powered by Reason Core Security