new_player.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application new_player.exe by Plugin Update SL has been detected as adware by 31 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxp4062.com and multiple other hosts.
Publisher:
Plugin Update SL  (signed and verified)

MD5:
4e9195f24ab946ea3b9b19a7afb599e0

SHA-1:
481b66c429e551d7e07eb68efde94251e598a740

SHA-256:
9bc35395b83bf7df5a2f90a645e4c4da95b081b7931e51a5a1e86bd2b43ddd0a

Scanner detections:
31 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/24/2024 1:50:35 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Strictor.62516
794

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.Generic
2014.12.04

Avira AntiVirus
Adware/Softpulse.djcr.8
7.11.192.58

avast!
Win32:SoftPulse-AH [PUP]
141130-1

AVG
Generic
2015.0.3272

Bitdefender
Gen:Variant.Adware.Strictor.62516
1.0.20.1685

Clam AntiVirus
Win.Adware.Agent-9474
0.98/21511

Comodo Security
Application.Win32.SoftPulse.J
20273

Dr.Web
Trojan.Packed.28579
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Adware.Strictor.62516
9.0.0.4668

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
7.0.302.0

F-Prot
W32/A-0b77e0af
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Strictor.62516
11.2014-03-12_4

G Data
Gen:Variant.Adware.Strictor.62516
14.12.24

IKARUS anti.virus
PUA.SoftPulse
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.186.14225

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
15.0.0.543

Malwarebytes
PUP.Optional.DomaIQ
v2014.12.03.11

McAfee
SoftPulse
5600.6928

MicroWorld eScan
Gen:Variant.Adware.Strictor.62516
15.0.0.1011

NANO AntiVirus
Riskware.Win32.Agent.deikti
0.28.6.63850

nProtect
Trojan-Clicker/W32.Agent.2730672
14.12.03.01

Panda Antivirus
Trj/Genetic.gen
14.12.03.11

Quick Heal
Trojan.Buzus.A4
12.14.14.00

Reason Heuristics
PUP.PluginUpdateSL.K
14.12.3.10

Sophos
SoftPulse
4.98

Total Defense
Win32/Tnega.EfKQTCB
37.0.11312

Vba32 AntiVirus
BScope.Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4783235
35224

Zillya! Antivirus
Adware.Agent.Win32.11842
2.0.0.1998

File size:
2.6 MB (2,730,672 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\new_player.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/12/2014 2:00:00 AM

Valid to:
6/13/2015 1:59:59 AM

Subject:
CN=Plugin Update SL, O=Plugin Update SL, L=Guia De Isora, S=Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01438AF7C5B708CB0E497C84D028BF72

File PE Metadata
Compilation timestamp:
8/27/2014 9:29:59 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:LqqOL6nGTTuI8AG5v+lhJNp11+H2RotvGZpRwg0VcTimloqN2IfEX0tqp:LqqVGvI8lhjpLTRoJ2RbZTimmRX0tqp

Entry address:
0x6100

Entry point:
E8, 5F, 20, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 10, 20, 41, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, B4, 10, 41, 00, C9, C2, 08, 00, 8B, 4D, F4, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 8B, 4D, F0, 33, CD, E8, 38...
 
[+]

Entropy:
7.8708  (probably packed)

Code size:
63 KB (64,512 bytes)

The file new_player.exe has been seen being distributed by the following 6 URLs.

Remove new_player.exe - Powered by Reason Core Security