new_player.exe

Plugin Update SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application new_player.exe by Plugin Update SL has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from www.hot-jump.info.
Publisher:
Plugin Update SL  (signed and verified)

MD5:
6370ca190993f09507b6486f7b264ffd

SHA-1:
aa5ae0461bb941a29eab20ff733b7aabd2e0b0d9

SHA-256:
1bc7341f9cc4649075ae29cd1e5c43fdf235a49e3748c03dc38b53937446f38b

Scanner detections:
17 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/25/2024 6:33:45 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
APPL/Softpulse.Gen8
7.11.171.22

avast!
Win32:GenMalicious-NP [PUP]
140813-1

AVG
Found Win32/DH{gRJ UIEHeVRPFVGBFYEJHFOBE0GBDw}
2014.0.4015

Dr.Web
Trojan.DownLoader11.30734
9.0.1.05190

ESET NOD32
Win32/SoftPulse (variant)
8.10377

G Data
Win32.Application.Softpulse
14.9.24

K7 AntiVirus
Unwanted-Program
13.183.13286

Malwarebytes
PUP.Optional.DomaIQ
v2014.09.07.04

McAfee
SoftPulse
5600.7015

NANO AntiVirus
Riskware.Win32.SoftPulse.deniau
0.28.2.61942

Norman
Malware
11.20140907

Panda Antivirus
Trj/Genetic.gen
14.09.07.04

Reason Heuristics
PUP.PluginUpdateSL.K
14.9.6.11

Sophos
SoftPulse
4.98

Vba32 AntiVirus
BScope.Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4783235
32210

File size:
1.5 MB (1,526,944 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\new_player.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
6/12/2014 1:00:00 AM

Valid to:
6/13/2015 12:59:59 AM

Subject:
CN=Plugin Update SL, O=Plugin Update SL, L=Guia De Isora, S=Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01438AF7C5B708CB0E497C84D028BF72

File PE Metadata
Compilation timestamp:
9/4/2014 8:32:09 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:i5IM/V0deM5lZ2ykPYMkrQ1OrWaRyv2PBcSL+L5/+FMoQl/ugQWiBdrfO+a+a:IIBfvMkrNrf0u3qdaNLgQWiO+6

Entry address:
0x5A07

Entry point:
E8, 41, 2A, 00, 00, E9, 7F, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B...
 
[+]

Entropy:
7.6199

Code size:
60 KB (61,440 bytes)

The file new_player.exe has been seen being distributed by the following URL.

Remove new_player.exe - Powered by Reason Core Security