notepad.exe

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application notepad.exe by Digital Plugin SL has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent.
Publisher:
Digital Plugin SL  (signed and verified)

MD5:
0e209a635d5df75dd6ad083d2da6f533

SHA-1:
72d4717443f94f971e83cb7e5bdf611043f6e418

SHA-256:
3c5dff9fce7b6a853d04a2b08e53828fcca234b05a0e99ff9f75355bb959eedf

Scanner detections:
26 / 68

Status:
Adware

Explanation:
Bundle or install adware offers through a modified download manager or installer.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 11:09:38 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.SoftPulse.P
5743552

Agnitum Outpost
Trojan.Domaiq
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2015.06.18

Avira AntiVirus
PUA/SoftPulse.J.1
8.3.1.6

Arcabit
Application.Bundler.SoftPulse.P
1.0.0.425

AVG
Adware AdPlugin.DSL
2015.0.4355

Bitdefender
Application.Bundler.SoftPulse.P
1.0.20.840

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Agent-882516
0.98/20576

Dr.Web
Trojan.Domaiq.175
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.SoftPulse.P
10.0.0.5366

ESET NOD32
Win32/SoftPulse.AH potentially unwanted application
7.0.302.0

F-Secure
Riskware.Application.Bundler.SoftPulse
5.14.151

G Data
Application.Bundler.SoftPulse
15.6.25

K7 AntiVirus
Unwanted-Program
13.205.16276

Kaspersky
not-a-virus:HEUR:AdWare.Win32.SoftPulse
14.0.0.1872

Malwarebytes
PUP.Optional.DomalIQ.SID.A
v2015.06.17.03

MicroWorld eScan
Application.Bundler.SoftPulse.P
16.0.0.504

Norman
Application.Bundler.SoftPulse.P
02.06.2015 14:23:46

Panda Antivirus
Trj/Genetic.gen
15.06.17.03

Quick Heal
PUA.Digitalplu8.Gen
6.15.14.00

Reason Heuristics
PUP.Softpulse.Bundler
15.6.17.11

Rising Antivirus
PE:Malware.Graftor!6.257B
23.00.65.15615

Sophos
PUA 'SoftPulse' (of type Adware)
5.15

VIPRE Antivirus
Threat.4783235
40830

Zillya! Antivirus
Backdoor.PePatch.Win32.75604
2.0.0.2230

File size:
694.9 KB (711,584 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\0jne5obm\notepad.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/27/2014 7:00:00 PM

Valid to:
7/28/2015 6:59:59 PM

Subject:
CN=Digital Plugin SL, O=Digital Plugin SL, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4ED5D9A2F23912A93AD2937C038B77F4

File PE Metadata
Compilation timestamp:
6/4/2015 3:56:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:CHEXvzEFWs4iSVo3DUY/ZYVlYThADtaQPbcSTpl2oKrweMBPsup30f4vSSZm58vE:CHEXvzEFWLtW3DUY/ZthawkbB2oKrwYJ

Entry address:
0x1000

Entry point:
B8, 88, 9D, 67, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 40, 6A, 6A, 8B, 82, 48, 08, AF, 86, AD, A5, DA, 2F, D8, 35, C5, B0, EF, F2, 1A, C6, A9, C0, B1, DC, FD, 23, 0B, 19, D7, 86, D3, 7C, C4, 68, 3D, 16, 0A, 2D, F6, 4C, 79, 74, A9, 3A, 96, 12, 4F, 67, 17, 6F, C5, 77, 57, 70, B8, BE, 6E, 82, 53, 97, 46, 32, DF, ED, 9B, C5, 8B, 77, 1A, 74, 49, 45, 15, 34, 48, F1, 19, 56, 85, E1, 4E, 0E, 63, DD, 86, 66, 6E, 15, 01, 24, 97, 7B...
 
[+]

Entropy:
7.9671

Packer / compiler:
PECompact v2

Code size:
1 MB (1,095,680 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to lga25s40-in-f200.1e100.net  (216.58.219.200:443)

TCP (HTTP):
Connects to ec2-54-201-116-175.us-west-2.compute.amazonaws.com  (54.201.116.175:80)

TCP (HTTP):
Connects to ec2-52-10-139-14.us-west-2.compute.amazonaws.com  (52.10.139.14:80)

TCP (HTTP):

TCP (HTTP):
Connects to a23-52-149-163.deploy.static.akamaitechnologies.com  (23.52.149.163:80)

Remove notepad.exe - Powered by Reason Core Security