home

player.exe

taskhost

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Digital Plugin SL has been detected as adware by 39 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from ttb.v9u16jofy8.com.
Publisher:
Digital Plugin SL  (signed and verified)

Product:
taskhost

Version:
5. 4. 5. 4

MD5:
bed368ac52c32306656d6296c16093fc

SHA-1:
0fd9d9d35404ce799a1862ddf1260cf77da3626a

SHA-256:
19b9bed7d59c77a899d04aad506f1ce7b575272a0fec273a7e304e985a6b0f6b

Scanner detections:
39 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/25/2024 3:49:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.SoftPulse.P
498

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2014.12.28

Avira AntiVirus
APPL/Softpulse.aone
7.11.198.70

avast!
SoftPulse-EI [PUP]
2014.9-150924

AVG
Generic
2016.0.2976

Baidu Antivirus
PUA.Win32.SoftPulse
4.0.3.15924

Bitdefender
Gen:Variant.Adware.Symmi.49537
1.0.20.1335

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Multiplug-33061
0.98/20566

Comodo Security
Application.Win32.SoftPulse.D
20507

Dr.Web
Trojan.Domaiq.286
9.0.1.0267

Emsisoft Anti-Malware
Application.Bundler.SoftPulse.AY
8.15.09.24.02

ESET NOD32
Win32/SoftPulse.U potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
Riskware/DriverUpd
9/24/2015

F-Prot
W32/S-a12b5690
v6.4.7.1.166

F-Secure
Riskware.Application.Bundler.SoftPulse
11.2015-24-09_5

G Data
Gen:Variant.Adware.Symmi.49537
15.9.24

IKARUS anti.virus
not-a-virus:AdWare.SoftPulse
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14468

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
14.0.0.1377

Malwarebytes
PUP.Optional.Plugin
v2015.09.24.02

McAfee
Program.SoftPulse
5600.6632

MicroWorld eScan
Gen:Variant.Adware.Symmi.49537
16.0.0.801

NANO AntiVirus
Riskware.Win32.SoftPulse.dlfurr
0.30.0.64448

Norman
Application.Bundler.SoftPulse.AY
11.20150924

nProtect
Trojan/W32.Agent.720376.B
15.01.15.01

Panda Antivirus
Trj/Genetic.gen
15.09.24.02

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Quick Heal
PUA.DriveUpd.DC4
9.15.14.00

Reason Heuristics
PUP.Softpulse.DigitalPlugin.Bundler (M)
15.9.24.14

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.15922

Sophos
PUA 'SoftPulse' (of type Adware)
5.15

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9610

Trend Micro House Call
ADW_PULSOFT.SM
7.2.267

Trend Micro
ADW_PULSOFT.SM
10.465.24

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
40786

Zillya! Antivirus
Adware.Agent.Win32.29688
2.0.0.2024

File size:
588.5 KB (602,624 bytes)

Product version:
6. 5. 4. 6

Copyright:
Copyright (C) 2014

Original file name:
taskhost.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish (Spain, International Sort)

Digital Signature
Signed by:
Digital Plugin SL

Authority:
VeriSign, Inc.

Valid from:
9/23/2014 5:00:00 PM

Valid to:
7/28/2015 4:59:59 PM

Subject:
CN=Digital Plugin SL, O=Digital Plugin SL, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
457A2C44F936DD8EEF974AFC80E53578

File PE Metadata
Compilation timestamp:
12/26/2014 3:41:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:0XznQ+bCxWrUhLZvzC/igEhrNA9SNwyrYAmyhIna3PiGpYh7jk:FgIh0/iLhrekeKYAl4RNk

Entry address:
0xFEB6

Entry point:
B8, 0C, B2, 4B, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 72, 77, 61, 68, 79, 75, 68, 64, 73, 34, 00, B2, 2E, 61, 31, F3, 47, 01, D3, 96, 96, 68, 81, 0A, E1, 1F, C5, 59, 80, F6, 07, 20, 84, 5D, 0D, 8B, 6B, 83, 1C, 68, 17, 09, 24, F0, 84, 12, A9, E6, 71, D1, 69, F3, 24, 8E, 3F, 77, 46, AE, F2, BA, 26, 2F, 05, B0, 68, 18, FD, 91, 84, 4D, A8, FB, 93, 07, 27, 83, C6, D5, D6, BD, 7B, B4, DE, 0B, 83, F7, 78, 8D, 6A, 2B, 18, 2D, BB, 65, C8, 1A, 46, 85, EA, 55, 06, A3, C7, E6...
 
[+]

Entropy:
7.9619  (probably packed)

Code size:
148.5 KB (152,064 bytes)

The file player.exe has been seen being distributed by the following URL.

http://ttb.v9u16jofy8.com/download/request/.../4vEoIKcf?__tc=1419728440.6&lpsl=3183f2b6f387d85a87c231bb3c17426d&expire=1419814768&slp=www.ccprosoft.com&pub_id=P35221008&ce_cid=vRnPFVtDE4AVsv3XNv94TL5IBvjFhaKFvtaVdwPgVMgDeUo-6CsAjRv12SE1ZvhsPgG2j_0qtqsG_8P25W-svcfJT_UcJhtUAGZoUl_L6zqOAR_MfDF97-lWTs1nxyLUv_xicc8NZ5VFGUx0qHw37Cy0udd_kPW-_pxcvJCWuL5rSA5cr3j-9kU9936jaDzDQO77v_sxnz7VW2EF4zvoF-RFnMt02ktYLk6W4Vj31bn-I4LAvyO6pzM-jgZRZf6XePYj-nvIPd589iX1jOL090sC30UKfqypklMoOTcs-o_BzcfGrTYDfRYTLoWDmJ8LEGGa5bspjsWokayGwfm1WCmaKxOTlGkunxNWvrGKl47FiwsKlzqG2w3kUdIx1ngmABctXwMdER5CXozUWnK74FXNOZ3rxWcBs4N-0xYw&fileName=Player

Remove player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.