player.exe

Digital Plugin S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Digital Plugin S.l has been detected as adware by 27 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from kyle.mxp2317.com and multiple other hosts.
Publisher:
Digital Plugin S.l.  (signed and verified)

MD5:
c5fa6f05621aae62ae059ed2ab5a6a7c

SHA-1:
51513a4ab30a161d3daca76a287f5138842f8038

SHA-256:
e1acbcd7b49985a942de70518baa784e3f59e3d23d10671c71ca8d066b43638e

Scanner detections:
27 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/26/2024 12:12:57 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.12.18

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:PUP-gen [PUP]
141214-1

AVG
Win32/DH{gRJ+UIEHeVRPFVGBFYEJHFOBE0GBDw}
2015.0.3257

Clam AntiVirus
Win.Adware.MultiPlug-31138
0.98/21511

Comodo Security
Application.Win32.SoftPulse.D
20398

Dr.Web
Adware.SoftPules.3, Trojan.DownLoader11.32266
9.0.1.05190

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/AntiAV.AVST!tr
12/17/2014

F-Prot
W32/A-022719ea
v6.4.7.1.166

F-Secure
Adware.SoftPulse.A
5.13.68

G Data
Win32.Application.Softpulse
14.12.24

K7 AntiVirus
Trojan
13.188.14368

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.12.17.01

McAfee
Program.SoftPulse
16.8.708.2

NANO AntiVirus
Trojan.Win32.SoftPulse.decuha
0.28.6.64267

Norman
Malware
11.20141217

nProtect
Trojan-Clicker/W32.Agent.1137896
14.12.17.01

Panda Antivirus
Trj/Genetic.gen
14.12.17.01

Quick Heal
Trojan.Buzus.A4
12.14.14.00

Reason Heuristics
PUP.DigitalPluginSl.G
14.12.17.13

Sophos
PUA 'SoftPulse' (of type Adware)
5.09

Vba32 AntiVirus
BScope.Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Adware.Agent.Win32.11461
2.0.0.2007

File size:
1.1 MB (1,137,896 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\player.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/13/2014 5:00:00 PM

Valid to:
7/14/2015 4:59:59 PM

Subject:
CN=Digital Plugin S.l., O=Digital Plugin S.l., L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
229111B20CCF13394E8E6CA9EAB4121F

File PE Metadata
Compilation timestamp:
8/20/2014 5:30:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:YF/QS8oTXrxf4XQjfxYE3ncjq5E8TIc4+nDCgP:YNHTtf4XkQq5E8gQ2u

Entry address:
0x4DF6

Entry point:
E8, 29, 26, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 96, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 80, 41, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 96, 41, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
7.7358  (probably packed)

Code size:
60 KB (61,440 bytes)

The file player.exe has been seen being distributed by the following 2 URLs.

Remove player.exe - Powered by Reason Core Security