player.exe

Digital Plugin S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Digital Plugin S.l has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from kyle.mxp2317.com and multiple other hosts.
Publisher:
Digital Plugin S.l.  (signed and verified)

MD5:
998e833a13624109c09aa17f21ebd846

SHA-1:
a94129b9c4e4542e45b5659b444faede215f74d7

SHA-256:
1aadf59be0978dee841b73ea70332808cbdb04da6da7fd289c2c457f58d9dd2c

Scanner detections:
26 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/26/2024 11:53:03 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2014.12.18

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:PUP-gen [PUP]
141214-1

AVG
Win32/DH{gRJ+UIEHeVRPFVGBFYEJHFOBE0GBDw}
2015.0.3257

Clam AntiVirus
Win.Adware.MultiPlug-31138
0.98/19795

Comodo Security
Application.Win32.SoftPulse.D
20398

Dr.Web
Adware.SoftPules.3, Trojan.DownLoader11.32266
9.0.1.05190

ESET NOD32
Win32/SoftPulse.J potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/AntiAV.AVST!tr
12/17/2014

F-Prot
W32/A-022719ea
v6.4.7.1.166

G Data
Win32.Application.Softpulse
14.12.24

K7 AntiVirus
Trojan
13.188.14368

Kaspersky
not-a-virus:AdWare.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.12.17.01

McAfee
Program.SoftPulse
16.8.708.2

NANO AntiVirus
Trojan.Win32.SoftPulse.decuha
0.28.6.64267

Norman
Malware
11.20141217

nProtect
Trojan-Clicker/W32.Agent.1137896
14.12.17.01

Panda Antivirus
Trj/Genetic.gen
14.12.17.01

Quick Heal
Trojan.Buzus.A4
12.14.14.00

Reason Heuristics
PUP.DigitalPluginSl.G
14.12.17.13

Sophos
PUA 'SoftPulse' (of type Adware)
5.09

Vba32 AntiVirus
BScope.Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Adware.Agent.Win32.11461
2.0.0.2007

File size:
1.1 MB (1,137,896 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\player.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/13/2014 5:00:00 PM

Valid to:
7/14/2015 4:59:59 PM

Subject:
CN=Digital Plugin S.l., O=Digital Plugin S.l., L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
229111B20CCF13394E8E6CA9EAB4121F

File PE Metadata
Compilation timestamp:
8/20/2014 5:30:45 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:YF/QS8oTXrxf4XQjfxYE3ncjq5E8TIc4+nDCgT:YNHTtf4XkQq5E8gQ2a

Entry address:
0x4DF6

Entry point:
E8, 29, 26, 00, 00, E9, 7F, FE, FF, FF, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 14, 96, 41, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, A8, 80, 41, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 14, 96, 41, 00, 00, 0F, 83, A7, 01, 00, 00, F7, C7, 03, 00, 00, 00, 0F, 85, B8, 01, 00, 00, F7, C6, 03, 00, 00, 00...
 
[+]

Entropy:
7.7358  (probably packed)

Code size:
60 KB (61,440 bytes)

The file player.exe has been seen being distributed by the following 2 URLs.

Remove player.exe - Powered by Reason Core Security