» player.exe
Overview
Analysis
File Details
Downloads (2)

player.exe

Digital Plugin S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Digital Plugin S.l has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from kyle.mxp2334.com and multiple other hosts.

File name:

player.exe

Publisher:

Digital Plugin S.l. (signed and verified)

MD5:

9b258961aff50c630652e9249997e2db

SHA-1:

c5f440e60e1f6a4c2f88895b0d1355cfe58a4905

SHA-256:

3e007cec9de25aac3cbeb5bbd533b36ec54ce36522190c4216b11258e4cecde2

Scanner detections:

21 / 68

Status:

Adware

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

11/25/2024 6:29:49 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Strictor.62662

887

Agnitum Outpost

PUA.Agent

7.1.1

Avira AntiVirus

Adware/Agent.djcr.8

7.11.170.50

avast!

Win32:Adware-gen [Adw]

140813-1

AVG

Generic

2015.0.3365

Bitdefender

Gen:Variant.Application.Strictor.62662

1.0.20.1215

Dr.Web

Trojan.DownLoader11.29457

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Strictor.62662

9.0.0.4324

ESET NOD32

Win32/SoftPulse.H potentially unwanted application

7.0.302.0

F-Secure

Gen:Variant.Application.Strictor

11.2014-31-08_1

G Data

Gen:Variant.Application.Strictor.62662

14.8.24

IKARUS anti.virus

not-a-virus:AdWare.Agent

t3scan.1.7.5.0

K7 AntiVirus

Unwanted-Program

13.183.13218

Kaspersky

not-a-virus:AdWare.Win32.Agent

15.0.0.494

Malwarebytes

PUP.Optional.MultiPlug

v2014.08.31.03

McAfee

SoftPulse

5600.7021

MicroWorld eScan

Gen:Variant.Application.Strictor.62662

15.0.0.729

NANO AntiVirus

Trojan.Win32.SoftPulse.deipgw

0.28.2.61861

Panda Antivirus

Trj/Genetic.gen

14.08.31.03

Reason Heuristics

PUP.DigitalPluginSl.G

14.8.31.14

VIPRE Antivirus

Threat.4783235

32210

File size:

1.4 MB (1,510,120 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\downloads\player.exe

Digital Signature

Signed by:

Digital Plugin S.l.

Authority:

VeriSign, Inc.

Valid from:

7/14/2014 2:00:00 AM

Valid to:

7/15/2015 1:59:59 AM

Subject:

CN=Digital Plugin S.l., O=Digital Plugin S.l., L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

229111B20CCF13394E8E6CA9EAB4121F

File PE Metadata

Compilation timestamp:

8/27/2014 3:51:51 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:mKWQBT4nVU85afaniK/792DxAA4PNn0DLg78E2y2R3rh+Zx1kyFw:mNQJJ2B2WZd0DUGf3d+ZLkyS

Entry address:

0x6994

Entry point:

E8, 27, 41, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, F0, 90, 48, 00, 75, 02, F3, C3, E9, 25, 48, 00, 00, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, 74, AF, 48, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, F8, 90, 48, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA, 25, 74, AF, 48, 00, 00, 0F, 83, A7, 01, 00, 00... 
[+]

Entropy:

7.5828

Code size:

76.5 KB (78,336 bytes)

The file player.exe has been seen being distributed by the following 2 URLs.

http://kyle.mxp2334.com/6kNHJR-FDuUOn-1nsCBDPlSDheSuoR_ey_FvRlecm4ray2TYX4q0ghZr3orH32YGsQQwTsqmtqf9htCIq4oMp-aezq5fatgJpzFrWfflURLKn7UzVHIeuiFiZrJ62tWg?sbb=7jNKkI90p6Jv4iuGLu8DToLGuIr7ttW50X9gOJuDLF2j1ejrBcN357Q6g95tPJX2yQG0QuRVWZji2ws93lZzt88lcx0OPWTUzEZJdXGUQoccXhLcXyNpfyzyCaGTkSyFja3OG8di1fUszPoeOGezxrvct2NvVLXrh0jcNd3FmqsYR9Yj6jtQSqf0MhIg7OPvqKtg8lpD09dZR14xrVLT81ya0qCTWheV00UuMEQ4jrRRHR6B6Ix5KJgMXLn1OCC7B3eIYXQZ6MB9KGO5nGVzjOQCMDzbMreFiOYOjGnMgnxtpbhz3ECcQ4vBc9BMZxnJr0FVanRdvw7wcotXpxDYk315j0Xf28fNPy2Yse4dDTc56tVXTyDmMtaaTTCHwA3lbNCpiWMIke6C64x5Z5puwbRxKS92h2C4oioVQtYsS59IPVrTkhJiCWPiGoXVah06oHOzdVGk19D6PcmxA40dKtIcYieb7dBzdUQMWphyseCp18rpYHQT44l9CMSqfGZsGPB8KsJxqrmWi3SNoVwHcWlbyqllfZcMEHxiOmdt74uCngI2x89COYYiivyq6a78kkSVWkardIQ7E51QFyJS9Ux841JIK6JdqBNrFZpZjf96eXAb2Hm6RpAxqyFV1dI5tPev6gNO8hJ4kUea3xRPHmD2YRHpSNsuW5UPWDaCcq0IPew1eCK3fIyy4DzGHzPDRg2eq0GHz90NNIWJeiSw0sW5feuV5JxP7LD5AtkmFIq8FutkantHc8pA2Jdu50TKA5lfRefLRtnnwu4af2fN6xQHOahBpsS0eFSpNOrWr2Rk7904P7mUjQrxJBPxqlvwZbfhS5wCz9l

http://ttb.lpmxp2136.com/download/request/.../IxsKo50g?__tc=1409233283.873&lpsl=f676fbbfacc83e6ec39b882e0eb50fd1&expire=1409313029&pub_id=176681&ce_cid=20xbxL2DmeLOUOvN1Ax99c1xmYdK000.&tgu_src_lp_domain=www.dwnlultimatesoft.com&fileName=Player

Remove player.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.