home

player.exe

taskhost

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Digital Plugin SL has been detected as adware by 39 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. The file has been seen being downloaded from ttb.mfyf42o8.com.
Publisher:
Digital Plugin SL  (signed and verified)

Product:
taskhost

Version:
5. 4. 5. 4

MD5:
545ff1587230551747d5150dba69c1d8

SHA-1:
da06680a0b712193d8869fce4fe819f85be9c21c

SHA-256:
7bbcfb3646732d63c6e9312a8300056d2aa8bcd987c8c9069ceaff054f22b8ba

Scanner detections:
39 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
12/28/2024 11:29:42 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Kazy.494185
355

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.SoftPulse
2014.12.28

Avira AntiVirus
APPL/Softpulse.aone
7.11.198.70

avast!
SoftPulse-EI [PUP]
2014.9-160214

AVG
Generic
2017.0.2833

Baidu Antivirus
PUA.Win32.SoftPulse
4.0.3.16214

Bitdefender
Gen:Variant.Adware.Symmi.49537
1.0.20.225

Bkav FE
W32.HfsAdware
1.3.0.6267

Clam AntiVirus
Win.Adware.Agent-35419
0.98/19902

Comodo Security
Application.Win32.SoftPulse.D
20507

Dr.Web
Trojan.Domaiq.41
9.0.1.045

Emsisoft Anti-Malware
Application.Bundler.SoftPulse.P
8.16.02.14.06

ESET NOD32
Win32/SoftPulse.U potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/DriverUpd
2/14/2016

F-Prot
W32/S-a12b5690
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Kazy.494185
11.2016-14-02_1

G Data
Gen:Variant.Adware.Symmi.49537
16.2.24

IKARUS anti.virus
not-a-virus:AdWare.SoftPulse
t3scan.1.8.5.0

K7 AntiVirus
Unwanted-Program
13.188.14468

Kaspersky
Trojan.Win32.Agent
14.0.0.661

Malwarebytes
PUP.Optional.Plugin
v2016.02.14.06

McAfee
Program.SoftPulse
5600.6489

MicroWorld eScan
Gen:Variant.Adware.Symmi.49537
17.0.0.135

NANO AntiVirus
Riskware.Win32.SoftPulse.dlfurr
0.30.0.64448

Norman
Gen:Variant.Adware.Kazy.494185
11.20160214

nProtect
Trojan/W32.Agent.720376.B
15.01.15.01

Panda Antivirus
Trj/Genetic.gen
16.02.14.06

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

Quick Heal
PUA.DriveUpd.DC4
2.16.14.00

Reason Heuristics
PUP.Softpulse.DigitalPlugin.Bundler (M)
16.2.14.18

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48
23.00.65.16212

Sophos
PUA 'SoftPulse' (of type Adware)
59

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9323

Trend Micro House Call
ADW_PULSOFT.SM
7.2.45

Trend Micro
ADW_PULSOFT.SM
10.465.14

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4150696
35418

Zillya! Antivirus
Adware.Agent.Win32.29688
2.0.0.2024

File size:
709.5 KB (726,512 bytes)

Product version:
6. 5. 4. 6

Copyright:
Copyright (C) 2014

Original file name:
taskhost.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish

Common path:
C:\users\{user}\downloads\player.exe

Digital Signature
Signed by:
Digital Plugin SL

Authority:
VeriSign, Inc.

Valid from:
9/24/2014 2:00:00 AM

Valid to:
7/29/2015 1:59:59 AM

Subject:
CN=Digital Plugin SL, O=Digital Plugin SL, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
457A2C44F936DD8EEF974AFC80E53578

File PE Metadata
Compilation timestamp:
12/26/2014 11:01:04 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:QigqIkHyLkIOeee+fAZwfqDPdM+UULoGTxOk82HmVJZP0g:Qik6yIVeSAZwCCDGTxOB2HEog

Entry address:
0x10636

Entry point:
E8, 8A, 7E, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 78, 1B, 00, 00, 6A, 0C, 68, 38, A7, 43, 00, E8, 99, 69, 00, 00, 33, C0, 33, F6, 39, 75, 08, 0F, 95, C0, 3B, C6, 75, 1D, E8, 9C, 64, 00, 00, C7, 00, 16, 00, 00, 00, 56, 56, 56, 56, 56, E8, 0E, 1D, 00, 00, 83, C4, 14, 83, C8, FF, EB, 5F, E8, D4, 7E, 00, 00, 6A, 20, 5B, 03, C3, 50, 6A, 01, E8, DF, 7F, 00, 00, 59, 59, 89, 75, FC, E8, BD, 7E, 00, 00, 03, C3, 50, E8, 6A, 80, 00, 00, 59, 8B, F8, 8D, 45, 0C, 50, 56, FF, 75, 08, E8, A5, 7E, 00, 00...
 
[+]

Code size:
150.5 KB (154,112 bytes)

The file player.exe has been seen being distributed by the following URL.

http://ttb.mfyf42o8.com/download/request/.../4vEoIKcf?__tc=1419594276.71&lpsl=ab35594c9a1071b07803753f2ec8a277&expire=1419680675&slp=www.greatfastsoft.com&pub_id=P22821150&ce_cid=mU0X_JBpqGS8l57jQgbwmKqRGLUZB1F-LW9KYc-qUPbrdyiF-HKqKmDHSBYP30n-9XbUvWf5SK4Elstk_t3H_wMcnaV8U3RYLE0WZT7QAM2JyNGX-wo7rqCJtkgsUte4bzPJX3PJ_VHJyASoEw0DQ68tYTCwECtqoA0oiDO9ZpUQSjjWSdwW9GQDKTLdFQSBs4IEc3OcGre0WipBsyi3NuLcrE6OVDS-gykRw2qusOFpgP_MIPkU52ZjLqr-a-U0EUabz5CMJFETKQlh-aDI7hxKCxQlkxLWAIfwUAOsnwT8fC0C1o7FXgDwYxq9TwErxcq1_XoPJA6g-A-1ox3tUIX9-x2sSC6YP6kmmzEm6tEb6vykmYIFuSsbZfR9oZjQQZwex9u_FIw-TQQPUuR-5Oxl8_pa6f0IVrQ&fileName=Player

Remove player.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.