player.exe

Digital Plugin S.l.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application player.exe by Digital Plugin S.l has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from www.lpmxp2121.com.
Publisher:
Digital Plugin S.l.  (signed and verified)

MD5:
55b854b906e43ee0d7b7ed046330ef28

SHA-1:
f41e68bde70b654939f8fbcc0600ee2f4db77b6f

SHA-256:
de20138ff2fa81b3d0924a6af6dd27d68729aeffe364e79db3d95addaaea5e5a

Scanner detections:
15 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/27/2024 12:35:16 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Dropper.Gen
7.11.30.172

avast!
Win32:SoftPulse-V [PUP]
2014.9-140811

AVG
Generic
2015.0.3385

Dr.Web
Trojan.Click3.3888
9.0.1.0223

ESET NOD32
Win32/SoftPulse (variant)
8.10246

G Data
Win32.Adware.Softpulse
14.8.24

herdProtect (fuzzy)
2014.10.18.5

IKARUS anti.virus
Trojan.Win32.Buzus
t3scan.1.6.1.0

K7 AntiVirus
Unwanted-Program
13.183.13029

Kaspersky
Trojan.Win32.Buzus
14.0.0.3421

McAfee
SoftPulse
5600.7041

Panda Antivirus
Trj/Genetic.gen
14.08.12.02

Reason Heuristics
PUP.DigitalPluginSl.G
14.8.11.15

Sophos
SoftPulse
4.98

VIPRE Antivirus
Threat.4150696
31208

File size:
1.3 MB (1,408,280 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\player.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
7/14/2014 2:00:00 AM

Valid to:
7/15/2015 1:59:59 AM

Subject:
CN=Digital Plugin S.l., O=Digital Plugin S.l., L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
229111B20CCF13394E8E6CA9EAB4121F

File PE Metadata
Compilation timestamp:
8/11/2014 12:04:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
24576:Gp0VWX3FaEpJNwPf/apieptFjhaxodNXStHDpfpYSwGIME+:GtX2PHaZ/jQaCdpfpCG7f

Entry address:
0x8BA0

Entry point:
E8, 7F, 1F, 00, 00, E9, 7F, FE, FF, FF, 55, 8B, EC, 8B, 45, 0C, 83, EC, 20, 56, 57, 6A, 08, 59, BE, 40, 50, 41, 00, 8D, 7D, E0, F3, A5, 8B, 4D, 08, 5F, 5E, 85, C0, 74, 0D, F6, 00, 10, 74, 08, 8B, 01, 8B, 40, FC, 8B, 40, 18, 89, 4D, F8, 89, 45, FC, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, AC, 40, 41, 00, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, A0, 30, 46...
 
[+]

Code size:
73.5 KB (75,264 bytes)

The file player.exe has been seen being distributed by the following URL.

Remove player.exe - Powered by Reason Core Security