setup.exe

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Digital Plugin SL has been detected as adware by 33 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. While running, it connects to the Internet address server-54-230-55-206.jfk6.r.cloudfront.net on port 80 using the HTTP protocol.
Publisher:
Digital Plugin SL  (signed and verified)

MD5:
867556c03ad28f511db4cd9f1a481315

SHA-1:
0db3c25093eccf6402696b4fee5eb79e9c2f1d7b

SHA-256:
3c7b63c6c69f0f8fd681eac5c704e5ea704186610ec5ca62ef7052a15159275b

Scanner detections:
33 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 12:05:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Application.Bundler.5
5762964

Agnitum Outpost
PUA.Downloader
7.1.1

AhnLab V3 Security
PUP/Win32.DomaIQ
2015.06.17

Avira AntiVirus
PUA/Softpulse.Gen
8.3.1.6

Arcabit
Trojan.Application.Bundler.5
1.0.0.425

avast!
Win32:SoftPulse-R [PUP]
150602-1

AVG
Generic
2016.0.3076

Bitdefender
Gen:Variant.Application.Bundler.5
1.0.20.835

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Multiplug-33061
0.98/20570

Comodo Security
Application.Win32.Softpulse.A
22471

Dr.Web
Trojan.Domaiq.189
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Application.Bundler
10.0.0.5366

ESET NOD32
Win32/SoftPulse.B potentially unwanted application
7.0.302.0

Fortinet FortiGate
W32/Generic.AC.867736
6/16/2015

F-Prot
W32/A-7488f3d7
v6.4.7.1.166

F-Secure
Riskware.Gen:Variant.Application.Bundler
5.14.151

G Data
Gen:Variant.Application.Bundler
15.6.25

K7 AntiVirus
Unwanted-Program
13.205.16253

Malwarebytes
PUP.Optional.DomaIQ
v2015.06.16.05

McAfee
Program.CryptDomaIQ
17.6.569.0

MicroWorld eScan
Gen:Variant.Application.Bundler.5
16.0.0.501

NANO AntiVirus
Trojan.Win32.MLW.dbbdly
0.30.24.2086

Norman
Gen:Variant.Application.Bundler.5
02.06.2015 14:23:46

Panda Antivirus
Trj/Genetic.gen
15.06.16.05

Quick Heal
TrojanDwnldr.DriverUpd.A5
6.15.14.00

Reason Heuristics
PUP.Softpulse.Bundler
15.6.16.13

Rising Antivirus
PE:Malware.Bundler!6.1B90
23.00.65.15614

Sophos
PUA 'SoftPulse' (of type Adware)
5.15

Total Defense
Win32/Tnega.COUOfGD
37.1.62.1

Vba32 AntiVirus
Downloader.Agent
3.12.26.4

VIPRE Antivirus
Threat.4150696
40786

Zillya! Antivirus
Downloader.Agent.Win32.187484
2.0.0.2227

File size:
790 KB (808,968 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
5/23/2014 3:00:00 AM

Valid to:
5/24/2015 2:59:59 AM

Subject:
CN=Digital Plugin SL, O=Digital Plugin SL, STREET=Calle el Pozo 17B, L=Adeje, S=Santa Cruz de Tenerife, PostalCode=38670, C=ES

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C30222BF83B5AE2CB666E51380D11646

File PE Metadata
Compilation timestamp:
5/29/2014 12:55:06 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:5a3LEO+TPVMg+Ukjize2tWoQZEeYrmGxB7YpaLd6+R1sPDaYyo68S:5a3L8eg+UkjCoRZuB7YcvsK8S

Entry address:
0x4D4B9

Entry point:
E8, ED, 7A, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 40, 36, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, D2, 0C, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 93, 12, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, B2, 06, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, F1, 35, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD...
 
[+]

Code size:
454.5 KB (465,408 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.renewyourexpireddomain.com  (37.152.88.204:80)

TCP (HTTP):
Connects to server-54-230-55-206.jfk6.r.cloudfront.net  (54.230.55.206:80)

Remove setup.exe - Powered by Reason Core Security