» setup.exe
Overview
Analysis
File Details
Network (4)

setup.exe

Digital Plugin SL

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Digital Plugin SL has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. It is also typically executed from an Internet Explorer cache folder.

File name:

setup.exe

Publisher:

Digital Plugin SL (signed and verified)

MD5:

bcc679816d4ebe3c774fa93f4ef55bae

SHA-1:

5a6d63d5bcc32999dc580629306191c179f46540

SHA-256:

be2e7539836780719fc892e4ab4ddac47ec6d050b01ccc2bd3739b009d611454

Scanner detections:

20 / 68

Status:

Adware

Explanation:

Bundle or install adware offers through a modified download manager or installer.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

1/14/2025 3:09:09 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Application.Graftor.182456

5629308

AhnLab V3 Security

Win-PUP/SoftPulse

2015.06.03

Avira AntiVirus

PUA/SoftPulse.oanl

8.3.1.6

Arcabit

Trojan.Application.Graftor.D2C8B8

1.0.0.425

AVG

Generic

2016.0.3090

Bitdefender

Gen:Variant.Application.Graftor.182456

1.0.20.765

Bkav FE

W32.HfsAdware

1.3.0.6379

Dr.Web

Trojan.Domaiq.252

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Application.Graftor.182456

10.0.0.5366

F-Secure

Riskware.Gen:Variant.Application.Graftor

5.14.151

G Data

Gen:Variant.Application.Graftor.182456

15.6.25

K7 AntiVirus

Unwanted-Program

13.204.16111

Malwarebytes

PUP.Optional.DomalIQ.SID.A

v2015.06.02.02

MicroWorld eScan

Gen:Variant.Application.Graftor.182456

16.0.0.459

Norman

Gen:Variant.Application.Graftor.182456

03.12.2014 13:20:04

Panda Antivirus

Trj/Genetic.gen

15.06.02.02

Quick Heal

PUA.Digitalplu7.Gen

6.15.14.00

Reason Heuristics

PUP.Softpulse.Bundler

15.6.2.13

Sophos

PUA 'SoftPulse' (of type Adware)

5.15

VIPRE Antivirus

Threat.4783235

40552

File size:

690.3 KB (706,880 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

Softpulse SoftwareBundler

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\setup.exe

Digital Signature

Signed by:

Digital Plugin SL

Authority:

Thawte, Inc.

Valid from:

9/26/2014 8:00:00 AM

Valid to:

9/27/2015 7:59:59 AM

Subject:

CN=Digital Plugin SL, O=Digital Plugin SL, L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

63B78976E4F16AA4AC250388162DD349

File PE Metadata

Compilation timestamp:

6/1/2015 10:45:28 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:zwxBlc0XSuXvpwPN3jDn2FFszlN3140ae8g1DU4qrdsgkoeim7qMplx4IIw:zuS0XbXvpENOnsrLay1DU4qEiOFlmS

Entry address:

0x1000

Entry point:

B8, 68, 6D, 67, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, 6A, 7C, 5F, 4A, CD, C3, EA, 10, 04, 1A, 7E, EA, 4C, D5, 3A, C7, 0A, 94, F9, F6, D8, 87, AD, 43, 0C, 47, CC, F7, F3, 37, FC, 43, 84, 57, A0, A7, A1, C2, 47, 92, E4, 45, 8C, 08, A3, 8E, C7, 5C, 8E, B2, D6, 50, A3, 5E, FF, 3C, 95, 5A, B7, 80, 8F, 36, 1F, F1, 59, 77, B7, FC, 90, 0C, B5, 22, D5, B2, C3, 1D, 91, 13, E8, 2D, 44, DC, 3C, 04, B7, 84, FE, 6E, FD, D2, 55, E9, C8... 
[+]

Entropy:

7.9617

Packer / compiler:

PECompact v2

Code size:

1 MB (1,088,000 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to lga15s44-in-f30.1e100.net (74.125.226.94:443)

TCP (HTTP):

Connects to ec2-52-25-196-249.us-west-2.compute.amazonaws.com (52.25.196.249:80)

TCP (HTTP):

Connects to a23-13-171-27.deploy.static.akamaitechnologies.com (23.13.171.27:80)

TCP (HTTP):

Connects to a23-13-165-163.deploy.static.akamaitechnologies.com (23.13.165.163:80)

Remove setup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.