setup.exe

SetupWizard

Plugin Update S.L.

This is the Softpulse installer which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed with minimal consent. The application setup.exe by Plugin Update S.L has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the Softpulse SoftwareBundler installer. The file has been seen being downloaded from www.81coe.com.
Publisher:
TODO: <Nombre de la compañía>  (signed by Plugin Update S.L.)

Product:
SetupWizard

Description:
Setup Wizard

Version:
3.4.5.2

MD5:
3bea45ee0d50c472e991d0148c4bb93c

SHA-1:
9b1bd9f84141eb7d467c77c5fab83da05ee32132

SHA-256:
7cca91e12bb7761258636741b36207a7f9ca246532cd8af33e69371dff7e3dea

Scanner detections:
18 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
12/24/2024 5:23:03 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

AhnLab V3 Security
Win-PUP/SoftPulse
2014.11.29

Avira AntiVirus
APPL/Softpulse.1014112
7.11.189.122

avast!
Malware-gen
2014.9-141130

AVG
Generic
2015.0.3276

Comodo Security
Application.Win32.SoftPulse.D
20223

Dr.Web
Adware.SoftPules.3
9.0.1.05190

ESET NOD32
Win32/SoftPulse.Q potentially unwanted application
7.0.302.0

G Data
Win32.Application.SoftPulse
14.11.24

Kaspersky
not-a-virus:AdWare.Win32.SoftPulse
15.0.0.543

Malwarebytes
PUP.Optional.SmartSec
v2014.11.30.02

McAfee
SoftPulse
5600.6932

NANO AntiVirus
Trojan.Win32.DriverUpd.djmoky
0.28.6.63726

Panda Antivirus
Trj/Genetic.gen
14.11.28.03

Reason Heuristics
PUP.Installer.PluginUpdateSL.F
14.11.28.15

Sophos
SoftPulse
4.98

Vba32 AntiVirus
Signed-Adware.Softpulse
3.12.26.3

VIPRE Antivirus
Threat.4783235
35088

File size:
990.5 KB (1,014,232 bytes)

Product version:
3.4.5.2

Copyright:
Copyright (C) 2014

Original file name:
SetupWizard.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Softpulse SoftwareBundler

Language:
Spanish (Spain, International Sort)

Common path:
C:\users\{user}\downloads\setup.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
10/8/2014 1:00:00 AM

Valid to:
10/9/2015 12:59:59 AM

Subject:
CN=Plugin Update S.L., O=Plugin Update S.L., L=Guia de Isora, S=Santa Cruz de Tenerife, C=ES

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0E923B9CF60DA59FC3A43A87A8071FC2

File PE Metadata
Compilation timestamp:
11/27/2014 4:53:42 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:1LMoaD1TpxI7HKczk5998wdvwbVmwybcWKsLUl:G1TpOa599tvuToKwUl

Entry address:
0x118D6

Entry point:
B8, 90, 92, 57, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 67, 64, 61, 73, 64, 66, 74, 72, 68, 34, 00, 35, 15, 53, 25, 40, E9, 92, 3C, E3, E0, 33, 79, 1D, 25, 39, CA, 5E, FB, 4C, FA, 82, 61, CE, 80, E0, 3C, 9C, 42, B8, B1, C7, C6, 18, B0, 62, 59, AB, 53, 83, 4D, 14, E1, D2, 66, A7, CF, E4, EE, 42, 0F, 66, 65, 4F, E9, 91, 35, C4, B7, C4, D1, 5B, 20, B9, 1C, C5, D4, 0B, B3, BA, 9E, C0, FC, E2, F2, 4D, 4C, F0, ED, 3B, A6, 81, CB, 83, 8E, F4, BB, AE, AF, 5C, CF, 11, 3B, 65...
 
[+]

Entropy:
7.9793  (probably packed)

Code size:
155 KB (158,720 bytes)

The file setup.exe has been seen being distributed by the following URL.

Remove setup.exe - Powered by Reason Core Security