driverturbo_3.0_keygen.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application driverturbo_3.0_keygen.exe by VASSANA KONGSOONGNERN has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
5aa3c54bf1f3d4ded1b79e1033a4a05b

SHA-1:
465af2b18bf70e5cc1176fea2369d91797c313b6

SHA-256:
fce21b2dfd933d27a66bd637bb1bc9e69b6fd3c02815089236457a89499115de

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 8:18:47 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Downloader.Gen
7.11.199.206

AVG
Generic
2016.0.3237

Baidu Antivirus
Adware.NSIS.Yontoo
4.0.3.1517

Dr.Web
Adware.Downware.8319
9.0.1.07

ESET NOD32
Win32/Adware.1ClickDownload.AJ
9.10974

G Data
Win32.Application.Agent.WBG7ML
15.1.24

K7 AntiVirus
Adware
13.1814554

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2679

McAfee
Artemis!5AA3C54BF1F3
5600.6893

NANO AntiVirus
Trojan.Nsis.Yotoon.deckrr
0.30.0.64448

Qihoo 360 Security
HEUR/QVM42.0.Malware.Gen
1.0.0.1015

Reason Heuristics
PUP.VASSANAKONGSOONGNERN.V
15.1.7.6

Sophos
CoolMirage
4.98

Trend Micro House Call
Suspicious_GEN.F47V0105
7.2.7

VIPRE Antivirus
CoolMirage Ltd
36448

File size:
479.9 KB (491,408 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\driverturbo_3.0_keygen.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
10/6/2014 2:00:00 AM

Valid to:
10/7/2015 1:59:59 AM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
12288:wGsWCNpQjWdmbcL9eUVb1QjI9Pqp+fhxQnfD3Ks:w9lNpvdeY9eUVb1QcZ8n

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file driverturbo_3.0_keygen.exe has been seen being distributed by the following 12 URLs.

Remove driverturbo_3.0_keygen.exe - Powered by Reason Core Security