» [drumstep]_daplaque_-_grand_skyfall.exe
Overview
Analysis
File Details
Downloads (2)

[drumstep]_daplaque_-_grand_skyfall.exe

CoolMirage LTD.

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application [drumstep]_daplaque_-_grand_skyfall.exe by CoolMirage has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.

File name:

Publisher:

CoolMirage LTD. (signed and verified)

MD5:

26ea137ac9304225851a70cb6b1d7d4c

SHA-1:

0a5cc5f6628e06eee4757583061b5748bdc04c44

SHA-256:

5d20e323e1c63ef6524e44353dad0ec6f65837d7e92df6451efac6ad655ac234

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

2/25/2025 4:50:00 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2016.0.3201

Dr.Web

Adware.Downware.8319

9.0.1.043

NANO AntiVirus

Trojan.Nsis.Yotoon.deckrr

0.28.2.62440

Panda Antivirus

PUP/MultiToolbar.A

15.02.12.11

Qihoo 360 Security

Win32/Virus.Adware.47b

1.0.0.1015

Reason Heuristics

PUP.CoolMirage

15.2.12.11

File size:

394.1 KB (403,608 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\[drumstep]_daplaque_-_grand_skyfall.exe

Digital Signature

Signed by:

CoolMirage LTD.

Authority:

Thawte, Inc.

Valid from:

8/26/2014 2:00:00 AM

Valid to:

11/10/2015 12:59:59 AM

Subject:

CN=CoolMirage LTD., O=CoolMirage LTD., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

029E9B7F7CD982D1F52BA19EDA66E340

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:RstgfZwlMPaw7UsJpDTkJsYGfH6G/eieYp6eQNEwR6yEOF5ZaLvkstpJPig:YgfZwlMiJsJpAJsYs6G/NS0yEIsN0g

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file [drumstep]_daplaque_-_grand_skyfall.exe has been seen being distributed by the following 2 URLs.

https://www.smarterdl.com/.../julia_sheer_ft_kevin_littlefield_far_away.exe

https://www.smarterdl.com/.../lagu_nasional_mengheningkan_cipta.exe

Remove [drumstep]_daplaque_-_grand_skyfall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.