home

f_000664

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The file f_000664 by VASSANA KONGSOONGNERN has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.flvplayer-download.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
b70c0e8ba9f98f5de3c62bbfd895459b

SHA-1:
593249573635d235df2c0f2099e38de976b4d3a1

SHA-256:
be1d80925fa0088f25e4c041312b557520f97155a8d86d5d147d7b7420035a9a

Scanner detections:
14 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 1:54:01 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.07

AVG
Generic
2016.0.3206

Baidu Antivirus
Trojan.MSIL.ShimChanger
4.0.3.1526

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Yontoo.54
9.0.1.037

ESET NOD32
NSIS/TrojanDropper.Agent.CB
9.11134

K7 AntiVirus
Adware
13.193.14891

Kaspersky
not-a-virus:Downloader.Win32.TornTV
14.0.0.2527

McAfee
Artemis!E50423C905E2
5600.6862

Qihoo 360 Security
Win32/Virus.Downloader.e28
1.0.0.1015

Reason Heuristics
PUP.CoolMirage
15.2.6.14

Sophos
CoolMirage
4.98

Trend Micro House Call
Suspici.EDD0D2A5
7.2.37

VIPRE Antivirus
CoolMirage Ltd
37316

File size:
125.4 KB (128,440 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\google\chrome\user data\default\cache\f_000664

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 7:00:00 PM

Valid to:
10/6/2015 6:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:lLk395hYXJIOHMVf9n3Zwly8c98LVJ7M41MfBQs1nFv:lQqKBX3ZQy8KEM41M5x1nF

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6141

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file f_000664 has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wI9G1IEFJ00QHMVHGOK39H0Q

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w2GSM69FO5KJOOVHG51N0TO6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w4L8NI479COE360I0HEOM27M

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wFGN0GGVH5CA6SVHGMLJA5IG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w85SB66NT29UQGVH0A8I1M7O

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wIOB05CP19CCDRVHGN2NMUC8

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w7K7SG427LQBFD0I00J4D3JI

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wOFLV1LQP7S4OS0IG7AKLCAS

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wSJQU1RP8MK1S30IG9VVV8RI

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wOG1I76DH96AR3VHG8KB4VGK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wC7P89ERMRM1RQ0IG2N7DS58

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wHKT3U0ICULOPCVHGRQ27T5M

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w3AS0FUHBBQGFD0I0U0J45EI

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w8K12OIIPSGKTK0I0T4ES34R

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wET3UQGG1M5G5I0I02RD019A

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w84CDSECAD2EULVH0J2BK89I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wMLHQ3MNAPRTPBVH0UOQL1CO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wSLH4QSC71FIUVVH0IM97KNO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wL5PE599TL4TTFVH0M61BP9S

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wVG8E86DV9T7HK0I0AIG3N3I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wUFTD5RQ43287TVH033E1JU8

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wQS6K998FRJ5GJ0I0C8VI7MS

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wMADJR2N1S8QTK0IG6ICSDFK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w16OF7QAT3SDFL0I02PLIS48

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wB2Q2UKD4UIFTSVH00EM4UKC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wLM9AALL98DC9J0I0FC4Q74G

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wSB7BP3OHDUIKB0IGJVREU34

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wD1NCALDUTEOO3VHGBDJKNAU

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wMT8KBQQ7SIMQO0I0MHCQKCM

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wGA4P01RT49T9L0IGNJ5F66E

Latest 30 of 189 download URLs

Remove f_000664 - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.