feed2allapp.exe

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application feed2allapp.exe by CoolMirage has been detected as adware by 12 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program Feed2AllApp by Feed2All which is a potentially unwanted software program. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.
Publisher:
Feed2All  (signed by CoolMirage Ltd.)

Product:
Feed2All

Version:
2.0.0.1

MD5:
e19eab8ee5e4f51ed1748d0e68f4440c

SHA-1:
bb1eae571ba5f6b3004b0632251539c689bbf330

SHA-256:
20491f9ddf056c324455a968d76e10c48f270cbdb0c5d788207682c1bd73436f

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/27/2024 6:33:45 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downware
7.1.1

Avira AntiVirus
Adware/1ClickDownload.AA.56
7.11.115.54

AVG
Generic
2015.0.3259

Comodo Security
ApplicUnwnt
17321

Dr.Web
Adware.Downware.1403
9.0.1.0361

IKARUS anti.virus
AdWare.1ClickDownload
t3scan.2.2.29

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2792

Malwarebytes
PUP.Optional.CoolMirage.A
v2013.12.27.10

Qihoo 360 Security
Win32/Virus.Adware.7c6
1.0.0.1015

Reason Heuristics
PUP.CoolMirage.L
14.8.7.17

Trend Micro House Call
TROJ_GEN.F47V0830
7.2.361

VIPRE Antivirus
CoolMirage Ltd
23640

File size:
784.5 KB (803,320 bytes)

Product version:
2.0.0.1

Copyright:
2013 (c) Feed2All. All rights reserved.

Original file name:
Feed2All.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\feed2allapp.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/6/2013 2:00:00 AM

Valid to:
6/7/2014 1:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
8/15/2013 8:21:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:/ooho6vaaz/dYevTWqmJkQWRB2MAc/MaQjuO7UvX7SP:9vvTWNOQWRB24ULuiP

Entry address:
0x2087D

Entry point:
E8, B1, 73, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, EB, 08, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 25, 06, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Code size:
198.5 KB (203,264 bytes)

The file feed2allapp.exe has been discovered within the following program.

Feed2AllApp  by Feed2All
As part of the installation process the publisher may offer changes to your Internet Browser settings. These changes if approved by you can be reconfigured by you at any time from the options dialog available on your Internet Browser.
About 59% of users remove it
 
Powered by Should I Remove It?

The file feed2allapp.exe has been seen being distributed by the following 3 URLs.

http://91.74.184.68/.../Feed2AllApp.exe

Remove feed2allapp.exe - Powered by Reason Core Security