home

firstrowsportapp.exe

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application firstrowsportapp.exe by CoolMirage has been detected as adware by 12 anti-malware scanners. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cmpsmarter-downloader.maynemyltf.netdna-cdn.com.
Publisher:
FirstRowSport  (signed by CoolMirage Ltd.)

Product:
FirstRowSport

Version:
2.0.0.1

MD5:
c9afc58d0fbe8b3b14b4c0b5340b45cb

SHA-1:
97e5579525be1484ef9270648c413e7fc95b7e7f

SHA-256:
77947cd49ab72b39e4bc7d2b882f8b3dbd2701dbba4b5893b89aeb14c6132da2

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/30/2024 7:58:11 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downware
7.1.1

Avira AntiVirus
Adware/1ClickDownload.AA.19
7.11.132.128

AVG
Generic
2015.0.3259

Comodo Security
ApplicUnwnt
17807

Dr.Web
Adware.Downware.1403
9.0.1.050

IKARUS anti.virus
AdWare.1ClickDownload
t3scan.1.7.8.0

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2792

Malwarebytes
PUP.Optional.CoolMirage.A
v2014.02.19.06

Panda Antivirus
PUP/MultiToolbar.A
14.02.19.06

Qihoo 360 Security
Win32/Virus.Adware.7c6
1.0.0.1015

Reason Heuristics
PUP.CoolMirage.Q
14.8.7.17

VIPRE Antivirus
CoolMirage Ltd
26594

File size:
784.5 KB (803,320 bytes)

Product version:
2.0.0.1

Copyright:
2013 (c) FirstRowSport. All rights reserved.

Original file name:
FirstRowSport.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\firstrowsportapp.exe

Digital Signature
Signed by:
CoolMirage Ltd.

Authority:
Thawte, Inc.

Valid from:
6/6/2013 3:00:00 AM

Valid to:
6/7/2014 2:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
7/25/2013 4:44:34 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:Mooho6vaaDPNIevTWamJ0DWRBWPAsz8TE3vsU2nQntYlDrtg:YvvTWdODWRBWxQa0e

Entry address:
0x2087D

Entry point:
E8, B1, 73, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, EB, 08, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, 25, 06, 01, 00, 8B, 45, 0C, 8B, 40, 04, 83, E0, FD, 8B, 4D, 0C, 89, 41, 04, 64, 8B, 3D...
 
[+]

Entropy:
7.1432

Code size:
198.5 KB (203,264 bytes)

The file firstrowsportapp.exe has been seen being distributed by the following URL.

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/FirstRowSportApp.exe

Remove firstrowsportapp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.