home

FirstRowSportApp.exe

FirstRowSportApp

Terra Firma Internet Consulting LTD

The application FirstRowSportApp.exe by Terra Firma Internet Consulting has been detected as adware by 11 anti-malware scanners. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cmp.firstrowsportapp.com and multiple other hosts.
Publisher:
FirstRowSport  (signed by Terra Firma Internet Consulting LTD)

Product:
FirstRowSportApp

Version:
2.0.0.1

MD5:
9c5d0acd1242c3e508ea8d51bda0104d

SHA-1:
b9b6628864527cdd4306aca85318f45b44b5fe59

SHA-256:
65ef2f003141339112a7b7953877bdca90812c72fe85848c1d4a5647876d5306

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
1/13/2025 4:15:45 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downware
7.1.1

Avira AntiVirus
Adware/1ClickDownload.AA.19
7.11.180.188

avast!
Win32:Downloader-UHI [PUP]
2014.9-131223

AVG
Generic
2015.0.3259

Dr.Web
Adware.Downware.625
9.0.1.0357

IKARUS anti.virus
AdWare.1ClickDownload
t3scan.1.7.8.0

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2792

Malwarebytes
PUP.Optional.Downware
v2014.12.15.01

Qihoo 360 Security
Win32/Virus.Adware.7c6
1.0.0.1015

Reason Heuristics
PUP.TerraFirmaInternetConsulting.Q
14.8.7.23

VIPRE Antivirus
CoolMirage Ltd
34162

File size:
792.6 KB (811,624 bytes)

Product version:
2.0.0.1

Copyright:
(c) FirstRowSport All rights reserved.

Original file name:
FirstRowSportApp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\firstrowsportapp.exe

Digital Signature
Signed by:
Terra Firma Internet Consulting LTD

Authority:
Thawte, Inc.

Valid from:
5/21/2012 1:00:00 AM

Valid to:
5/15/2013 12:59:59 AM

Subject:
CN=Terra Firma Internet Consulting LTD, O=Terra Firma Internet Consulting LTD, L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
0A1E86793244EC30F46537E0AE0F0FB3

File PE Metadata
Compilation timestamp:
8/8/2012 2:47:11 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:+3xN37S1LgK7RyLx/FuurW13bWyMvjrQkq/KGJ5S/qRnQntYl+WN:+wglFugILWyMvI//9J5l

Entry address:
0x21328

Entry point:
E8, 5C, 74, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, A4, 13, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, EC, 06, 01, 00, 8B, 45, 0C, 8B...
 
[+]

Entropy:
7.1358

Code size:
203.5 KB (208,384 bytes)

The file FirstRowSportApp.exe has been seen being distributed by the following 2 URLs.

http://cmp.firstrowsportapp.com/SportTVFirstRowSportApp.exe

http://cmp.firstrowsportapp.com/FirstRowSportApp.exe

Remove FirstRowSportApp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.