home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 18 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.net and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
21031d20de47883e0c2342889637d0f3

SHA-1:
00fb890849c92833e0665710fdc6fa388bb24794

SHA-256:
e366647693b8adbc4c9a265ddddaf0da4e4c2ff15e2700b84816330fc5044bc3

Scanner detections:
18 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 2:57:20 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.05

Avira AntiVirus
TR/Drop.Agent.124896
7.11.207.154

avast!
Win32:Adware-gen [Adw]
2014.9-150205

AVG
Generic
2016.0.3208

Baidu Antivirus
Hacktool.Win32.TornTV
4.0.3.1525

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Adware.Yontoo.54
9.0.1.036

ESET NOD32
NSIS/TrojanDropper.Agent.CB
9.11128

G Data
NSIS.Application.Adload
15.2.25

K7 AntiVirus
Adware
13.193.14871

Kaspersky
not-a-virus:Downloader.Win32.TornTV
14.0.0.2533

McAfee
Artemis!21031D20DE47
5600.6864

Panda Antivirus
Generic Suspicious
15.02.05.10

Qihoo 360 Security
Win32/Virus.Downloader.e28
1.0.0.1015

Reason Heuristics
PUP.CoolMirage
15.2.5.10

Sophos
Generic PUA AA
4.98

Trend Micro House Call
Suspicious_GEN.F47V0204
7.2.36

VIPRE Antivirus
CoolMirage Ltd
37280

File size:
122 KB (124,896 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/6/2014 2:00:00 AM

Valid to:
10/7/2015 1:59:59 AM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:yLk395hYXJ5Mzfjn3CIglguEtU6JicE/GnZAd9xnFN:yQqELz3ClgXUbEnytnv

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 41 URLs.

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wK1K91TDNH3OQMUH0NC9EI98

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wMF5PNFTKHO09EUHGCJAAV02

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wIIK8MUUAMSM9CUHG9I35DCU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w052IE9VK6RTOKUHGVIOLNBQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w5739F5BHMO6CJTH0BLT1R30

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wQRM428HANJ26KTH03QI4MB0

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wN2F78KU9MSUUSTHGAB69M1O

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wM162211GDCJ1PUHGJ9LHSBI

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wGQ0LAHLVSOOJ0GH0V5SLO6O

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w5OO44Q8GGRP4LTH0MMRIEIS

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w50SL0USOQNJ6JUHG897OQ4C

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wEAHSBKEFRED9JTHGULV8BBO

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w7QVA6NAK5LFEPTH0CM610LQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wTKP6RFPG40FMBUH0QUM7JUE

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wCPM81GI0V0H5JTH0IIOCONK

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wG3QG0HH8AQ77PTH02G44T4U

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wK5FGFMJ5A0TBIUH0KJ1LRAG

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wO7R4K2T4459GGUHG5RD0MCE

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wH497G29Q57TJBUHGH6LLUBM

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wE451TMIQI06FPTHGNIOGHOC

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wKUFDNC2F2OIJMTHGF38LV6D

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w72LN3VDGT3LAKTH0KMQ1M68

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wM0R7DRIGD9M2KTHGGC1TQJG

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wBN7P37P6QG0H7UH0EPAKDBU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w7B6QJDCL4DMEMTHGM069HL2

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w3EV0T7VHETSILTHGFM64PQA

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wA440KA08H28QKTH0BQNVPO6

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wMA8B28MG0UVEQTH0QUM339E

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wAPJDDSSTG56HEUH0R0FSM9G

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w4RQGRMCUUL7Q0VHGCT1HE7S

Latest 30 of 41 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.