flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 10 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-setup.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
f06e312de6b2b8589bd9a6259c9909a2

SHA-1:
057fda7fce5d0491b6959f60c0fbded76289d529

SHA-256:
a4321d75ca07b674460a5f8bc6aa0b72fd0a1f913ade537c61f0b3ce0de7a2f6

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 3:03:28 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2016.0.3238

Baidu Antivirus
Adware.NSIS.Yontoo
4.0.3.1515

Dr.Web
Adware.Downware.8319
9.0.1.05

ESET NOD32
NSIS/TrojanDownloader.Adload.AA
9.10967

G Data
NSIS.Application.Adload
15.1.24

K7 AntiVirus
Adware
13.1814541

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2686

Panda Antivirus
Generic Suspicious
15.01.05.04

Reason Heuristics
PUP.VASSANAKONGSOONGNERN.Q
15.1.5.16

VIPRE Antivirus
CoolMirage Ltd
36396

File size:
64 KB (65,536 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
10/5/2014 8:00:00 PM

Valid to:
10/6/2015 7:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:c1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJIC8UhsdKU+8ACRNPyMkilYcpveQk8:6QpQ5EP0ijnRTXJIpLdKCRNPpecpvI+

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2504

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-setup.com/.../mar2.php?subid=marmarlk&sid=wGQ0GG4NETIQ1VDFGGM6KN2K

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wESQ82DU5LO8AS7H0O9ML47U

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=w2FALR676DUVHF7H0J7L5Q2K

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=w9IA6DSTU1IT047H03PDCKAG

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wT46HELK876E9K7H0APJL88O

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wUC4G0L91TP4B97HGBOIMD06

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wC74AL3O15M75HAH09NNRKHI

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wBUR8I4OF2P8MU7HG3SO3QEI

http://www.flvxplayerdownloads.com/.../mar14.php?subid=marmarlk&sid=wVAG85SFNC135B6GGSH04TAE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wFPEFPGGSTEB033G0GE3BSHU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wFFQ5V2UJSSB7F2HGQTFPFIE

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wQ28DADC99HDN77HGTO710GQ

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=w1N3IHF945KUJ67H0P9PHC9M

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wUABA0TE7FHHHV9H0ET7Q6DK

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wGBVJPUAQVGGHC7H0RU0EUCI

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wBAMJ7I8OFTMKF7H01QNAPBQ

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wS5MII4DT5FDT77HG3RVJ17C

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wV089O3C7CEGQ07H0RERCFFM

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wHMTNV3APC9BUA7H07IOGG52

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wMOVG2LGJ97BA6AHG28GRIFG

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wSOU4BAI2LRMIV7HGCC8LSLE

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wF8HIQIH30R44U6HGNCM5I3P

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wP3QPE5HHB3LCKAH03RC76CI

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wNMT38RL0LFLN37HGFG2MT54

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wV3N5248UPAST1AHGL0IQU06

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wCO97RTK8U5R497H0ENVJV5U

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wUSVBM8SBM25147HGT6BDBIO

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=w1B88KH5USQGIC7HGDR2SBOM

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=w1M1VP71C7UJDGAHG9FA6S20

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wP4T0TLO48P98A7H083PP4D6

Latest 30 of 224 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security