» flvplayer-chrome.exe
Overview
Analysis
File Details
Downloads (231)

flvplayer-chrome.exe

Sarinrat Subindee

The application flvplayer-chrome.exe by Sarinrat Subindee has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.xflv-player.net and multiple other hosts.

File name:

Publisher:

Sarinrat Subindee (signed and verified)

MD5:

b181c548420271263be25303c42efe26

SHA-1:

36a7d52b5afdd74f7de6b47dd284970bdd0d8c6c

SHA-256:

5114b6f5ef68daab376c61b40cc359a8ae3c9f6b7f3b5b7d1da0a549ed53ab7c

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

11/24/2024 7:56:44 PM UTC (today)

Scan engine

Detection

Engine version

AVG

Generic

2015.0.3303

Reason Heuristics

PUP.SarinratSubindee.Q

14.11.2.9

File size:

68 KB (69,616 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature

Signed by:

Sarinrat Subindee

Authority:

Thawte, Inc.

Valid from:

6/29/2014 8:00:00 PM

Valid to:

6/30/2015 7:59:59 PM

Subject:

CN=Sarinrat Subindee, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Thailand, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7F984B00AFAE5D11D235DCD3C48EB586

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:dQpQ5EP0ijnRTXJMfbJyZsop7Nf0Fu7D29AdZpN0a0:dQIURTXJMfbJyJNMMdxq

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.2500

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=w5NEPNFK4T2RBKMF097O6QE2

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wUL0LUIG3QKQC4NFGDVEHKFK

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wS27S7EET7406VMFGU696LC8

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wHPM1VAG5F453JMFGGIBSA20

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wSF31T8A06OEJ2NFG206TOS8

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wP601QNPLE42Q8NF0V6VR97Q

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wASMH4S0Q0A1C5NF0TB1TTIG

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wV9AFGR5Q974NJMFGD1SAF3U

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wLJMOUEL18ER85NF0JAJSOFO

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wJBR1MO6GCCJ6IMF0VHCOAFO

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=w443QRF90237J1NFGF1UNP8A

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wEA5F2PV49JM55NF03FDKMEI

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=w267255N8A8CPANFGLLPFDDI

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wP30C4GJ6ATS21NFGFP8F7RE

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=w7T6NUHEB2KET5NF0UEP7I3C

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wUU1ML0PCROQJ3NFGFAIRCTC

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wVJKT8J6N4BEJ5NF04GUOID2

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wN95JAI6BI37T3NF0DA1DM80

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=w7HSO5POF71OR1NF0D341HT6

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wVTUV3OLE33AJLMF0H3V971M

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=w95LE2GCOE47KJMFG6NPCE2I

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wPSF8P4FM88T68NF0Q4KPOJK

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wG0DT597JR1HT1NFGTPSN9O2

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wECJBRJPF4T146NFGEH8QFEK

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wR0HRJ7JMR1T56NFGOJDL22P

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wD5K2KU15SUVAVMF07IKRKA8

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wH29QK48SM9LUJMFG4E4KQBQ

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wIKIMRV4S6IFN9NFG7SP5B9G

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wCSV2SLMJH3MK3NFGGK0G0FU

http://www.xflv-player.net/.../mar8.php?subid=marmarlk&sid=wNNVQ8DN3N4Q27NF0TDDD9FG

Latest 30 of 231 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.