home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.net and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
d345468adb53554a9927264e2dce7c7f

SHA-1:
39bdfa61a397607f488a218f5cce6476bb6fd79f

SHA-256:
215dee589c69dd17a9c98091308b1a31c2b73a63b51806805316d0df915bace2

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 3:10:15 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3247

Baidu Antivirus
Adware.NSIS.Yontoo
4.0.3.141227

Dr.Web
Adware.Downware.8319
9.0.1.0361

ESET NOD32
NSIS/TrojanDownloader.Adload.AA
8.10933

G Data
NSIS.Application.Adload
14.12.24

K7 AntiVirus
Adware
13.188.14468

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2731

Panda Antivirus
Generic Suspicious
14.12.27.09

Reason Heuristics
PUP.VASSANAKONGSOONGNERN.Q
14.12.27.21

Sophos
CoolMirage
4.98

VIPRE Antivirus
CoolMirage Ltd
36124

File size:
74.4 KB (76,224 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 7:00:00 PM

Valid to:
10/6/2015 6:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:kQpQ5EP0ijnRTXJD560qCzlTllqLKcXCvdxNTylCi:kQIURTXJD57QLKcXCglCi

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.1851

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wPM858M7RJEDPT0H06VC6RBC

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wUCTJG7C8V3SD9BHG47N003M

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w87JUB4LBUIQU42HG77CKMNQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wS8CHJ08I5JHEUBH00NSI980

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wU4ECLLUOBVRPIBHGVJNL5NG

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wNDC16S96DK1B52H077ABI4Q

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wMMGKKPC8OVPIJEH0VQ58N2N

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w7Q5O2R6M0H1R7GH0EGT5K42

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wTCC1RCDP8248S2H0QE1TLEI

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w1429P43THGGB22HG7A86BFU

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wE3R7BS5OTRS5CLGGIOPUK4A

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w00IPN921B6A3L2HGGRVEFN8

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wI13010V90I8442H08SJH17S

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wBA66MQIKFNU8Q2H0Q40SF9A

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w7BBDA7AN0TSP42HGUBAKO7M

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w70K07HDRRN621GH0A4GF8HC

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w8J4OJ6ARHVT1Q2HGLJ3432Q

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wGQRS5JI5C3AAT1HG00MVTC4

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wD7UJ1HS80UKF7CHGKQ1BQAS

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wIQ38BB32MNMKS2H0080OO10

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wVBT88UBKR63AQDHG384DDRQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wK6PKMJ587ODON2HGJ162KEU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w0R0SJ9CDILJRF0HG8N460D2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wR67MCBVTNAHRQ6GG6MON158

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wOIMEAG52RCR4I2HG43DFPB0

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w0ALHP0T6FJ25V1H0DPPA58A

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w7FC635QQNKUHV1HG9IUI48A

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wAG9HHVRA4NUH1GHG78J40N2

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wPVFO7NP9DALFEBHG4222Q3N

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wUH0E6PAFV6N5P2H0M0SJ036

Latest 30 of 560 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.