home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.net and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
b4650fe49717582f50a64483294a2108

SHA-1:
42cc7493985dc7abde43548ca8c493dc4882d570

SHA-256:
2e09163b2b07aa74fb458968dd831b22442b7859cb9caff21dce4b4c86914400

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 2:31:50 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.11

AVG
Generic
2016.0.3202

Dr.Web
Adware.Yontoo.54
9.0.1.041

ESET NOD32
NSIS/TrojanDropper.Agent.CB
9.11153

K7 AntiVirus
Adware
13.194.14921

Kaspersky
not-a-virus:Downloader.Win32.TornTV
14.0.0.2506

McAfee
Artemis!E50423C905E2
5600.6858

Reason Heuristics
PUP.CoolMirage
15.2.10.17

Sophos
CoolMirage
4.98

Trend Micro House Call
Suspici.EDD0D2A5
7.2.41

VIPRE Antivirus
CoolMirage Ltd
37418

File size:
150 KB (153,584 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 8:00:00 PM

Valid to:
10/6/2015 7:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:9Lk395hYXJCt4DxHM73n3VjKp1hrUABHvkkpgEbnFE:9Qq84s7X3VjILskLni

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.5283

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wFFAU7N3NQ4SRR2I0C7QDLDU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w4D2LFONIC0Q8R2I05PKFDLQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wM2MGAN4B55BOP2I0N4NG1BI

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wGDA50MG817IP32IG2OHTM6D

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wBMMN6NMCJA3H12IG1JNAP06

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w6FN4FSGHPASSA5IGD20R176

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wIHORN2IT9MEVU4I0VMMLSHU

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w4FJV1HR5TKA7ONF0N3QS4P6

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wUVG96CE19RJ5P5I0CNTS9LA

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w57P74I8I73OES5I0SCVVF5K

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wQ47PRHR70826R2I0RND0TL6

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wRDAUL1QUR1PIUUH044LRPDU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wD65AD6SIJ2I2G2I0TD4V46A

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wEH12V6BU8T6MR2I0NMM4SFC

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w15RU423C4UUIA2I0DJUSCEK

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wA16DIBNB6O3MI4I0PM1FIBO

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wDEC5LOMAN084D6I03PVKFFC

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wPD7O13ON3ML543I09F28V2E

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wF7AC4H761B2DA3IGHDEG27S

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wTPCK57G1H8SV06I0362IJ4M

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wFOLLB3FC2J4CP5IGSO76V8M

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wMK7902BIP8QNT2I0KO7AE54

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wOK2I3SMFM9SHE5IG5NCBJ2M

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wS0KQGS4ILDLH92I00P4GGEO

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wIE492J21O5RL32IGVVGLPB9

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w1FCGDUVFBQIUN2I06F76R5C

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w71NCQ0TAIVI803IGBVG7CUE

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w6NRDQ2DGB5QH96I0ADMLVUE

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wS3GIMGBKH80SK3IGJT9U704

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wBTB48BK58AJOG5I0HCRGK26

Latest 30 of 64 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.