flvplayer-chrome.exe

CHUTCHAI KIEWNOY

The application flvplayer-chrome.exe by CHUTCHAI KIEWNOY has been detected as adware by 6 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from www.flvxplayerdownload.net and multiple other hosts.
Publisher:
CHUTCHAI KIEWNOY  (signed and verified)

MD5:
4f9422f1b0227d87ac6e20e933810b61

SHA-1:
60e7f5fde7f38fe5838b46bc59b6f03b2e59a86f

SHA-256:
511348379314947e8b4bdd89cd0a1642e45d65bc7b5ec21f6a54a38fc5fb1326

Scanner detections:
6 / 68

Status:
Adware

Analysis date:
11/24/2024 8:24:50 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Malware-gen
141119-1

Dr.Web
Trojan.Yontoo.30
9.0.1.05190

ESET NOD32
NSIS/TrojanDownloader.Adload.AA trojan
7.0.302.0

McAfee
Artemis!4F9422F1B022
5600.6936

Reason Heuristics
PUP.CHUTCHAIKIEWNOY.Q
14.11.18.21

Trend Micro House Call
Suspicious_GEN.F47V1118
7.2.328

File size:
67.4 KB (69,056 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Authority:
Thawte, Inc.

Valid from:
9/29/2014 7:00:00 PM

Valid to:
9/30/2015 6:59:59 PM

Subject:
CN=CHUTCHAI KIEWNOY, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
70CF135290F3FC7E7BD27C7B350CF722

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:HQpQ5EP0ijnRTXJUvGLAkXaB4WNZpR6iFoQ:HQIURTXJn8kXS48ZpR6KoQ

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2475

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 44 URLs.

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=w3NT40K4CH32534GGOVT2KD8

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wGSVJJPN45IDL33G05N04UV6

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wLCDO8CUJ9H7704G0KIRG54S

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wPDPIOSH9GV9A83G081IE6Q0

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wQCGI5HR6UMLIS3GG79OJSPU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wQRMVGPG9NN4BESFG49GNPFQ

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=w94QTNLU525B853GG117LBBS

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wRBUNN5C02POIU3GGS15B5AC

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wJ3DEC1L4VAJ734G0FOCUSEI

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wCGQVLNJ6I9C7F3GGM8KT792

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wDRSDAKSVBELM83GGPKFQ81I

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=w8RG630P4UK1KN3GGT2CN5JM

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wQVFTQ6EAO8SJP3GGRC273HQ

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=w1635KAA4LMG004G00B4R31U

http://www.flvxplayerdownload.net/.../mar13.php?subid=marmarlk&sid=wU6KSQKSM2RPT43GGM5S50QC

http://installssource.com/.../marmardr2.php?subid=marmarlk&sid=wIR3AO4HRDNGQCAF07R4QD1E

Latest 30 of 44 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security