home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
09d5f8f7551bc9063706a0c160e7077f

SHA-1:
6b34e87e23e69e9828d01c1e2669302eace07e96

SHA-256:
cd0207d2b30dfe6f4585e8562fe4142f5144ac8fc586f48c25347ccdcc73ae56

Scanner detections:
15 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 9:37:30 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.11

Avira AntiVirus
TR/Drop.Agent.125784
7.11.209.70

AVG
Generic
2016.0.3202

Baidu Antivirus
Trojan.MSIL.ShimChanger
4.0.3.15210

Dr.Web
Adware.Yontoo.54
9.0.1.041

ESET NOD32
NSIS/TrojanDropper.Agent.CB
9.11155

K7 AntiVirus
Adware
13.194.14927

Kaspersky
not-a-virus:Downloader.Win32.TornTV
14.0.0.2506

McAfee
Artemis!09D5F8F7551B
5600.6858

Qihoo 360 Security
Win32/Virus.Downloader.e28
1.0.0.1015

Reason Heuristics
PUP.CoolMirage
15.2.10.19

Sophos
Generic PUA GL
4.98

Trend Micro House Call
ADW_BUNDLER
7.2.41

Trend Micro
ADW_BUNDLER
10.465.10

VIPRE Antivirus
CoolMirage Ltd
37424

File size:
122.8 KB (125,784 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 5:00:00 PM

Valid to:
10/6/2015 4:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:41 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:BLk395hYXJEjLaM9xn3DleiaOD+cHfiF7xnFa:BQqgDX3Dl8O6c6nA

Entry address:
0x30CB

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00...
 
[+]

Entropy:
7.6735

Packer / compiler:
Nullsoft install system v2.x

Code size:
22.5 KB (23,040 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wDFVMPJACTV4BK1IGIJQRTBI

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wN4SM8L7TOFSM81IGEDIHJD6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w60I36FFTNA0KM1I0AEBVDBC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w9SH095TPO0KJG1IGU6FF42C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1ORM8GSP4PGG71IGRB4RVF8

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wHDDFM5DV64799NG02POUB0Q

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wV2T1GCVAPR4MTRG0HSLPR0R

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w0FT5CP4G2JMDF1I03KSBIC6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wV2J4D3INB2R9K1I07751N6K

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wOI275ETPPADAL1I04MCPPEC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wPKRQQSA9GGFTE1I0SAJKS4E

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w2KC2PLN06EGBI1IGB3LQ7Q2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wGOVRKPSO702M00IG0PFFL9K

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w0L5II32H0D9QG1I0IQSFABE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wJJ7CR4KKAEO3C1I0T5HS7CG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wASV6OOF325RCA1IG6KFCTNQ

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w9A4LBP64F64EJ1I0VIK2E52

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wA111RTSUMGSLH1IG3KPP7NS

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1AV0E76KCRDKL1I0OHK4K6C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wF8GRUEPTEL5JG1I0J8IKO7S

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wE0AANL99LLCD71IG6K1B5RU

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w4FEDN0QO2E0TA1I0OEFECJ8

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wL9OGFIC4L0GP91I09CEF69O

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTEI09DA4IQKNJ1IGTU0CK00

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wSTPJVBO8QMGG71IGTGK6GAI

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wGAVHKE42T2B1J1I0NHQTL9K

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1903CVU9CVI7P1IGGACSBEG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w009K5E0I555FJ1IGMDIK4FC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wJE836B3T58ACE1IG287E9OU

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wO05APG6L4G3JJ1IGGC33U80

Latest 30 of 68 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.