home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.net and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
d28cbe6fab4f9b12d4c3db5b62b76e31

SHA-1:
792f41e8858d51522c5b5e992b5ddffa44105365

SHA-256:
9431363cd6e4eda076dea6487bc73de339d9be0d788efc32a4f02c6f1225d481

Scanner detections:
11 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 2:39:22 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3269

Dr.Web
Adware.Downware.8319
9.0.1.0339

ESET NOD32
NSIS/TrojanDownloader.Adload.AA
8.10834

G Data
NSIS.Application.Adload
14.12.24

K7 AntiVirus
Adware
13.186.14254

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2841

McAfee
Artemis!D28CBE6FAB4F
5600.6925

Reason Heuristics
PUP.VASSANAKONGSOONGNERN.Q
14.12.16.10

Sophos
Generic PUA HJ
4.98

Trend Micro House Call
Suspicious_GEN.F47V1204
7.2.339

VIPRE Antivirus
CoolMirage Ltd
35460

File size:
70.9 KB (72,648 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/6/2014 2:00:00 AM

Valid to:
10/7/2015 1:59:59 AM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:GQpQ5EP0ijnRTXJDGdoCLM1QWzmnyVefuHW4rugZT:GQIURTXJidTumyUfuHFqi

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wDLNM4RQNGOVEROG04GAOKL8

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wNOGVU3UF6M95RVG0907RK96

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wBN05GEUHTUPLSVGG7Q300B2

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w2MRNBLMAUFR7KHGGKM9V14Q

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wEFF2JQMREU3SBHGGNSEGBII

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wRHH5QJBIR5MVAFGG7PHJN46

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w1HQ7CV4MNTUNRVG09PI7HF4

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wL77S2SM6806V3IGG74VHJ52

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wE6QREDG9Q6UHEGGGHG67R7Q

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w4EEAMFSN9CDR1GG0K0H6OE4

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wK5J32N1LS3OJBJGGUMGOQ0Q

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w6TBTRF1SDF0NRLG0T6ND17K

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wDO4S07B62BG2SPG03KSU42I

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wUF2UUQ2RO5VGTLGG2K8IDFQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wPM36KQ78TLNRUIG0GTD1IHK

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wP2H9OG5CJ2663FG0LQ9U676

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w18J26JNEVCJQUVGG1EEGVBM

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wMG2J7A3901ARF0HGQEIVM6C

http://installssource.com/.../marmardr2.php?subid=marmarlk&sid=wBI8VHP0EJCQ96AF0TLQPI1E

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wT907INDE5FK2LOGGGT64PGI

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w7PAGPP8SED31NVGGI4JCR0G

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wQUOBRB0572MQ1OG0AA3M0QK

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w1N5NDO62E36CHMGGFH236EQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wLUBVHUGE2BP6OJG06278P1M

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wF5R7PBF0E6S7VFG0MMLP9FG

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wOEJCCO79VS5UQQGG740IF56

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w0V75IBQKQO4HRMGG066NCCQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wKJ7KNCP7CK9IJGG0REBJM8G

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wRA0HRMIQET95HKG0V5O36MI

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wP1FMHQRB82ILMGG0C410596

Latest 30 of 429 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.