home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
cf0f519d3f0aa96d378567055adb59d5

SHA-1:
9b09d6e20767a366f2409bc5cd7fa9bf1fbc83d7

SHA-256:
60e011e7905191aade19bc7d7d744dc7cc3e1a7b85eedfcdfc7c1c824d6b3dd0

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 1:50:19 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3279

Dr.Web
Adware.Downware.8319
9.0.1.0329

ESET NOD32
NSIS/TrojanDownloader.Adload.AA
8.10781

K7 AntiVirus
Adware
13.185.14134

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2891

McAfee
Artemis!CF0F519D3F0A
5600.6935

Reason Heuristics
PUP.VASSANAKONGSOONGNERN.Q
14.12.16.10

Sophos
CoolMirage
4.98

Trend Micro House Call
Suspicious_GEN.F47V1124
7.2.329

File size:
74.5 KB (76,240 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 7:00:00 PM

Valid to:
10/6/2015 6:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 4:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:nQpQ5EP0ijnRTXJXEElr4vxU9jMuMMMMMMMMMMMMMMMMMMMMMMMMMMMXMMMs/ubn:nQIURTXJ14vxU9jMuMMMMMMMMMMMMMMz

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2340

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w9EC6KEAIUFC6JAG0O0CLHME

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w3N79GNQLV1352CG0SCAUK6O

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wAGSKFP7RB9UI29G0PEMFH2Q

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w4HB4JF89FKD7IDGGG2V1O30

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w2RJSET9TS0KQJAGGFL0NCBJ

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wKTV436PAPBIAV9GGP81NHE6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w2JMIER5PFJJKSCG0D8T4898

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wIBH2O1I2N2TFA9GGM85099E

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wN43I6PG8L83GABGGRDP2Q2G

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wSKG4PO45R5G4E8G0UDB2IMI

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wVEBDF7G6857JBBG0AL4VDDG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w0HTIMBKH7T7CE8GGIKQFALE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w4PP1AOM3I299V8G0LBVJP4G

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w8991NL7TLPM0HDG0106BJJ4

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wD37UPAOH3U3PS9G0GUNFM17

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w6IHP3EDQILP87EGGOOR8IJE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTS83GCB7RHG26DG0KDR557C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w9R9UOUL6EBER5CGGMO2RLCE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w43FP32MSFFKFSCGG9OO18BO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w8UC27AO0B1N3N9G06Q4CGDE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wIQ11HBVGL5G4RCGGOBDF1ES

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w0TT718572QPL8CG015V4RBC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wT4NEG1BVMJOPICGGH5SFL1S

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wS5QB92DPTBQRPBG01VB6HCA

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1IVPHA1DSBCDUCGGNFA587S

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wP88AQ521MRV3RAGGRIHNR2E

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w69QGGP015UQUE8GGJ3QB21E

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wLMEJF5U0N05DO7G0FHCPA4Q

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w9NTRP83VHCS388GG7HBCG9C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wNUDIJ3KN5UK5R9GGHCSGIE8

Latest 30 of 428 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.