home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.getallfilesnow.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
3301566b246d3aecff8ba0694dd1f072

SHA-1:
bbed77c6103bc6d591ae7d87d3360913a2af4b16

SHA-256:
ba97a6d642771e61ac8002a6bb06f27c1debf7f6754790a9682d29a6005cec73

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
4/29/2025 6:25:29 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.01

AVG
Generic
2016.0.3212

Baidu Antivirus
Hacktool.Win32.TornTV
4.0.3.1521

Dr.Web
Adware.Yontoo.54
9.0.1.032

G Data
NSIS.Application.Adload
15.2.25

K7 AntiVirus
Adware
13.193.14818

Kaspersky
not-a-virus:Downloader.Win32.TornTV
14.0.0.2553

McAfee
Artemis!3301566B246D
5600.6868

Panda Antivirus
Generic Suspicious
15.02.01.10

Reason Heuristics
PUP.CoolMirage
15.2.1.10

Trend Micro House Call
Suspicious_GEN.F47V0130
7.2.32

VIPRE Antivirus
CoolMirage Ltd
37144

File size:
67.4 KB (69,024 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 5:00:00 PM

Valid to:
10/6/2015 4:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 2:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:AQpQ5EP0ijnRTXJgwoIzknguCNSf3j8+zT9E8t:AQIURTXJYINuCUfT8+zJt

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2851

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w5QDOBQ7GD2FVFRH058HHFE4

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wAKN1DV5KPB5F5QHG7RC0TC6

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w0GP0D07KLE2I5QHGANG99AQ

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wIP045CRPPBVPNRH0KO0HH5Q

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w89CI0EOS5HA3MRFGOGGEH3I

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w3DHAK5ODMRK29RH0JDSQJFS

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w1I0O78V3PRUERMHG9BUK1FO

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w472S2JJJDJ7DERHGD8UHT0U

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w192RLKPIUQSTCRHGSL5U49O

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wA4EL4CC0JUS2PQHGB3UHFGO

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wSCTKDUIP9DEPRQH0S31GL8G

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wN3BG9CQFL4FUKQH0HLV4ESA

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wMHROIJ4L1L41SQHG67M6H7E

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wO7281269OR4RVQHGQ4DD8FC

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w01O4P2PQ0NUJ6RHG8JUVOGE

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wU4UCAIGEHCS42QH0AP0FA28

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wBNDFPDRT55IRTRH0HP46O90

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wG9H5P2M1QHEA1QHGCIC297E

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wLGM5J6S3FM98UQH0OQFU57S

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w4DRS1LRFJNN7BRHGTO4F1I4

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wOMBQLJK2010BFRH0478C4PU

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w75V0PH68HDVPPPH0K5M3U94

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wG7FAMBV2E469GRHGLB603D8

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w5F7GTGMHTPR8BRH0MVT7B0H

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wHT9ABV5BQHKGRPHGKOCDIFA

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w5QVIRLH6565R1QH0UFO5V12

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w1S90AK65D81MQQH0070704R

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wG6CNATA7639A5OGG5N17VAA

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wNFL26RJ89B4CTPHGJ0ESRFE

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wI55KEEMIK40GSQH0IO0UM2G

Latest 30 of 53 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.