home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
c8a87a76bd5056c7f4b4a01fd3c714db

SHA-1:
cfe40278d61b03d2530fae7413d48f73a0a56c5a

SHA-256:
4c4e356e01cae8e46c93682972766e4e0903a184968ad4cc6dbab0507e12b59a

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/24/2024 9:36:00 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.01.20

AVG
Generic
2016.0.3224

Dr.Web
Adware.Yontoo.54
9.0.1.019

G Data
NSIS.Application.Adload
15.1.24

K7 AntiVirus
Adware
13.191.14683

Reason Heuristics
PUP.CoolMirage.VASSANAKONGSOONGNERN
15.1.19.20

VIPRE Antivirus
CoolMirage Ltd
36784

File size:
63.9 KB (65,472 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 8:00:00 PM

Valid to:
10/6/2015 7:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:zQpQ5EP0ijnRTXJIpoqhWRjlydaNtEA4Yy4j:zQIURTXJIpomujlyett4Yy6

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2486

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wGFU53L7U7DKG4NH06U2QL6E

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wU7M82THAGSI36MHG0D3A882

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w0MFNQ4DPAQBU7JH0MFJ7BEA

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wF8NUUHMDRBHEPKHG0NLHK68

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wR4CSDT9QA0FFGLHGCD7POGO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w2GATRA92RT9RCLHGJBBEE4T

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wMIPQ2V41ME9K9OH0RAV95HK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTOBA11RVT1N1LLHGTTSQM8A

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w0AFFPOBD18BVCOH080KOL3I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1FBRE1E0969R1KH05L7KT9U

http://www.flvplayer-setup.com/.../mar2.php?subid=marmarlk&sid=wBP24I3LH3GUTJFFGIUMCTFU

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wMNM7QMPRRVPCFOHG452SH12

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1C8NIJD24I0MLOHGESMKG72

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w48GJDP4NS4ONQMHGJ2ID9HM

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w12VQOB9MEMFJTNHGP8QQNAM

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w898JR1CCVNECAMHGFR5E9K2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wVEF8BBMO6O3DOJHGLTAK29I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wKPA056M0B5IMELHGQ254O98

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wK8S6ECNKGEQUKIHGULMJS5C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w5B15A075H0KLIIHGNH71I62

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wLC5A8J782H0SOOH0M86E10E

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTK8CKNSB607KOLH0T27MJE6

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=w9VPUHJ3P3JTCLMGGJI88GPK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTIL4LQQPB2GD2OH0E840S9U

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wA9NKTA7UM6RLLHHGRQB9Q8Q

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wBFJM9RR7RHU34MH09HC9V4I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w6F057KUFA0AKNMH004O2V58

http://www.flvxplayerdownloads.com/.../mar14.php?subid=marmarlk&sid=wVAG85SFNC135B6GGSH04TAE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wOFI1FCTL41D68JH0EBDO9FA

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w99S9L84EREF4QIH0QE5KFD6

Latest 30 of 840 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.