» flvplayer-chrome.exe
Overview
Analysis
File Details
Downloads (53)

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 14 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.net and multiple other hosts.

File name:

Publisher:

VASSANA KONGSOONGNERN (signed and verified)

MD5:

f2fdcc9824cb4285c7e3480221d9e06f

SHA-1:

d02ec6eb4eba018442437f932e3cbd49f4c0414a

SHA-256:

b016a6d35b2ebac24d3ee7d42c08f5ea47ee3e9a56558605b6abb0ac7e1adb4f

Scanner detections:

14 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

11/24/2024 2:51:52 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2015.02.18

AVG

Generic

2016.0.3195

Baidu Antivirus

Trojan.MSIL.ShimChanger

4.0.3.15217

Dr.Web

Adware.Yontoo.54

9.0.1.048

ESET NOD32

NSIS/TrojanDropper.Agent.CB

9.11186

K7 AntiVirus

Adware

13.195.14984

Kaspersky

not-a-virus:Downloader.Win32.TornTV

14.0.0.2471

Malwarebytes

Trojan.MSIL.Injector

v2015.02.17.09

McAfee

Artemis!F2FDCC9824CB

5600.6851

Qihoo 360 Security

Win32/Virus.Downloader.e28

1.0.0.1015

Reason Heuristics

PUP.CoolMirage

15.2.17.21

Sophos

CoolMirage

4.98

Trend Micro House Call

Suspicious_GEN.F47V0217

7.2.48

VIPRE Antivirus

CoolMirage Ltd

37660

File size:

145.4 KB (148,904 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature

Signed by:

VASSANA KONGSOONGNERN

Authority:

Thawte, Inc.

Valid from:

10/5/2014 8:00:00 PM

Valid to:

10/6/2015 7:59:59 PM

Subject:

CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata

Compilation timestamp:

12/5/2009 5:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:GQIURTXJLt4DxHMXSFkOUwvXdzWt5Gq7+fL8RPCB+fuRlumJjP:GsN4sXSFTVVWR+D8RPCBgCumJjP

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.5027

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wA1RVC50SMTAES8I0K19ADC0

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w3JL0JIF5FCJNE7IG110JVKI

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wEV3N0B1UH5KTC7I0T5RTO80

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wJ5ISGNV1UTIS57I0JAKHTIK

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wQ076LB1T89VBD7I0TDR5B6A

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w6BALFHFAU5FFC8IGKTICHB6

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w4DFR63R3JPPHR8IG3A1N8DQ

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w5775HMO8NBBKL6I0C5ENA48

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wQ323FENDGJRUL6I0D5690K0

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wFU00URASLAN9R6IG41G987M

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wMFMGR0RK2HKE38I0L1HM28Q

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w68EU1O1K2TJH19IGM3VFNS0

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wB4573C9UJ257L8IGSN3IO6H

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wN13K0TJOUVCKN6IG08V058K

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wRLPF1F3B59FD88I06IQQ8H4

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wAEQJHDK4NSJDQ8I04RQSVR4

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wD3GRD039KMJT67I0GPEDBO8

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wHQ82AHJKRTN7D7I014GR1SU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wEQJUKVMGEV2HRSHGO1IHI66

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wGEETTGHNA129R6I0S88AL70

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wUC4II2KCJQVPJ7I0C5ACUD6

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wSMGG0UMFV0VPD7IG2955PDA

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wI1CR9QEGO8CKS6I05V042DA

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wTEF61DJTFGON98IG9AU8424

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wNLGQBKM1SS4SS6I07KVELFU

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wDADU1DUD7JDKH7IGQT8I9HA

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wK2MAKPBH38KIR6IGR0H0E1I

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=w3HJ1AB664D9EU6IGV1DBVHO

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wTM83NQ22I0DVKEH09R8M7OG

http://www.flvplayer-download.net/.../mar10.php?subid=marmarlk&sid=wNVNSOR4OK50FD7IGM48RJ2S

Latest 30 of 53 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.