» flvplayer-chrome_a.exe
Overview
Analysis
File Details
Downloads (107)

flvplayer-chrome_a.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome_a.exe by VASSANA KONGSOONGNERN has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.com and multiple other hosts.

File name:

Publisher:

VASSANA KONGSOONGNERN (signed and verified)

MD5:

560445083599d7fc02268b797b427922

SHA-1:

a7f831306771be4223a9bac2e8e234e4d461b1e3

SHA-256:

8b7e2c57e16aaa415b476cd58f9517408c789a39c731c1f20937d4ef0eefa933

Scanner detections:

12 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

11/24/2024 1:33:53 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Win-PUP/CrossRider

2015.02.03

AVG

Generic

2016.0.3210

Dr.Web

Adware.Yontoo.54

9.0.1.034

ESET NOD32

NSIS/TrojanDropper.Agent.CB

9.11110

G Data

NSIS.Application.Adload

15.2.25

K7 AntiVirus

Adware

13.193.14838

Kaspersky

not-a-virus:Downloader.Win32.TornTV

14.0.0.2543

McAfee

Artemis!E50423C905E2

5600.6866

Qihoo 360 Security

Win32/Virus.Downloader.e28

1.0.0.1015

Reason Heuristics

PUP.CoolMirage

15.2.3.8

Trend Micro House Call

Suspici.EDD0D2A5

7.2.34

VIPRE Antivirus

CoolMirage Ltd

37192

File size:

119.4 KB (122,280 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\flvplayer-chrome_a.exe

Digital Signature

Signed by:

VASSANA KONGSOONGNERN

Authority:

Thawte, Inc.

Valid from:

10/5/2014 7:00:00 PM

Valid to:

10/6/2015 6:59:59 PM

Subject:

CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata

Compilation timestamp:

12/5/2009 4:50:41 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:1Lk395hYXJ/zKh8hMKM7k08n3wRCY04oeURj2Ja+3nFMt:1Qqtw8mA3284oeUYJjnI

Entry address:

0x30CB

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 60, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B0, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 38, 3F, 42, 00, E8, F1, 2B, 00, 00, A3, 84, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 30, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, 54, 91, 40, 00, 68, 80, 36, 42, 00, E8, A4, 28, 00, 00, FF, 15, AC, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, 92, 28, 00, 00... 
[+]

Entropy:

7.6856

Packer / compiler:

Nullsoft install system v2.x

Code size:

22.5 KB (23,040 bytes)

The file flvplayer-chrome_a.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wP062I00PQK3BPSH0GRIPJ7M

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wQ1H8703GIHA4USHG9Q7O4EK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wCV65DLOOF3U02SH00FCDER0

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w5KM9HH2LH6JSBSHG5JDJSN2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTQBMME0Q1TT4SSH00EP3RQ4

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wMA24ODOE40GJASH0CU03TB2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wH905JD6BB30A7THGMUQGCDG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wMSRIJU9B750S7SH0KBCGR94

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wN5BLUSTIQVHU0THG5IEHBEQ

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wT4860NFM2U2A7SH0OVPACRA

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w65OJB0T12BORBSHGEJ1V045

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wR0V2QOU3T9F15SHGCJFEJF6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wCM5HCVS43LS2VSH0K4KDJOM

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wA7EISORJF5LMTSHGO8MO1VO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wPR3LH7VRNUOU8THGBDRLG84

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wVG1QC8E4FVFT5TH0BRMP68U

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wVDA2EMJIJ3F0SSHGMU6JVG6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w22LKOPSIT2OUTSHGPVQKHJM

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1G8IJKQUGRUV4THGD7ND99I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w6O2R62G2DRUDBSHGGR7MC68

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1B27C5AGJ9CU8SHG84K0D1C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w37KM5T4LPJJK0TH03PNSNII

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wLUQOVLHA9SKS4SH04P89NSC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wK0MBGPQSHK9D5SH05RBIFTK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wEU1LKOIE22JH6TH0ODU1IC8

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wU14NL9SHP7VN9SHGK35NT14

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wL0Q4DUHLMOSJ2TH0DU31E4C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w2Q7OD0FN4BK4ASHGVKIVJ7Q

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wGN183VD8GJ6M6SH0RIUL0BQ

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w5ML15E9NN1GOQSH0K1QRG2K

Latest 30 of 107 download URLs

Remove flvplayer-chrome_a.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.