home

FLVPlayer.EXE

FLVPlayer

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application FLVPlayer.EXE, “FLVPlayer MFC Wrapper” by CoolMirage has been detected as adware by 5 anti-malware scanners. This file is typically installed with the program HDPlayer by CoolMirage Ltd. which is a potentially unwanted software program. The file has been seen being downloaded from cmpsmarter-downloader.maynemyltf.netdna-cdn.com and multiple other hosts.
Publisher:
CoolMirage Ltd.  (signed and verified)

Product:
FLVPlayer

Description:
FLVPlayer MFC Wrapper

Version:
2, 6, 0, 0

MD5:
6e7b7869cefb3470c861187e8c5f0eb7

SHA-1:
9109cb4c2b6b42a19414714baa52a74be5c06f7a

SHA-256:
8583aacb5b507b155a6af3089bcf06dfb447bd68b5fddb9c98c08e86f25cf9ce

Scanner detections:
5 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/5/2024 8:07:11 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/1ClickDownload.AC.22
7.11.119.220

Comodo Security
ApplicUnwnt
17448

IKARUS anti.virus
AdWare.1ClickDownload
t3scan.2.2.29

Reason Heuristics
PUP.CoolMirage.M
14.8.7.17

VIPRE Antivirus
CoolMirage Ltd
24412

File size:
362.5 KB (371,192 bytes)

Product version:
2, 6, 0, 1

Copyright:
Copyright (C) 2012

Original file name:
FLVPlayer.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\flvplayer.exe

Digital Signature
Signed by:
CoolMirage Ltd.

Authority:
Thawte, Inc.

Valid from:
6/5/2013 5:00:00 PM

Valid to:
6/6/2014 4:59:59 PM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
8/18/2013 12:58:25 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:L9qpDZCYfCQoSS4RmSD4g/GwrRd/ISaiY0w6oZYFi1/nyTIUnD+:LafCGH/Gyd/ISaoqYYUnD+

Entry address:
0x21BE7

Entry point:
E8, 9F, 7E, 00, 00, E9, 78, FE, FF, FF, 6A, 0C, 68, 88, 0E, 44, 00, E8, 8B, 13, 00, 00, 83, 65, E4, 00, 8B, 75, 08, 3B, 35, 74, A4, 44, 00, 77, 22, 6A, 04, E8, 8A, 80, 00, 00, 59, 83, 65, FC, 00, 56, E8, 91, 88, 00, 00, 59, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 09, 00, 00, 00, 8B, 45, E4, E8, 97, 13, 00, 00, C3, 6A, 04, E8, 85, 7F, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, 75, 08, 83, FE, E0, 0F, 87, A1, 00, 00, 00, 53, 57, 8B, 3D, B8, 60, 43, 00, 83, 3D, 54, 91, 44, 00, 00, 75, 18, E8, 92, 74, 00...
 
[+]

Entropy:
6.6132

Code size:
209 KB (214,016 bytes)

The file FLVPlayer.EXE has been discovered within the following program.

HDPlayer  by CoolMirage Ltd.
HDPlayer is a bundled installation using a download monetization platform. Installing the co-bundled software through the modified installer may not be optional.
www.hdplayer-download.com
75% remove it
 
Powered by Should I Remove It?

The file FLVPlayer.EXE has been seen being distributed by the following 2 URLs.

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/HDPlayer.exe

http://www1.installsfiles.com/HDPlayer.exe

Remove FLVPlayer.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.