ilemitvapp.exe

Cool Mirage ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application ilemitvapp.exe by Cool Mirage ltd has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program IlemiTVApp by IlemiTVApp.com. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.
Publisher:
AtdheNetTVApp  (signed by Cool Mirage ltd.)

Product:
AtdheNetTVApp

Version:
2.0.0.1

MD5:
cf9c9fdd76d662463d3f6e3b9649f9a6

SHA-1:
08b4bf399c19312e55df1359a718e042363d9ad0

SHA-256:
73f373350278686385fe2d777d5ac775e5f4cfa04b3fc6ccde3fa16e052c7dc2

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/27/2024 1:29:19 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-TPG [PUP]
2014.9-131223

Dr.Web
Adware.Downware.625
9.0.1.0357

Malwarebytes
PUP.Optional.DealPly.A
v2013.12.23.07

Reason Heuristics
PUP.CoolMirageltd.K
14.8.7.18

Trend Micro House Call
TROJ_GEN.F47V0409
7.2.357

VIPRE Antivirus
CoolMirage Ltd
24128

File size:
794.5 KB (813,616 bytes)

Product version:
2.0.0.1

Copyright:
(c) AtdheNetTVApp.com All rights reserved.

Original file name:
AtdheNetTVApp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\ilemitvapp.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/14/2012 1:00:00 AM

Valid to:
11/15/2014 12:59:59 AM

Subject:
CN=Cool Mirage ltd., O=Cool Mirage ltd., STREET=ogarit 39, L=tel aviv, S=tel aviv, PostalCode=69016, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FC28659CC8073606EF4D09A1994B1AD0

File PE Metadata
Compilation timestamp:
9/27/2012 3:36:31 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:5cpo37S8PkU27J43DGT/r2EBmeiGL8HopRLtd8Q9k9CdiUN1DDzz:55kKGTDJseiGL8IDdk9YT

Entry address:
0x21375

Entry point:
E8, 62, 74, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, F1, 13, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, EF, 06, 01, 00, 8B, 45, 0C, 8B...
 
[+]

Code size:
203.5 KB (208,384 bytes)

The file ilemitvapp.exe has been discovered within the following program.

IlemiTVApp  by IlemiTVApp.com
About 7% of users remove it
 
Powered by Should I Remove It?

The file ilemitvapp.exe has been seen being distributed by the following 3 URLs.

http://www1.installstarter.com/IlemiTVApp.exe

Remove ilemitvapp.exe - Powered by Reason Core Security