home

livestreamingapp2.exe

LiveStream

VASSANA KONGSOONGNERN

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application livestreamingapp2.exe by VASSANA KONGSOONGNERN has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cmpsmarter-downloader.maynemyltf.netdna-cdn.com.
Publisher:
Cool mirage  (signed by VASSANA KONGSOONGNERN)

Product:
LiveStream

Version:
1.0.1.2

MD5:
a45e80c56275312c6c685478eac99f51

SHA-1:
12796610e9d86db469dbfddd2a9cc0e7d08f3e7c

SHA-256:
c8495c22b07eb5e1c01e5e02cdb812c43dcc88aee31af1f7c880167ed0cb6d20

Scanner detections:
6 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/27/2024 1:37:18 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3304

Baidu Antivirus
Adware.NSIS.Yontoo
4.0.3.141031

Fortinet FortiGate
Adware/Yontoo
10/31/2014

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.3017

Reason Heuristics
PUP.VASSANAKONGSOONGNERN.R
14.12.16.10

VIPRE Antivirus
CoolMirage Ltd
34258

File size:
60.8 KB (62,208 bytes)

Product version:
1.0.1.2

Copyright:
Copyright © Cool mirage 2014

Original file name:
LiveStream.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\livestreamingapp2.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/6/2014 1:00:00 AM

Valid to:
10/7/2015 12:59:59 AM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
10/20/2014 2:44:07 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:qvjxj/gpANTLQD//fYIn4xnhlzBimn0wqYvjxfk:qvZ/yApm/3YIsBb0wqYvW

Entry address:
0xB96E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
38.5 KB (39,424 bytes)

The file livestreamingapp2.exe has been seen being distributed by the following URL.

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/LiveStreamingApp2.exe

Remove livestreamingapp2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.