» onlinehdtvapp.exe
Overview
Analysis
File Details
Programs (1)
Downloads (2)

onlinehdtvapp.exe

Cool Mirage ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application onlinehdtvapp.exe by Cool Mirage ltd has been detected as adware by 11 anti-malware scanners. This file is typically installed with the program OnlineHDTV by OnlineHD.TV. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from cmp.online-hd.tv and multiple other hosts.

File name:

onlinehdtvapp.exe

Publisher:

AtdheNetTVApp (signed by Cool Mirage ltd.)

Product:

AtdheNetTVApp

Version:

2.0.0.1

MD5:

19aaa91c8caed743d0a74996d776841b

SHA-1:

202c6c531f1a9ec6051d6da6289a3b4f027d95ce

SHA-256:

ab5cdf2bf40b819126afd633a709f466609187e2ac20ff64f9a78c1ecc040354

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

2/25/2025 5:59:11 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.542265

1137

avast!

Win32:Downloader-TPG [PUP]

2014.9-131224

Bitdefender

Adware.Generic.542265

1.0.20.1790

Dr.Web

Adware.Downware.625

9.0.1.0358

Emsisoft Anti-Malware

Adware.Generic.542265

8.13.12.24.12

F-Secure

Adware.Generic.542265

11.2013-24-12_3

G Data

Adware.Generic.542265

13.12.22

Malwarebytes

PUP.Optional.DealPly.A

v2013.12.24.12

MicroWorld eScan

Adware.Generic.542265

14.0.0.1074

Reason Heuristics

PUP.CoolMirageltd.N

14.8.7.18

VIPRE Antivirus

CoolMirage Ltd

24664

File size:

812.1 KB (831,600 bytes)

Product version:

2.0.0.1

Original file name:

AtdheNetTVApp.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\onlinehdtvapp.exe

Digital Signature

Signed by:

Cool Mirage ltd.

Authority:

COMODO CA Limited

Valid from:

11/14/2012 2:00:00 AM

Valid to:

11/15/2014 1:59:59 AM

Subject:

CN=Cool Mirage ltd., O=Cool Mirage ltd., STREET=ogarit 39, L=tel aviv, S=tel aviv, PostalCode=69016, C=IL

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00FC28659CC8073606EF4D09A1994B1AD0

File PE Metadata

Compilation timestamp:

10/10/2012 9:01:00 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:Jcpo37S8PkU27J43DGT/r2EBmeiGL8HopRLtd8elohMdiEJKXn+JsEU7+iT6d+y:J5kKGTDJseiGL8IDdCh5XnSU7+D

Entry address:

0x21375

Entry point:

E8, 62, 74, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, F1, 13, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, EF, 06, 01, 00, 8B, 45, 0C, 8B... 
[+]

Entropy:

6.8931

Code size:

203.5 KB (208,384 bytes)

The file onlinehdtvapp.exe has been discovered within the following program.

OnlineHDTV by OnlineHD.TV

About 6% of users remove it

The file onlinehdtvapp.exe has been seen being distributed by the following 2 URLs.

http://cmp.online-hd.tv/OnlineHDTVApp.exe

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/OnlineHDTVApp.exe

Remove onlinehdtvapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.