PutLockerDownloader.exe

PutLockerDownloader

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application PutLockerDownloader.exe by CoolMirage has been detected as adware by 3 anti-malware scanners. This is a setup program which is used to install the application. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www1.installsfiles.com.
Publisher:
CoolMirage Ltd.  (signed and verified)

Product:
PutLockerDownloader

Version:
1.0.0.1

MD5:
8c0e99d9a046c047abea29c57e4dce63

SHA-1:
c200a0a5cb3508ad9941ffc7b3c10a9dc5171755

SHA-256:
068c05825e66f30d7c5b70c8eaec3f5527a4f66abbce41636bbc24c11a20b432

Scanner detections:
3 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
11/30/2024 10:02:40 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Downloader-TPG [PUP]
2014.9-140113

Reason Heuristics
PUP.CoolMirage.T
14.8.7.17

VIPRE Antivirus
CoolMirage Ltd
22472

File size:
1.1 MB (1,116,664 bytes)

Product version:
1.0.0.1

Copyright:
Copyright © 2012

Original file name:
PutLockerDownloader.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\putlockerdownloader.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
6/6/2013 3:00:00 AM

Valid to:
6/7/2014 2:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
11/18/2012 2:30:53 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:WJKxdUNXgBN/soRIyDyPgdz3AJUg4GZp37kvA/bH6RGULvS8f:iuUNQXZ5DlJGZt7SAG5LaU

Entry address:
0x10C51E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9233

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1 MB (1,091,072 bytes)

The file PutLockerDownloader.exe has been seen being distributed by the following URL.

Remove PutLockerDownloader.exe - Powered by Reason Core Security