» NeoLiveApp.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)

NeoLiveApp.exe

NeoLiveApp

CoolMirage Ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application NeoLiveApp.exe by CoolMirage has been detected as adware by 6 anti-malware scanners. This is a setup program which is used to install the application. This file is typically installed with the program NeoliveApp by IlemiTVApp.com. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.

File name:

NeoLiveApp.exe

Publisher:

NeoLive (signed by CoolMirage Ltd.)

Product:

NeoLiveApp

Version:

2.0.0.1

MD5:

d9bd1c17113b3bf5948a0f64b43f18f3

SHA-1:

3f7d91d0ab515bd205a10086ed1d493a38b8bb7b

SHA-256:

78cdddc2cfb4d8ca2d1ac0024a3d5bbea77fc5026efc3f0bcf3bc88100cf0aab

Scanner detections:

6 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

4/23/2025 4:00:52 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

Adware/1ClickDownload.AD.53

7.11.110.180

Dr.Web

Adware.Downware.625

9.0.1.0358

IKARUS anti.virus

AdWare.1ClickDownload

t3scan.2.0.127

Reason Heuristics

PUP.CoolMirage.K

14.8.7.17

Trend Micro House Call

TROJ_GEN.F47V0920

7.2.358

VIPRE Antivirus

CoolMirage Ltd

22992

File size:

793 KB (812,024 bytes)

Product version:

2.0.0.1

Original file name:

NeoLiveApp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\neoliveapp.exe

Digital Signature

Signed by:

CoolMirage Ltd.

Authority:

Thawte, Inc.

Valid from:

6/6/2013 2:00:00 AM

Valid to:

6/7/2014 1:59:59 AM

Subject:

CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

110F603E63C86349A5F243EA06966F33

File PE Metadata

Compilation timestamp:

8/26/2013 5:38:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:E5kKGTDJseiGL8IDdt9y8FbZOvP7vM2L86osAQ+1z6Ap:YTUJseiMFDdS85ZazvMg8YAQ+h6Ap

Entry address:

0x21375

Entry point:

E8, 62, 74, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, F1, 13, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, EF, 06, 01, 00, 8B, 45, 0C, 8B... 
[+]

Code size:

203.5 KB (208,384 bytes)

The file NeoLiveApp.exe has been discovered within the following program.

NeoliveApp by IlemiTVApp.com

About 3% of users remove it

The file NeoLiveApp.exe has been seen being distributed by the following URL.

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/NeoliveApp.exe

Remove NeoLiveApp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.