» AtdheNetTVApp.exe
Overview
Analysis
File Details
Downloads (1)

AtdheNetTVApp.exe

CoolMirage LTD.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application AtdheNetTVApp.exe by CoolMirage has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from cmpsmarter-downloader.maynemyltf.netdna-cdn.com.

File name:

AtdheNetTVApp.exe

Publisher:

AtdheNetTVApp (signed by CoolMirage LTD.)

Product:

AtdheNetTVApp

Version:

2.0.0.1

MD5:

6c197248454c16803424a67f5ea31425

SHA-1:

49f6b5359b20a9337ec3ec46be3ad6d29e131b5c

SHA-256:

ca58ae106eef93ed88192cb256c86af3821c41387d344150d2b03ec73b3edf06

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

4/25/2024 1:22:21 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.CoolMirage.AtdheNet (M)

16.5.11.18

File size:

793.2 KB (812,224 bytes)

Product version:

2.0.0.1

Original file name:

AtdheNetTVApp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\atdhenettvapp.com\atdhenettvapp.exe

Digital Signature

Signed by:

CoolMirage LTD.

Authority:

Thawte, Inc.

Valid from:

8/26/2014 8:00:00 AM

Valid to:

11/10/2015 7:59:59 AM

Subject:

CN=CoolMirage LTD., O=CoolMirage LTD., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

029E9B7F7CD982D1F52BA19EDA66E340

File PE Metadata

Compilation timestamp:

9/20/2012 12:18:09 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:9Dpo37S8PkUWrZoHDGTfr2zRWeiG7MHoZWe9dWb7R4K6i2ljbD7Gt:9WkqGTjeseiG7M4zdkR+yt

Entry address:

0x21375

Entry point:

E8, 62, 74, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, F1, 13, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, EF, 06, 01, 00, 8B, 45, 0C, 8B... 
[+]

Entropy:

7.0755

Code size:

203.5 KB (208,384 bytes)

The file AtdheNetTVApp.exe has been seen being distributed by the following URL.

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/ATDheNetTVApp.exe

Remove AtdheNetTVApp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.