home

FirstRowSportApp.exe

FirstRowSportApp

Cool Mirage ltd.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application FirstRowSportApp.exe by Cool Mirage ltd has been detected as adware by 12 anti-malware scanners. This is a setup program which is used to install the application. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www1.installsfiles.com.
Publisher:
FirstRowSport  (signed by Cool Mirage ltd.)

Product:
FirstRowSportApp

Version:
2.0.0.1

MD5:
abad1fa625902ad31d132f8d534e3fc9

SHA-1:
0b79ae0915420a5e96b8e0f57fd9f1d8bb09e5fc

SHA-256:
6f71ecf6865b6338704524f316889d7849411b39e8a98c5a857fe145e093dd78

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
4/23/2024 9:57:31 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Downware
7.1.1

Avira AntiVirus
Adware/1ClickDownload.AA.19
7.11.180.188

avast!
Win32:Downloader-TPG [PUP]
2014.9-140310

AVG
Generic
2015.0.3259

Dr.Web
Adware.Downware.625
9.0.1.069

IKARUS anti.virus
AdWare.1ClickDownload
t3scan.1.7.8.0

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2792

Malwarebytes
PUP.Optional.Downware
v2014.12.15.01

Qihoo 360 Security
Win32/Virus.Adware.7c6
1.0.0.1015

Reason Heuristics
PUP.CoolMirageltd.Q
14.8.7.18

Trend Micro House Call
TROJ_GEN.F47V0327
7.2.69

VIPRE Antivirus
CoolMirage Ltd
21014

File size:
794.5 KB (813,616 bytes)

Product version:
2.0.0.1

Copyright:
(c) FirstRowSport All rights reserved.

Original file name:
FirstRowSportApp.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\firstrowsportapp.exe

Digital Signature
Signed by:
Cool Mirage ltd.

Authority:
COMODO CA Limited

Valid from:
11/14/2012 1:00:00 AM

Valid to:
11/15/2014 12:59:59 AM

Subject:
CN=Cool Mirage ltd., O=Cool Mirage ltd., STREET=ogarit 39, L=tel aviv, S=tel aviv, PostalCode=69016, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FC28659CC8073606EF4D09A1994B1AD0

File PE Metadata
Compilation timestamp:
8/8/2012 3:47:11 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:t3xN37S1LgK7RyLx/FuurW13bWyMvjrQkq/KGJ5S/qRnQntYl+W:twglFugILWyMvI//9J5

Entry address:
0x21328

Entry point:
E8, 5C, 74, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, A4, 13, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, EC, 06, 01, 00, 8B, 45, 0C, 8B...
 
[+]

Code size:
203.5 KB (208,384 bytes)

The file FirstRowSportApp.exe has been seen being distributed by the following URL.

http://www1.installsfiles.com/FirstRowSportApp.exe

Remove FirstRowSportApp.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.