home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
9b3cefc2e544c721585c66c197565aaa

SHA-1:
53fda9d9219f671fbf168e6120ec7ffe328980b8

SHA-256:
7c3480af482fb086a81322dedf260a6303faa0c143795c4e1bf3a60b3f1295d4

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
5/17/2024 2:49:21 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.01

AVG
Generic
2016.0.3212

Baidu Antivirus
Hacktool.Win32.TornTV
4.0.3.1521

Dr.Web
Adware.Yontoo.54
9.0.1.032

G Data
NSIS.Application.Adload
15.2.25

K7 AntiVirus
Adware
13.193.14823

Kaspersky
not-a-virus:Downloader.Win32.TornTV
14.0.0.2555

McAfee
Artemis!9B3CEFC2E544
5600.6868

Panda Antivirus
Generic Suspicious
15.02.01.01

Qihoo 360 Security
Win32/Virus.Downloader.e28
1.0.0.1015

Reason Heuristics
PUP.CoolMirage
15.2.1.1

Trend Micro House Call
Suspicious_GEN.F47V0130
7.2.32

VIPRE Antivirus
CoolMirage Ltd
37152

File size:
67.5 KB (69,088 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 8:00:00 PM

Valid to:
10/6/2015 7:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:AQpQ5EP0ijnRTXJgwoIzkngu7fikEgdJc6G5Bxu:AQIURTXJYINumkBQ8

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2838

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wU7KFKUEOFGVGGQH0TODU760

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wA299T82M7L72UPHGU4HCNNO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w3JGHH95VRVK5BRHG1FHR5CC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wBIG508OIP4M5UQHG2G19O9M

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wRQVM9VR778GP5QH0IAV191I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w23OUR2VBHF8U9RH0SG5V062

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wOS2KKL0ORTOOBRHGPNR682Q

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTUIO6PFD8TFACRHGHP004OG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w5M2ED9B3D0N2QQH0ENCSR0O

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wI7LH7NVJ56PMTRHGPRGDPGU

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wIB814IRV6345URHGJTT3HBA

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wKP3OJRJ690OLNQHG2VJ3EE0

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w6374S281ECOS4QHGLUL92BG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w3GGGE4VPAKKDVPH064BUD9M

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wOT2H6MFOB9HHHRHGREABM2U

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wL9SAILL0FOMIKQHG7CUM79A

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wKBJETKV2NC55HQH0R7G4TTM

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w2T30CVUHLSRTQPHGV6NI48E

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wE198S8N29VJO4QHGL5Q1T00

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w67QSDAAKVQKDMQH0AKD1L8C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w944BSI6AA7E4HQH0G3T2FFC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wMMI8RAQSSI0LBRHGLI44DM2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wLV7NC2VAL086PQHGGDMRA8A

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wS0O2FP1HM7P3S3HGUPEHKL2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w50G6PQNIBLOR5QH0G9FSQEI

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w8LL78319FPHQSQHG1L58ASE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wL01ANH08NJGCUQHGAF3K5B0

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wNQN0CJ30IIF1PQH0N6PHMI4

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTVFKCQBBIA7I5QH0C9RUK3C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wLFBEN7R7OSU8BRHGFUR5FHM

Latest 30 of 343 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.