home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 13 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.getallfilesnow.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
fbe6491d72c2ed96e3996ffbe9ef6481

SHA-1:
752918f3c6e6ae7f1fee8583f6a4d83d6b353b20

SHA-256:
864742378e221b231f6a1045dcd0d62534a25c2f0d11845cedf0d98f11b2d855

Scanner detections:
13 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
4/23/2024 5:25:21 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/Yontoo.72648
7.11.196.234

AVG
Generic
2015.0.3254

Dr.Web
Adware.Downware.8319
9.0.1.0354

ESET NOD32
NSIS/TrojanDownloader.Adload.AA
8.10907

Fortinet FortiGate
Adware/Yontoo
12/20/2014

G Data
NSIS.Application.Adload
14.12.24

K7 AntiVirus
Adware
13.188.14395

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2767

McAfee
Artemis!FBE6491D72C2
5600.6910

Reason Heuristics
PUP.VASSANAKONGSOONGNERN.Q
14.12.20.16

Sophos
Generic PUA HF
4.98

Trend Micro House Call
Suspicious_GEN.F47V1219
7.2.354

VIPRE Antivirus
CoolMirage Ltd
35916

File size:
70.9 KB (72,648 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/5/2014 8:00:00 PM

Valid to:
10/6/2015 7:59:59 PM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:PQpQ5EP0ijnRTXJDGdoCLM1QWzmnyVefuHW4rugZL:PQIURTXJidTumyUfuHFqu

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.2403

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wM8GSFU6KDJV8DTGGIRPVK9C

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wN227QP7RTP80RRG019KRGF0

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wN5TB28IMHD78RVG0SQSEG7K

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wPA2D7JKCPH067TG0G1C4Q46

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wQGSAL9KKB7TSRSGG6NMMG96

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wKLFP4P5IP94BFSG05BQ427G

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wGAUGAAVC35GOMVG0T6PS788

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w09V1FGGMSSUFLTG0QH1FGE8

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w0PI7GKFDTG7EJRGGB5HG024

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w1Q23EM6K1UVERSGGOGRESE4

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wRR05DD73TSBFIVGG18TL534

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wBQB1UFI2K2LPCMFGIV2N3F6

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w4VAF3EJ2RAC8UUGGQF95VBO

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w45K3KGVTNBB7SVG06P5CRDA

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w453MOH65B3SK9UG0K5G9P96

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wSL25E16HH3EC2VG05OAMKCM

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wM2VF233RAECJMRGGEHKIBPU

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w5N45IT31CQQPARG0M28GG24

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wKCSM7P6CS8GR5TG0H25QSCQ

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w04DLG8ON6Q51AUG0MV5BT2I

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wFGV4BMP785B7LTG0853IL4S

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w4QOLQOGB5IEN6UG0107648G

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wFG80TERTS2C24VGG4OUD4BU

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=w2RLCDLL5BEB3SRGGNDCIQR6

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wNM88AK9EF6PQMVG0IV2OGJG

http://www.getmydownloadsnow.com/.../mar16.php?subid=marmarlk&sid=wDJ8KNQ1M845PVUG0J11GHBI

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wGE04EEPF3H9ATVG0UPE9NA0

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wLCMCVRV6BG485SG0KQDPEB2

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wG2Q02N4COLVHSSGGLAUGL6M

http://www.getallfilesnow.com/.../mar15.php?subid=marmarlk&sid=wEP8AJ9CACMD4AUGGIHPFBFQ

Latest 30 of 605 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.