» flvplayer-chrome.exe
Overview
Analysis
File Details
Downloads (1090)

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.com and multiple other hosts.

File name:

Publisher:

VASSANA KONGSOONGNERN (signed and verified)

MD5:

cb543c48e39e7fd248b3c40223cfeb8b

SHA-1:

75ca96e2746b37e83163d53b11ba22f891735e29

SHA-256:

3a6215c8d1bc492c7eae323fa6ff60a53c0eb0d5a45207536d1fb5ece3b7034a

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

4/25/2024 6:27:20 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Dldr.Adload.65536

7.11.199.196

AVG

Generic

2016.0.3236

Baidu Antivirus

Adware.NSIS.Yontoo

4.0.3.1517

Dr.Web

Adware.Downware.8319

9.0.1.07

ESET NOD32

NSIS/TrojanDownloader.Adload.AA

9.10973

G Data

NSIS.Application.Adload

15.1.24

K7 AntiVirus

Adware

13.1814554

Kaspersky

not-a-virus:AdWare.NSIS.Yontoo

14.0.0.2677

McAfee

Artemis!CB543C48E39E

5600.6892

Panda Antivirus

Generic Suspicious

15.01.07.02

Qihoo 360 Security

HEUR/QVM42.0.Malware.Gen

1.0.0.1015

Reason Heuristics

PUP.VASSANAKONGSOONGNERN.Q

15.1.7.14

Sophos

Generic PUA HF

4.98

Trend Micro House Call

Suspicious_GEN.F47V0105

7.2.7

VIPRE Antivirus

CoolMirage Ltd

36436

File size:

64 KB (65,536 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature

Signed by:

VASSANA KONGSOONGNERN

Authority:

Thawte, Inc.

Valid from:

10/6/2014 1:00:00 AM

Valid to:

10/7/2015 12:59:59 AM

Subject:

CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata

Compilation timestamp:

12/5/2009 11:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:r1cVhpQI2EQK0iPDh84nScF15GYbWjXO3XJIC8UhsdKU+8ACRNPyMkilYcpveQk9:JQpQ5EP0ijnRTXJIpLdKCRNPpecpvIT

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w7KJFD879BH4ODFH06D1A6IC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wUJ7RVKTIO930AGH065TA0OS

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wN67LHF39KER39GH0B788OCE

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wJ812IKAHI3G13EHGCFHPNJ0

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1L6VGSCV9UEFMBHGRS7L9C6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wCHIHB4MPJTS1V7HG2F5G9FM

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wG28KHSRC7S2PHDH0KSCGSDO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w6PV48VH4OJG4HGH0GDIBM8Q

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wI1OBD6D23UPLM9HGTBJKB58

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w3P6ST82I84NKI1H05CDNQA2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wNKD87M24OCVSCDH0JPIUCNC

http://www.flvxplayerdownloads.com/.../mar14.php?subid=marmarlk&sid=w5R2NS2LQA6N518HG9FHMQ9K

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w29TCRFU5DGJFACH04NC0HD0

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wAS68QQAQ5240RAH0GDJNETU

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wKVGVOL248GDMOAHG75G9APK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wUN17Q6K4FMNNUAH0FGFPNNC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wQCF4OPBH3COP2HH0HFKB7D4

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wAU5C7UO09QOKB9H0P17665H

http://www.flvplayer-download.com/.../mar17.php?subid=marmarlk&sid=wAO9CH4E2E7Q2QAHGEEGP4HO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w314401C96MNV2BHGTC2O2E8

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wTTSRBMNDG9Q0I8H06VC1I3G

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wV106U06IJIJ52DH06R7K3CG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w46IDEKA98S7KG9HG4CHEC5U

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w0VJ8HV2P629STAH0U2AMJFG

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wOO9HB5VBD8I034GGH2B8SF6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w0CN5MDQ5O2U4EGH0GDRLK0A

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wIH786P1HUJQLHFH0V0T04FM

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w8TQK7RG3J9A71BH0DT84OFK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1H1S560TFO02O7H0LBR6H9O

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wO0KFIN22442AV9HGS2RT0GC

Latest 30 of 1,090 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.