» flvplayer-chrome.exe
Overview
Analysis
File Details
Downloads (176)

flvplayer-chrome.exe

Rungnapa Fongkerd

The application flvplayer-chrome.exe by Rungnapa Fongkerd has been detected as adware by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.xflv-player.com and multiple other hosts.

File name:

Publisher:

Rungnapa Fongkerd (signed and verified)

MD5:

d9e54bb6ddce7325ba8347ca87d46cec

SHA-1:

c34110898ca03bed9abd60bd15a40de82869ecff

SHA-256:

73a1a64ea449d029087ca7442a21226a2b289cc696b1fcda3fcc8809ef7d83f0

Scanner detections:

5 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

5/18/2024 6:20:33 AM UTC (today)

Scan engine

Detection

Engine version

AVG

Rungnapa

2015.0.3303

Dr.Web

Adware.Downware.6586

9.0.1.0305

Reason Heuristics

PUP.RungnapaFongkerd.Q

14.11.1.18

Sophos

FT Downloader

4.98

VIPRE Antivirus

CoolMirage Ltd

34434

File size:

66.4 KB (68,024 bytes)

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Common path:

C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature

Signed by:

Rungnapa Fongkerd

Authority:

Thawte, Inc.

Valid from:

7/28/2014 1:00:00 AM

Valid to:

7/29/2015 12:59:59 AM

Subject:

CN=Rungnapa Fongkerd, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Thailand, C=TH

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5EC13B211C7584BB92BAC58CF7ED1F63

File PE Metadata

Compilation timestamp:

12/5/2009 10:50:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

1536:GQpQ5EP0ijnRTXJrBFGgIOVBsKcw/ae2MM7:GQIURTXJrPGgnMKcw92ME

Entry address:

0x323C

Entry point:

81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00... 
[+]

Entropy:

7.2442

Packer / compiler:

Nullsoft install system v2.x

Code size:

23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w8DKPQM32I7FCDMF0TIMKN7M

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wHQM18C07R70CEMF012BRG4G

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w4LS6N26C5US08MFG8T35I8E

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w2IQHGBLCCTMBEMF0NSH41B0

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w5BEVEIIOFFJPDMFGT7395L0

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w35UEQU1HF42LHMF05KMJ8EO

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w4D67EP4VMK5JEMF0I8PGU8E

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w1K2RI9R36V94TLF0FDIUO3Q

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wBNUJC3UMCJ7T1MF0TJ6D8DM

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wJL8HKIVLOVR9GMFGPQPODB6

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wUK3M7MRF4GG79MFG48SLQ9R

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wGKESRU6QUCNRSLF06ED580M

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wO5UM7I63TBDPFMF0JCAFBCA

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w10PC9NG8V4T6AMF0FHKHQMQ

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wQB3JJVNGKK8IMLFG7A5QAF6

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w3BK6NKGLBQCVBMFGL0QT0GM

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wPLB77E7CLHS7LLF0MJB88DI

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wHT4MTUSA1MOKFMFG4NT62BM

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wF2EDAPHHB8E10MF0PP686FK

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w5EGTKMEB4T3OFMFGJLCAO3K

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wG2A4VFGRKLG6GLFGF9U3F38

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wRPNT24V2DNA59MF0N9G3U2T

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wJ406Q9E75SD4GMFGB2S0D4S

https://www.hdvidcodecs.com/.../FLVPlayer-Chrome.exe

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wNDVRV9BMRFK4BMF07E8HF3U

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wQE5EPD0147U3AMFGPFO12EO

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wH7TURLIK4E75BMFGJCT04I0

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wEQGVVNG6SS6HHMF0PQNDN2U

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=wHJC7SBR80MTBFMFGP1TLVCU

http://www.xflv-player.com/.../mar7.php?subid=marmarlk&sid=w3BHLQ7BVK56U7MF0DHVTK4J

Latest 30 of 176 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.