home

flvplayer-chrome.exe

VASSANA KONGSOONGNERN

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application flvplayer-chrome.exe by VASSANA KONGSOONGNERN has been detected as adware by 12 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.flvplayer-download.com and multiple other hosts.
Publisher:
VASSANA KONGSOONGNERN  (signed and verified)

MD5:
a24adb19272ce06247eefa7712191c84

SHA-1:
dfbfcd926183189c7cc95a153894cbfcd430881c

SHA-256:
b631dcbfc13f802daafe98d31389c9bbc43589b03621352dd2a138a612d73ae4

Scanner detections:
12 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
5/15/2024 11:40:25 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AVG
Generic
2015.0.3247

Baidu Antivirus
Adware.NSIS.Yontoo
4.0.3.141227

Dr.Web
Adware.Downware.8319
9.0.1.0361

ESET NOD32
NSIS/TrojanDownloader.Adload.AA
8.10934

G Data
NSIS.Application.Adload
14.12.24

K7 AntiVirus
Adware
13.188.14468

Kaspersky
not-a-virus:AdWare.NSIS.Yontoo
14.0.0.2731

Panda Antivirus
Generic Suspicious
14.12.27.06

Reason Heuristics
PUP.VASSANAKONGSOONGNERN.Q
14.12.27.18

Sophos
Generic PUA NP
4.98

Trend Micro House Call
Suspicious_GEN.F47V1227
7.2.361

VIPRE Antivirus
CoolMirage Ltd
36134

File size:
65 KB (66,528 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\flvplayer-chrome.exe

Digital Signature
Signed by:
VASSANA KONGSOONGNERN

Authority:
Thawte, Inc.

Valid from:
10/6/2014 2:00:00 AM

Valid to:
10/7/2015 1:59:59 AM

Subject:
CN=VASSANA KONGSOONGNERN, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7E630B1125BFC2AAB3F8750B7348F18B

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:QQpQ5EP0ijnRTXJdkUW1AlpqYLzIyxSuBlrooP:QQIURTXJe4fXImPBVP

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file flvplayer-chrome.exe has been seen being distributed by the following 50 URLs.

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wNSLQ85M0DIC776HGDKH0KOO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wK6QV0AU183MM56H0UAIFO21

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wGOLDQBMJ451RI2H0I7A3PH6

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w609QQUENU1KNF0H0J4TRU18

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w3P6ST82I84NKI1H05CDNQA2

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wR1KK4K4K5O8DS4H0O2KVGIS

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wM8VFMBP848M374H0Q0QM8CU

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w4R3RI54E5JCIO0HGPCI86C0

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w4RSS638TF4MOU4H0DFF22SC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wU2DS20DCVS5KU4HGCCBK3FC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wLLEBN10VR89U41HGTV0K1EQ

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w9C6BNR8J16KR01HGBOLDH7O

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w3J5G5PB7AQHHT4H0TFLBP9A

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wQ9KLSJH33VQKQ4H0TC02S40

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wL3OP5663TPUID0H0DAIDTEC

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w69HJBQE3MU3EP4H0POGUPN4

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wENCRGN110PQA05H0FBQPT5I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w13L5UK3404G0I5HGLCSSM2U

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w03VMP38LQTH5E0H0ORRUM40

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wADLS73RH3BNI76H0E1KEU68

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wJRJESOVD2SQG11HG54J9RA4

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wS5N3BJKFB465M4H04TDHTGK

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w32U073A15O72J5HGK3DRVDO

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w6JUE488K0NRBL5HGJ62CM28

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wSIF7K4HA1KP3G0H0BV00F9A

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wAT7M67LDVF30U0HG3SQ1U5I

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wDE1VO4AJDLKLU3HG4GL4PBQ

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w1OL601OG9F9FR1H0PVG15O0

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=wO04PDN7EGEL6G2H0A37SI8C

http://www.flvplayer-download.com/.../mar9.php?subid=marmarlk&sid=w3CMLHAM8F4SIV1H0JUAC6K4

Latest 30 of 467 download URLs

Remove flvplayer-chrome.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.