home

flvplayersetup.exe

The application flvplayersetup.exe has been detected as a potentially unwanted program by 24 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. According to Microsoft Security Essentials, the software includes a bundle of the DealPly adware which is installed on a user's PC during setup using the InstallCore platform. The file has been seen being downloaded from www.cool-applications.com.
MD5:
6620b4e451549a3d528fd029e91ec944

SHA-1:
b419f6ef7e43ff367395782da3bd6f50ab3c9377

SHA-256:
0f69fd217b847f8cc58cd5b2690bcb0e22992692edc4b9c030cd56916494c593

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
This software bundler installs other potentially unwanted software, including DealPly. Which includes offers in a user's web browser which state they are "Powered by DealPly".

Analysis date:
4/26/2024 3:12:32 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.InstallCore
7.1.1

Avira AntiVirus
Adware/InstallCore.AM
7.11.98.174

AVG
Adware Generic5.BDFW
2014.0.4257

Bkav FE
HW32.Laneul
1.3.0.4959

Comodo Security
ApplicUnwnt.Win32.AdWare.InstallCore.AM
16840

Dr.Web
Adware.InstallCore.116
9.0.1.083

ESET NOD32
Win32/InstallCore.BL potentially unwanted application
9.7.0.302.0

Fortinet FortiGate
W32/InstallCore.BL
3/24/2015

F-Prot
W32/InstallCore.R2.gen
v6.4.7.1.166

G Data
Win32.Application.InstallCore.CJ
15.3.24

herdProtect (fuzzy)
variant of eh+8vmyp.exe.part
2015.6.29.13

IKARUS anti.virus
SoftwareBundler
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.170.9419

Malwarebytes
PUP.Optional.InstallCore.A
v2015.03.24.03

McAfee
Artemis!259E902838BE
5600.6816

Microsoft Security Essentials
SoftwareBundler:Win32/DealPly
1.163.1557.0

NANO AntiVirus
Riskware.Win32.InstallCore.dcnbqu
0.28.2.61148

Norman
InstallCore.UMFM
11.20150324

Panda Antivirus
PUP/MultiToolbar.A
15.03.24.03

Rising Antivirus
PE:Backdoor.Hupigon!6.1FD
23.00.65.15322

Sophos
Install Core Click run software
4.96

Trend Micro House Call
TROJ_GEN.F47V0430
7.2.83

Vba32 AntiVirus
Downware.InstallCore
3.12.26.0

VIPRE Antivirus
InstallCore
20972

File size:
839.7 KB (859,864 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\flvplayersetup.exe

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:spEMJfs51fK7XYRR4TRQwhztr9TzBHElfJw3QcessYsyIIdzFj5X:sp7Jfsn4XYRaP793BHElfJw3QcesqJI/

Entry address:
0x98CC

Entry point:
55, 8B, EC, 83, C4, CC, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, FA, 97, FF, FF, E8, 01, AA, FF, FF, E8, 2C, CC, FF, FF, E8, 73, CC, FF, FF, E8, 0A, F3, FF, FF, E8, 71, F4, FF, FF, 33, C0, 55, 68, 76, 9F, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 2C, 9F, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, B0, 40, 00, E8, 9B, FE, FF, FF, E8, 26, FA, FF, FF, 8D, 55, F0, 33, C0, E8, E0, D0, FF, FF, 8B, 55, F0, B8, D8, BD, 40, 00, E8, AB, 98, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, D8, BD, 40, 00, B2, 01, B8...
 
[+]

Entropy:
7.7618

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
36 KB (36,864 bytes)

The file flvplayersetup.exe has been seen being distributed by the following URL.

http://www.cool-applications.com/flv-player/.../?dl=1

Remove flvplayersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.