» fraextsetup.exe
Overview
Analysis
File Details

fraextsetup.exe

CoolMirage Ltd.

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application fraextsetup.exe by CoolMirage has been detected as adware by 11 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.

File name:

fraextsetup.exe

Publisher:

CoolMirage Ltd. (signed and verified)

Description:

Viiadpapt

Version:

10.19.5.8

MD5:

3347dbb4e6937e16464c5e02f71e5d11

SHA-1:

b5a3a1bb05de42901d6890414547e774e3b60f60

SHA-256:

575cba4dbe6b237f2158d8d8b8ab6e9139693d09bf6c423beb9ecd68e573d1f2

Scanner detections:

11 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

4/25/2024 5:27:05 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Adware.Agent-6597

0.98/21411

ESET NOD32

Win32/Packed.ScrambleWrapper

8.10128

Kaspersky

not-a-virus:AdWare.Win32.AdLoad

14.0.0.3495

Malwarebytes

PUP.Optional.CrossRider

v2014.07.27.10

McAfee

Artemis!3347DBB4E693

5600.7056

Panda Antivirus

PUP/MultiToolbar.A

14.07.27.10

Qihoo 360 Security

HEUR/Malware.QVM20.Gen

1.0.0.1015

Reason Heuristics

PUP.Installer.CoolMirage.L

14.8.7.17

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.14725

Sophos

Generic PUA LF

4.98

VIPRE Antivirus

CoolMirage Ltd

31456

File size:

8.8 MB (9,202,056 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Language:

English (United States)

Common path:

C:\Program Files\firstrowsportapp.com\fraextsetup.exe

Digital Signature

Signed by:

CoolMirage Ltd.

Authority:

Thawte, Inc.

Valid from:

6/6/2013 1:00:00 AM

Valid to:

6/7/2014 12:59:59 AM

Subject:

CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

110F603E63C86349A5F243EA06966F33

File PE Metadata

Compilation timestamp:

12/4/2012 1:55:02 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.22

CTPH (ssdeep):

196608:yYx/++OTg5e1WjwQuzfuRslADDGcJdLAvauhFY1UYY7yfts:y4/8j1AwVfuRgQR/uTYxy

Entry address:

0x4323

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, FF, 15, 74, C3, 44, 00, C7, 04, 24, 01, 80, 00, 00, FF, 15, 58, C4, 44, 00, 53, C7, 04, 24, 00, 00, 00, 00, FF, 15, 98, C4, 44, 00, 56, A3, 40, 3B, 44, 00, C7, 04, 24, 08, 00, 00, 00, E8, 8D, 3B, 00, 00, A3, 9C, 3B, 44, 00, 8D, 85, 84, FE, FF, FF, 57, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 01, B3, 40, 00, FF, 15, AC, C4, 44, 00, 83, EC, 14, C7, 44, 24, 04, 02, B3, 40, 00, C7... 
[+]

Code size:

34.5 KB (35,328 bytes)

Remove fraextsetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.