home

grip_op_de_groep_van_engelen_verified.exe

CoolMirage LTD.

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application grip_op_de_groep_van_engelen_verified.exe by CoolMirage has been detected as adware by 9 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.
Publisher:
CoolMirage LTD.  (signed and verified)

MD5:
3f9d8258059b4aab2587c25bda4e4296

SHA-1:
86de7e6795d270d1bf128cfd77e80c2005384bba

SHA-256:
b076ae63be8f403844f5b180c3ad55e8a7a2a74661ae8b0630bea18571d9ed8d

Scanner detections:
9 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
5/3/2024 9:17:10 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/CoolMirage.Gen
7.11.171.10

Comodo Security
Application.Win32.CoolMirage.AS
19435

Dr.Web
Adware.Downware.8319
9.0.1.0249

G Data
NSIS.Application.OneClickDownloader
14.9.24

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.09.06.05

NANO AntiVirus
Trojan.Nsis.Yotoon.deckrr
0.28.2.61942

Panda Antivirus
PUP/MultiToolbar.A
14.09.06.05

Qihoo 360 Security
Win32/Virus.Adware.47b
1.0.0.1015

Reason Heuristics
PUP.CoolMirage.f
14.9.6.5

File size:
426.6 KB (436,872 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\grip_op_de_groep_van_engelen_verified.exe

Digital Signature
Signed by:
CoolMirage LTD.

Authority:
Thawte, Inc.

Valid from:
8/26/2014 2:00:00 AM

Valid to:
11/10/2015 12:59:59 AM

Subject:
CN=CoolMirage LTD., O=CoolMirage LTD., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
029E9B7F7CD982D1F52BA19EDA66E340

File PE Metadata
Compilation timestamp:
12/5/2009 11:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:8sA7naWt/JEkJLiJtdLpPCGJRhrcj1DmgF4H1A02zLK+G+Cy1MJ29gdjhAOKvKbB:Una3BPdLpPCGJUaA1XKyOaLOKCTYeh

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file grip_op_de_groep_van_engelen_verified.exe has been seen being distributed by the following 46 URLs.

https://www.torntv-dl.net/.../Godzilla.2014.BluRay.720p.DTS.exe

https://www.torntv-dl.net/.../Assassins_Creed_IV_Black_Flag_XBOX360_COMPLEX.exe

https://www.torntv-dl.net/.../Barbacoa_De_Amigos_2014_(Spanish)_HDRip_XviD-AC3_by_Na5h_(redemule_com)_avi.exe

https://www.torntv-dl.net/.../Pro_Engineer_Wildfire_4_0.exe

http://www.torntv-downloader.com/.../How_to_Train_Your_Dragon_2_2014_1080p_WEB-DL_AAC2_0_H264-RARBG.exe

https://www.torntv-dl.net/.../Warrior_(2011)_720p_BluRay_x264_-_800MB_-_YIFY.exe

https://www.torntv-dl.net/.../DownloadSetup.exe

http://www.torntv-downloader-dl.info/.../barbie_magic_hairstyler_pc_game_iso.exe

https://www.torntv-dl.net/.../Head_First_Java_2nd_edition_pdf.exe

https://www.torntv-dl.net/.../the_doors_la_woman_Full.exe

https://www.torntv-dl.net/.../Modern_Family_S01E05_HDTV_XviD-2HD.exe

https://www.torntv-dl.net/.../Mary_Kom_(2014)_[1CD]_DVDSCR_Rip_Xvid_Mp3_TeamTNT_Exclusive.exe

http://www.torntv-downloader-dl.info/.../project_igi_1_i_am_going_in_full_version_2000_263mb_tsai_babu.exe

https://www.torntv-dl.net/.../StreetBlowJobs.14.08.31.Amber.Marie.Summers.Sweet.Ass.Amber.XXX.1080p.MP4-KTR.exe

https://www.torntv-dl.net/.../freedownload_friv_games_Full.exe

http://www.torntv-downloader-dl.info/.../pharrell_williams_ft_miley_cyrus_come_get_it_bae_2014_720p_x264_aac_e_subs_gwc_mp4.exe

https://www.torntv-dl.net/.../Fontlab_5_02___Serial_For_Mac_Osx.exe

https://www.torntv-dl.net/.../PC-PacMan-World-Rally-English.exe

http://www.torntv-downloader-dl.info/.../arcgis_10_1_crack.exe

https://www.torntv-dl.net/.../The_Sims_4_PC_FULL_SKIDROW.exe

https://www.torntv-dl.net/.../spy_kids_Full.exe

https://www.torntv-dl.net/.../Talking_Tom_Cat_2_mauritius_exe.exe

https://www.torntv-dl.net/.../Hrcules..exe

http://www.torntv-downloader.com/.../Mary_Kom_(2014)_Hindi_PreDVD_Rip_x264_xRG.exe

https://www.torntv-dl.net/.../Adobe_Photoshop_CS6_13_0_1_Final_Multilanguage_cracked_dll.exe

https://www.torntv-dl.net/.../[DivX_ITA]_DVDrip_L_Era_Glaciale_avi.exe

https://www.torntv-dl.net/.../Alpine_Smart_Map_Pro_V2_00_2007.exe

https://www.torntv-dl.net/.../Oxygen_Forensic_Suite_2013_5.1.1_Setup___Key.exe

https://www.torntv-dl.net/.../The_Equalizer_(2014)_DVDRip_XviD_AMIABLE.exe

https://www.torntv-dl.net/.../Multisim_10_1.exe

Latest 30 of 46 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ec2-177-71-186-52.sa-east-1.compute.amazonaws.com  (177.71.186.52:80)

TCP (HTTP):
Connects to ec2-176-34-177-58.eu-west-1.compute.amazonaws.com  (176.34.177.58:80)

Remove grip_op_de_groep_van_engelen_verified.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.