» NeoLiveApp.exe
Overview
Analysis
File Details
Downloads (1)

NeoLiveApp.exe

NeoLiveApp

CoolMirage LTD.

This is part of a CoolMirage installatation, a potentially unwanted program (PUP) that display ads on the computer. The application NeoLiveApp.exe by CoolMirage has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from cmpsmarter-downloader.maynemyltf.netdna-cdn.com.

File name:

NeoLiveApp.exe

Publisher:

NeoLive (signed by CoolMirage LTD.)

Product:

NeoLiveApp

Version:

2.0.0.1

MD5:

2d52ed064bd2185233388e3ef546a963

SHA-1:

8a9ac53d8eba74d27b94c75d6aaa0b0dd1dbd20e

SHA-256:

5914fc31fd28c1119c23088a3e505f5b9cdc0d43c8f9eb9bb6c66ec9c7a3e493

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

4/25/2024 9:39:54 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.CoolMirage (M)

17.1.28.12

File size:

793.2 KB (812,224 bytes)

Product version:

2.0.0.1

Original file name:

NeoLiveApp.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\ie\{random}\neoliveapp.exe

Digital Signature

Signed by:

CoolMirage LTD.

Authority:

Thawte, Inc.

Valid from:

8/25/2014 7:00:00 PM

Valid to:

11/9/2015 5:59:59 PM

Subject:

CN=CoolMirage LTD., O=CoolMirage LTD., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

029E9B7F7CD982D1F52BA19EDA66E340

File PE Metadata

Compilation timestamp:

8/26/2013 10:38:59 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

Entry address:

0x21375

Entry point:

E8, 62, 74, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 8B, 45, 0C, 83, C0, 0C, 89, 45, FC, 64, 8B, 1D, 00, 00, 00, 00, 8B, 03, 64, A3, 00, 00, 00, 00, 8B, 45, 08, 8B, 5D, 0C, 8B, 6D, FC, 8B, 63, FC, FF, E0, 5B, C9, C2, 08, 00, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 58, 59, 87, 04, 24, FF, E0, 8B, FF, 55, 8B, EC, 51, 51, 53, 56, 57, 64, 8B, 35, 00, 00, 00, 00, 89, 75, FC, C7, 45, F8, F1, 13, 42, 00, 6A, 00, FF, 75, 0C, FF, 75, F8, FF, 75, 08, E8, EF, 06, 01, 00, 8B, 45, 0C, 8B... 
[+]

Entropy:

6.5693

Code size:

203.5 KB (208,384 bytes)

The file NeoLiveApp.exe has been seen being distributed by the following URL.

http://cmpsmarter-downloader.maynemyltf.netdna-cdn.com/NeoliveApp.exe

Remove NeoLiveApp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.