home

pitch_perfect_2012_.exe

Cool Mirage ltd.

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application pitch_perfect_2012_.exe by Cool Mirage ltd has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.torrntv.com.
Publisher:
Cool Mirage ltd.  (signed and verified)

MD5:
bc0bd3bcbad4e2623280a8b7a92d2d07

SHA-1:
813f0634d5dd1619c6da4f3dd7f407f18fd044d8

SHA-256:
c84cb9d8858a653494724f27d6d1a66be23fda00521ada438ccc66cef4dec85d

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
4/23/2024 6:25:59 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/CrossRider
2015.02.19

Avira AntiVirus
APPL/CoolMirage.Gen6
7.11.211.72

avast!
Downloader-TPG [PUP]
150129-1

Comodo Security
Application.Win32.MCool.A
21132

Dr.Web
Threat.Undefined
9.0.1.05190

ESET NOD32
multiple threats
7.0.302.0

G Data
NSIS.Adware.OneClickDownloader
15.2.25

K7 AntiVirus
Adware
13.196.15011

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Yotoon
15.0.0.543

Malwarebytes
PUP.Adware.Agent
v2015.02.18.11

McAfee
Program.Adware-SweetIM
16.8.708.2

NANO AntiVirus
Trojan.Script.Downware.cujzax
0.30.0.126

Reason Heuristics
PUP.CoolMirage
15.2.18.23

Sophos
PUA 'FT Downloader'
5.10

SUPERAntiSpyware
Trojan.Agent/Gen-Downloader
10045

VIPRE Antivirus
Threat.4784938
37588

File size:
255.5 KB (261,584 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\pitch_perfect_2012_.exe

Digital Signature
Signed by:
Cool Mirage ltd.

Authority:
COMODO CA Limited

Valid from:
11/14/2012 11:00:00 AM

Valid to:
11/15/2014 10:59:59 AM

Subject:
CN=Cool Mirage ltd., O=Cool Mirage ltd., STREET=ogarit 39, L=tel aviv, S=tel aviv, PostalCode=69016, C=IL

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00FC28659CC8073606EF4D09A1994B1AD0

File PE Metadata
Compilation timestamp:
12/6/2009 9:50:46 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:JQIURTXJm0pIinzxP7h4N0vZ31P1CkygAIv4QcDxp4MZveDBuUIBrifj0cgzmVEs:Jsc0eUZhu0x3R85iwr4UqBuU4ib0neth

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.7063

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file pitch_perfect_2012_.exe has been seen being distributed by the following URL.

http://www.torrntv.com/.../product_download.php?m7=magnet:?xt=urn:btih:ZBZEF4ZS3MHRX62BWABC35ILLIB7LTRX&name=Pitch_Perfect_2012_&sp=1

Remove pitch_perfect_2012_.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.