home

xsfm43go.exe

CoolMirage Ltd.

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The file xsfm43go.exe by CoolMirage has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. This program installs potentially unwanted software on your PC at the same time as the software you are trying to install, without adequate consent. It is also typically executed from the user's temporary directory.
Publisher:
CoolMirage Ltd.  (signed and verified)

MD5:
94f27266de9dfd4016a2d8cc95a2a1b0

SHA-1:
48adb394fa7e78309b9bb51a2c052a01cd6b1cd5

SHA-256:
dd74ffbb105a0346d7778cb9200437d90f3e04e0dccf344470ab9d7457ad947e

Scanner detections:
21 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
4/23/2024 11:18:17 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Application.Bundler.DefaultTab.1
5830612

Avira AntiVirus
APPL/CoolMirage.Gen
7.11.188.92

avast!
Adware-gen [Adw]
141119-1

Bitdefender
Gen:Application.Bundler.DefaultTab.1
1.0.20.1635

Comodo Security
Application.Win32.CoolMirage.AS
20176

Dr.Web
Adware.Downware.1263
9.0.1.05190

Emsisoft Anti-Malware
Gen:Application.Bundler.DefaultTab
9.0.0.4570

ESET NOD32
Win32/AdWare.1ClickDownload.AT application
7.0.302.0

F-Secure
Gen:Application.Bundler.DefaultTab
11.2014-23-11_1

G Data
Gen:Application.Bundler.DefaultTab
14.11.24

K7 AntiVirus
Adware
13.185.14098

Kaspersky
not-a-virus:HEUR:AdWare.Win32.Yotoon
15.0.0.543

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.11.23.09

McAfee
Adware-SweetIM
5600.6937

MicroWorld eScan
Gen:Application.Bundler.DefaultTab.1
15.0.0.981

NANO AntiVirus
Riskware.Nsis.Downware.czyjkl
0.28.6.63474

nProtect
Trojan/W32.KillAV.310272.B
14.11.21.01

Panda Antivirus
PUP/MultiToolbar.A
14.11.23.09

Reason Heuristics
PUP.CoolMirage.M
14.11.23.21

Sophos
CoolMirage
4.98

VIPRE Antivirus
Threat.4786236
35010

File size:
303 KB (310,272 bytes)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\appdata\local\temp\xsfm43go.exe.part

Digital Signature
Signed by:
CoolMirage Ltd.

Authority:
Thawte, Inc.

Valid from:
6/6/2013 1:00:00 AM

Valid to:
6/7/2014 12:59:59 AM

Subject:
CN=CoolMirage Ltd., O=CoolMirage Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
110F603E63C86349A5F243EA06966F33

File PE Metadata
Compilation timestamp:
12/5/2009 10:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:8sk7zQ8iB1BNbg0GexMjsInw3g7BbbjuLBRydjVfibnijim:4zTGXbg0FMjl/7JjuLBQ9Vl

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.8344

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

Remove xsfm43go.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.