» hdvidcodec.exe
Overview
Analysis
File Details

hdvidcodec.exe

CoolMirage LTD.

This is the setup program for CoolMirage, a potentially unwanted program (PUP) that display ads on the computer. The application hdvidcodec.exe, “ffdshow Setup ” by CoolMirage has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities.

File name:

hdvidcodec.exe

Publisher:

ffdshow (signed by CoolMirage LTD.)

Product:

ffdshow

Description:

ffdshow Setup

Version:

1.2.4422.0

MD5:

7ed3458c6404e77e239ea67565265c61

SHA-1:

d08479478473459de8689639859e06b3e60ea7e2

SHA-256:

d26ecaed9849173383194a0b7c28b8771c9c4a5146c84d971eb27922880920d6

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Bundles a number of adware programs in the installer.

Analysis date:

5/13/2024 3:35:15 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.CoolMirage (M)

16.9.16.6

File size:

4.6 MB (4,771,584 bytes)

Product version:

1.2.4422.0

GNU

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Common path:

C:\Program Files\hdvidcodec.com\hdvidcodec.exe

Digital Signature

Signed by:

CoolMirage LTD.

Authority:

Thawte, Inc.

Valid from:

8/26/2014 3:00:00 AM

Valid to:

11/10/2015 2:59:59 AM

Subject:

CN=CoolMirage LTD., O=CoolMirage LTD., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

029E9B7F7CD982D1F52BA19EDA66E340

File PE Metadata

Compilation timestamp:

12/20/2011 5:16:50 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:syQT1dK/KJlirxs2TbkKykHMARBZF9F/GWdWQmAYu1ZlWApa1ORkn1fWK:qT/Zexsio9ksAhHF/bPpTQcRkn1H

Entry address:

0x16478

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01... 
[+]

Entropy:

7.9921

Developed / compiled with:

Microsoft Visual C++

Code size:

84 KB (86,016 bytes)

Remove hdvidcodec.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.