home

razer_surround_pro_(v.2.00.10).exe

CHUTCHAI KIEWNOY

The application razer_surround_pro_(v.2.00.10).exe by CHUTCHAI KIEWNOY has been detected as adware by 7 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The setup installer will bundle multiple adware offers during download and setup (based on the user's geographical location) including toolbars, extensions and coupon utilities. The file has been seen being downloaded from www.torntv-dl.net and multiple other hosts.
Publisher:
CHUTCHAI KIEWNOY  (signed and verified)

MD5:
09fed3da155859d7e31c6845bce2906c

SHA-1:
6a8e688fe502ff67025e8cc53e5ef008538449d1

SHA-256:
d15b98d4f6749e323573adc1d01426b0813e0ca026824ef783b68e5fd598994b

Scanner detections:
7 / 68

Status:
Adware

Explanation:
Bundles a number of adware programs in the installer.

Analysis date:
6/16/2024 8:48:36 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/CoolMirage.Gen
7.11.176.150

Comodo Security
Application.Win32.CoolMirage.AS
19706

G Data
NSIS.Application.OneClickDownloader
14.10.24

Malwarebytes
PUP.Optional.OneClickDownloader.A
v2014.10.05.07

NANO AntiVirus
Trojan.Nsis.Yotoon.deckrr
0.28.2.62440

Qihoo 360 Security
HEUR/Malware.QVM06.Gen
1.0.0.1015

Reason Heuristics
PUP.CHUTCHAIKIEWNOY.BB
14.10.8.13

File size:
432 KB (442,336 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Common path:
C:\users\{user}\downloads\razer_surround_pro_(v.2.00.10).exe

Digital Signature
Signed by:
CHUTCHAI KIEWNOY

Authority:
Thawte, Inc.

Valid from:
9/29/2014 9:00:00 PM

Valid to:
9/30/2015 8:59:59 PM

Subject:
CN=CHUTCHAI KIEWNOY, OU=Individual Developer, O=No Organization Affiliation, L=Phuket, S=Phuket, C=TH

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
70CF135290F3FC7E7BD27C7B350CF722

File PE Metadata
Compilation timestamp:
12/5/2009 8:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:9sA7lO+RDXfArmvaVP3O+ZHO9pvZQ4McXdrUf8maYUUs1t/D8tpSKR4bqOstbF/Z:jlXXS8amWOVMcXdnJv1hAtp54bYtBTGQ

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Packer / compiler:
Nullsoft install system v2.x

Code size:
23 KB (23,552 bytes)

The file razer_surround_pro_(v.2.00.10).exe has been seen being distributed by the following 3 URLs.

https://www.torntv-dl.net/.../Internet_Download_Manager_IDM_6_21_Build_9_Final_Incl_Crack_[Silent_Installer].exe

https://www.torntv-dl.net/.../Assassins_Creed_IV_Black_Flag_XBOX360_COMPLEX.exe

https://www.torntv-dl.net/.../My_Chemical_Romance_Discography_iTunes_Edition_theLEAK.exe

Remove razer_surround_pro_(v.2.00.10).exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.