Our friend aLiSs found this file via facebook.
These links are spreading on facebook.
hxxp://goo.gl/TUqGzM
hxxp://goo.gl/PVUW3S
hxxp://goo.gl/uJvgqv
When u click u go to the page and then u are asked to install FlvPlayer
if u click install u are downloading FlvPlayerSetup.exe wich download and installs FlvPlayerSilent0.exe.
These are domains used by this shit
os.greatonlineapplications.com
static.onlineapplicationsdownloads.com
These are HTTP Queries
static.onlineapplicationsdownloads.com/exe/FlvPlayerSilent0414.exe
static.onlineapplicationsdownloads.com/exe/FlvPlayerSilent0414.exe
static.onlineapplicationsdownloads.com/exe/FlvPlayerSilent0414.exe
os2.greatonlineapplications.com/Aff-AD/?v=3.0&c=1538995748
os.greatonlineapplications.com/MEDIA/?v=3.0&c=1538995748
os2.greatonlineapplications.com/Aff-AD/?v=3.0&c=1538995748
Looking up static.onlineapplicationsdownloads.com
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.231.38 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.82 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.177 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.228.52 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.37 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.89 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.230.230.206 ]
Resolved : [ static.onlineapplicationsdownloads.com ] To [ 54.239.192.192 ]
Resolved : [ os2.greatonlineapplications.com ] To [ 166.78.44.134 ]
Hosting infos:
http://whois.domaintools.com/54.230.231.38