iLivid, Cool Applications (Coolapptech), zippyshare.com at it again

Investigating a new malicious site, led to files housed on Zippyshare, and surprise surprise, this led once again, to misleading and blatantly fake "update required" rubbish from the likes of iLivid and the Israel based, Cool Applications (aka Coolapptech). No idea what exactly is going on over there, but there seems to be an upsurge of badness from Israel as far as misleading and blatantly irresponsible/unethical PPI/bundlers coming from there of late (one other Israel based company you'll be familiar with for example, is Installrex/Installex (aka Justplug.it) who are housing a plethora of badness on 46.19.138.158 (though their domains (e.g. amu.takegoldeninstalls.info) are now routing through CloudFlare (no big surprise, we already know they don't care)).

The URLs involved this time, are;

hxxp://www67.zippyshare.com/v/20636798/file.html
hxxp://www67.zippyshare.com/v/25295373/file.html
hxxp://www67.zippyshare.com/v/49669657/file.html
hxxp://www67.zippyshare.com/v/74299391/file.html
hxxp://www67.zippyshare.com/v/94707194/file.html
hxxp://www67.zippyshare.com/v/97528211/file.html
hxxp://www.freefilmshd.com/cash/flv/?did=35604643811379889464
hxxp://www.123-movie.com/mac/
hxxp://www.123-movie.com/iphone/
hxxp://www.123-movie.com/android/
hxxp://www.coolflvplayer.com/d/si/?dl=1&sr=mmm&chnl=adch&cid=xxxxxx
hxxp://coolflvplayer.com/d/default/default/?dl=1
hxxp://8.29.133.189/adc/download5adcuk.php?src=ADC&kw=125524&lp=4
hxxp://cpadominator.com/campaigns/index.php?g=mplayeradcuk&src=ADC&kw=125524&lp=4
hxxp://www.adcash.com/script/pop_packcpm.php?k=523f729b798eb334664.236196&h=85030c3e8afda40a25a3e5c30f8ff30c0eeb612a&id=0&ban=334664&r=146355&ref=h&data=
hxxp://lp.ilivid.com/?appid=706&subid=35604643811379889919
hxxp://download.ilivid.com/iLividSetup.exe
hxxp://www.adcash.com/ban/236180/202035_iLivid_300x250_MediaPlayerMSG.gif

The files themselves are signed using Comodo certificates, and in the case of the Cool Applications.com one, signed by;

Coolapptech
63 Rothscild Blvd.
Tel-Aviv
65785
IL

File    MD5    SHA1    SHA256    Size
coolflvplayer.com/d/default/default/FLVPlayerSetup.exe    1fe3e5d4e206e5c18781711ac4e84b35    2c5f024a67a91e2710ad19653894f85fc438576b    5771889715dddca59b17de17e0769e064ff9ce37c7c6d9b0f57886690d3b1c2e    850.20 KB
secure.oi-installer7.com/o/flashproplayer_flashproplayer/Setup.exe    afdd45a2a35a79b566a4e6bb395a25ea    ea34026502783c9160e616dfe3a579f83beb0ea8    97e10a65ebda0dca650df21212253cf5dd4e92f545d53a6cae60f4554ef71052    1629.15 KB
www.coolflvplayer.com/d/si/FLVPlayerSetup.exe    efb7f6bdbc33626ebe82f8dc9d844148    a96b06d3239bc20b4f1b1bd12b9580c22ec6e848    35ee8d005d3edd17f9fa8a86cc28f1244ac4bce860e286dede8c243392a4131c    850.20 KB
download.ilivid.com/iLividSetup.exe    b38b0d02c9b1733045b747ee43a8e44f    ed4dd9519f0e8d250dc8ee00360e482907e6dfb4    89d5797ceeca82d9925c6420d1b250b4d34ae1265e933f69bdf107ea50ea9e43    1590.00 KB

For those wondering, the files the site I was investigating led to are;

File    MD5    SHA1    SHA256    Size
Combat Arms Hack v.3.1.exe    95ce4934c1cb1d4d6dce95fe15fe8297    61330f480046600e06b21172d9fed72dd58a1444    54c62a5d25dc3fa3f3f7917991ad3b99df41e9d39643e0677cefce355089dd59    2836.50 KB
Fifa 13 Hack v.2.7.exe    aef605134d776897c3b6892ce0f61147    abad95e30e990da768e0954767d9df546326753c    a7d9bf49ca0f687f5354d2f845a103053e3112b16fa46dfe2a9435b2f44a6ea6    2215.50 KB
Forge Of Empires Hack v.1.7.exe    d79d27af5598a02017b4100d5e263cee    b95158ffa59c23696d566643656e2867e800d138    4f26351e38ed6b2c89666d4466acd2734bf9e04d572166e0062b9f707cb8d7b3    2215.50 KB
MegaPolis Hack v.1.6.exe    4e17054ca00fbf2da96cc49fc316be20    0c2b2ddaed176e8d2124c0a8663ff4bc3418df93    3c18ceb95c93c8ec28d72f9f3b900c6d9e79288779ac808d98c5fbc696e02c44    2215.50 KB
Wizard 101 Hack v. 4.2.exe    b73975959de436b7a9174ec555603ee6    9f84f0145b3b554005683bdf5524afa82038becc    5dc7baa20bc0a1ab697195d1e9332ef38de3661c7376883b5d29d50026027231    2216.00 KB
World Of Tanks Hack v.1.5.exe    03625b453fdd9126b199d4b1293d63fa    2b22f5e37f02e20986dbbd8278c81a4ab4d98183    c5ef8543e19aba784f2ba66524097898ba7b0f4a1fe4e7ea77b88dfa018bce30    2215.50 KB

Haven't analyzed these yet.