» frostwire-4.21.5.windows.exe
Overview
Analysis
File Details
Downloads (2)

frostwire-4.21.5.windows.exe

FrostWire

Frostwire, LLC

The application frostwire-4.21.5.windows.exe, “The Fastest File Sharing Application on Earth” by Frostwire has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from newyork1.frostwire.com and multiple other hosts.

File name:

Publisher:

FrostWire Team (signed by Frostwire, LLC)

Product:

FrostWire

Description:

The Fastest File Sharing Application on Earth

Version:

4.21.5.0

MD5:

e4171bea6f9a47edc3dea592907454a3

SHA-1:

d00319b864efcd8e154198d643d60fb67d37dc96

SHA-256:

e785e16003cbd7da3332be72cb92124c4f35b1c2e3fcf49aff2a9cd2ec366af3

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/25/2024 10:03:57 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy

8.8548

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.11.29.15

File size:

7.8 MB (8,151,592 bytes)

Product version:

4.21.5.0

FrostWire Team 2008

Original file name:

frostwire-4.21.5.windows.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\frostwire-4.21.5.windows.exe

Digital Signature

Signed by:

Frostwire, LLC

Authority:

Thawte, Inc.

Valid from:

3/24/2011 8:00:00 PM

Valid to:

3/24/2012 7:59:59 PM

Subject:

CN="Frostwire, LLC", O="Frostwire, LLC", L=Miami Beach, S=Florida, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

44C3F732588729CEE94F2CFBD7A7CB44

File PE Metadata

Compilation timestamp:

4/10/2010 8:19:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

196608:Qw7iVRuEVOrkdT5IxvOPZfk7Z2PX4Tzyx8mP4CDkegHylyyEIaJmJl+:QwiDvU0+vI9QT+O1eeyyyEJ0Jw

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.9994

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file frostwire-4.21.5.windows.exe has been seen being distributed by the following 2 URLs.

http://newyork1.frostwire.com/frostwire/.../frostwire-4.21.5.windows.exe

http://usfiles.brothersoft.com/internet/.../frostwire-4.21.5.windows.exe

Remove frostwire-4.21.5.windows.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.