» frostwire-5.0.7.windows.exe
Overview
Analysis
File Details
Downloads (1)

frostwire-5.0.7.windows.exe

FrostWire 5

Frostwire, LLC

The application frostwire-5.0.7.windows.exe, “The Fastest File Sharing Application on Earth” by Frostwire has been detected as a potentially unwanted program by 2 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from newyork1.frostwire.com.

File name:

Publisher:

FrostWire Team (signed by Frostwire, LLC)

Product:

FrostWire 5

Description:

The Fastest File Sharing Application on Earth

Version:

5.0.7.0

MD5:

8e11ec33669a4c938bf63155e6c43f8d

SHA-1:

c5f81ec9eb2bfbd38994591bd1a91449f62501a1

SHA-256:

00e22cb61836be12d5f31b5b2e9d2f52c26bb61ef8806c5be101e1fb84b4862f

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/26/2024 9:04:43 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy

8.8503

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.12.1.2

File size:

9.5 MB (9,969,440 bytes)

Product version:

5.0.7.0

FrostWire Team 2008

Original file name:

frostwire-5.0.7.windows.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\frostwire-5.0.7.windows.exe

Digital Signature

Signed by:

Frostwire, LLC

Authority:

Thawte, Inc.

Valid from:

3/24/2011 5:00:00 PM

Valid to:

3/24/2012 4:59:59 PM

Subject:

CN="Frostwire, LLC", O="Frostwire, LLC", L=Miami Beach, S=Florida, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

44C3F732588729CEE94F2CFBD7A7CB44

File PE Metadata

Compilation timestamp:

4/10/2010 5:19:31 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

196608:X/w8tj7GVWPH6af3CyPcBtlHUMatdHANRofOp0ZspvvcdbDtEjjnH:X/FSV2H6UVcBt+fHWOGwbdPtyjnH

Entry address:

0x354B

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 84, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 98, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, B0, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 86, 40, 00, FF, 15, 80, 81, 40, 00, 68, 04, 86, 40, 00, 68, A0, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.9996

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

The file frostwire-5.0.7.windows.exe has been seen being distributed by the following URL.

http://newyork1.frostwire.com/frostwire/.../frostwire-5.0.7.windows.exe

Remove frostwire-5.0.7.windows.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.