» nfscloudswind.exe
Overview
Analysis
File Details

nfscloudswind.exe

Clouds Wind New Free Screensaver

Gekkon Ltd

The application nfscloudswind.exe, “Clouds Wind New Free Screensaver Setup ” by Gekkon has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

nfscloudswind.exe

Publisher:

Gekkon Ltd. (signed by Gekkon Ltd)

Product:

Clouds Wind New Free Screensaver

Description:

Clouds Wind New Free Screensaver Setup

MD5:

0e812dba851da20dc275b33c199cd261

SHA-1:

e3e0f1f5c9fae2b7aac85a5d9ae2f784cb1358ff

SHA-256:

03b60ab15f4c32226c9d0e91d4c65665f25f946c6391931a96d86f59068c201e

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/25/2024 12:52:29 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy

9.9233

Reason Heuristics

PUP.Gekkon.Installer (M)

15.10.6.14

File size:

6.1 MB (6,398,592 bytes)

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\nfscloudswind.exe

Digital Signature

Signed by:

Gekkon Ltd

Authority:

GlobalSign nv-sa

Valid from:

5/13/2013 11:57:19 AM

Valid to:

8/13/2016 11:57:19 AM

Subject:

E=is@newfreescreensavers.com, CN=Gekkon Ltd, O=Gekkon Ltd, L=Mahe, S=Seychelles, C=SC

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11219BA4649A3898A4F37C1CE7782C46FAEA

File PE Metadata

Compilation timestamp:

10/9/2012 5:48:22 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

196608:ff7RVFQ2vOz0/FZ4X6MyaahutstKZMQrsebhCE:n7TaUu0/FSoQOtK6Qrsal

Entry address:

0xF3BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

59 KB (60,416 bytes)

Remove nfscloudswind.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.