» xfire_installer.exe
Overview
Analysis
File Details
Downloads (3)

xfire_installer.exe

Xfire

Xfire, Inc.

The application xfire_installer.exe, “Xfire Setup ” by Xfire has been detected as a potentially unwanted program by 2 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. The file has been seen being downloaded from fs30.filehippo.com and multiple other hosts.

File name:

xfire_installer.exe

Publisher:

Xfire, Inc. (signed by Xfire, Inc.)

Product:

Xfire

Description:

Xfire Setup

Version:

2.42.0.670

MD5:

e2e6735ada6b84bf910bbecf3d736fe5

SHA-1:

687539fef62e21976a6b657294797f33bd53b6d7

SHA-256:

bc9bfe3efba804b5c240f9501f0cec5903965e29e62acff2ff7d5f0fedd667eb

Scanner detections:

2 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

4/19/2024 4:29:20 PM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/OpenCandy

8.9281

Reason Heuristics

PUP.OpenCandy.Installer (L)

16.11.29.6

File size:

15.2 MB (15,961,064 bytes)

Product version:

2.0

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\xfire_installer.exe

Digital Signature

Signed by:

Xfire, Inc.

Authority:

DigiCert Inc

Valid from:

9/5/2013 2:00:00 AM

Valid to:

11/11/2015 1:00:00 PM

Subject:

CN="Xfire, Inc.", O="Xfire, Inc.", L=Santa Monica, S=California, C=US

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0336F716FD5E19A2A13EE12A00887476

File PE Metadata

Compilation timestamp:

1/30/2013 3:21:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:PfTp0PMzNr+6O3jxvp+XSBBl08fIcBPlbNzrZ2tJB7Ez6f:PfTp0PENr+6ivQXq5flP/zmJJ

Entry address:

0x113BC

Entry point:

55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86... 
[+]

Entropy:

7.9965

Developed / compiled with:

Microsoft Visual C++

Code size:

63.5 KB (65,024 bytes)

The file xfire_installer.exe has been seen being distributed by the following 3 URLs.

http://fs30.filehippo.com/3703/.../xfire_installer_670.exe

http://www.filehippo.com/download/file/.../

http://media.xfire.com/xfire/client/download/.../xfire_installer.exe

Remove xfire_installer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.