The FileZilla 3 69 5 win64 sponsored2 setup exe (FileZilla FTP Client) Tim Kosse File Malware Analysis
Gridinsoft Logo
File Icon

The FileZilla_3.69.5_win64_sponsored2-setup.exe (FileZilla FTP Client) File Analysis

Updated 1 month ago
Checked by Malware Check
FileZilla_3.69.5_win64_sponsored2-setup.exe

Technical Analysis

File Name FileZilla_3.69.5_win64_sponsored2-setup.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
SSDEEP Hash
393216:QRVzuBRdRnl7rkYNR10kiUtGI302/uNZuGmbyi2gO4gI:QRVzuBVl7rkYr+xU902QlmbyRgfj
Scanner Version 1.0.229.174
Database Version 2025-12-02 20:00:38 UTC

Suspicious File Detected

Detected by 6 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
9%
Detection Rate
13,146,144
File Size (bytes)
6/70
Engines Detected
2025-12-02
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
0567c22965adb9e529454e03608b150f
SHA1
7402aaa47f53493619ed8f423f3f40838a990106
SHA256
77bd820eb0532cfc5ad6523e6abe7c287d2c53ae1c9b8ddc156706f32092d03b
SHA512
a720427e8d2967fcda6fec9670ed584ff93230a0b7ca12bdb069c56b743235eee5d39b12fdef319a6c944689168c48d9bfb4ca1a6d26e2597742923ec5ded2fc
ImpHash
46ce5c12b293febbeb513b196aa7f843

Security Engines with Detections (6 of 70)

CrowdStrike
win/grayware_confidence_60% (D) Malicious
Rising
Adware.PlayaNext!1.EC38 (CLOUD) Malicious
Webroot
Pua.Filezilla.Sponsored Malicious
Microsoft
PUABundler:Win32/FileZilla_BundleInstaller Malicious
VBA32
Trojan.Wacatac Malicious
DeepInstinct
MALICIOUS Malicious
64 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: f851536d8642eb81a4eb2fdc1dba3641
Fuzzy: 7c9ba2bdd2a8c45d5149ee6b6821ea21
dHash: 86696ddce4f4d269
Image Base 0x00400000
Entry Point 0x0040369f
Compilation Time 2025-03-08 23:05:20
Checksum 0x00c98a62 (Actual: 0x00c98a62)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Digital Signature OK
Imports 7 libraries
ADVAPI32, SHELL32, ole32, COMCTL32, USER32, GDI32, KERNEL32
Exports 0 functions
Resources 16 Resources
Sections 5 Sections

Version Information

CompanyName Tim Kosse
FileDescription FileZilla FTP Client
FileVersion 3.69.5
LegalCopyright Tim Kosse
OriginalFilename FileZilla_3.69.5_win32-setup.exe
ProductName FileZilla
ProductVersion 3.69.5
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 26,385 bytes 26,624 bytes 6.45 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ AFB6C5993570F82E85EC446BBB886505
.rdata 0x00008000 4,952 bytes 5,120 bytes 5.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E913094D8CCEACA6B405BBBB52936387
.data 0x0000a000 129,912 bytes 1,536 bytes 4.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9D011BEBA2FE64A93F62FBB227CC9C35
.ndata 0x0002a000 290,816 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x00071000 41,888 bytes 41,984 bytes 6.57 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 98CC6733A348C0CBFFC343CB09F95CD4
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 16 (40,934 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 1,638 bytes
4%
RT_ICON 5 35,517 bytes
86.8%
RT_DIALOG 7 1,972 bytes
4.8%
RT_GROUP_ICON 1 76 bytes
0.2%
RT_VERSION 1 672 bytes
1.6%
RT_MANIFEST 1 1,059 bytes
2.6%

Certificate Chain Analysis

Certificate Information
Product FileZilla
Description FileZilla FTP Client
File Version 3.69.5
Original Name FileZilla_3.69.5_win32-setup.exe
Signing Date 02:02 PM 11/12/2025 (57 days ago)
Verification Status Signed
Signers Tim Kosse; Sectigo Public Code Signing CA R36; Sectigo Public Code Signing Root R46; Sectigo (AAA)
Counter Signers Sectigo Public Time Stamping Signer R36; Sectigo Public Time Stamping CA R36; Sectigo Public Time Stamping Root R46
Copyright Tim Kosse
Certificate Chain Summary
Sectigo Public Code Signing Root R46 #1 Primary
Validity Period: 2021-05-25 00:00:00 → 2028-12-31 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 48 FC 93 B4 60 55 94 8D 36 A7 C9 8A 89 D6 94 16
Sectigo Public Code Signing CA R36 #2 Chain
Validity Period: 2021-03-22 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 62 1D 6D 0C 52 01 9E 3B 90 79 15 20 89 21 1C 0A
Tim Kosse #3 Chain
Validity Period: 2025-02-11 00:00:00 → 2028-02-11 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 36 25 B5 8D FE 9D C7 D4 4E 89 D1 AB D7 C5 49 71
Sectigo Public Time Stamping Root R46 #4 Chain
Validity Period: 2021-03-22 00:00:00 → 2038-01-18 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 36 C2 B0 BD 7C 1B 3A E7 A3 B3 DD 36 CB C9 75 68
Sectigo Public Time Stamping CA R36 #5 Chain
Validity Period: 2021-03-22 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 7A 23 AE DA 53 69 96 0F 91 C8 3E 5C F4 C7 E3 3F
Sectigo Public Time Stamping Signer R36 #6 Chain
Validity Period: 2025-03-27 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: A4 29 3B 6E 1E DD D7 A7 34 08 87 AD 7A 4E B7 24

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
6 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Stay Malware-Free: Keep Your PC Protected with Gridinsoft Anti-Malware

Gridinsoft Anti-Malware offers just that—peace of mind with a robust, user-friendly solution that’s constantly updated to combat the latest threats. Designed by cybersecurity experts, it provides real-time protection and effortless malware removal. It’s not just about detecting threats; it's about enhancing your digital life with uninterrupted security. Give it a try and experience what it feels like to browse worry-free!

Gridinsoft Anti-Malware Download Now
Gridinsoft Anti-Malware