Gridinsoft Logo
File Icon

The FileZilla_3.67.0_win64_sponsored2-setup.exe (FileZilla FTP Client) File Analysis

Updated 1 year ago
Checked by Malware Check
FileZilla_3.67.0_win64_sponsored2-setup.exe

Technical Analysis

File Name FileZilla_3.67.0_win64_sponsored2-setup.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
SSDEEP Hash
393216:9A0WSaIgUnOIJAqcFzXqvbyz7UWVompJJHU5ccGW2IV3:9A3JIuZbUMTHGWWJ5
Scanner Version 1.0.176.174
Database Version 2024-05-22 00:00:36 UTC

Suspicious File Detected

Detected by 15 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
21%
Detection Rate
12,816,896
File Size (bytes)
15/72
Engines Detected
2024-05-22
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
e4acf0e303e9f1371f029e013f902262
SHA1
180f686f2afe1ad0ac6f3498e70af910fcbce620
SHA256
9be2103d3418d266de57143c2164b31c27dfa73c22e42137f3fe63a21f793202
SHA512
fcf7ae7c539b199446085337173cee8ce61cda86b8defc46b008ff487563da33adfdaf45bc78b2b75aaa9785323c5391969f93d38a3f52919dc45f38d7adf2fc
ImpHash
9dda1a1d1f8a1d13ae0297b47046b26e

Security Engines with Detections (15 of 72)

Bkav
W32.Common.EB870922 Malicious
Cylance
unsafe Malicious
K7AntiVirus
Adware ( 005aa3111 ) Malicious
K7GW
Adware ( 005aa3111 ) Malicious
ESET-NOD32
a variant of Win32/PlayaNext.B potentially unwanted Malicious
Rising
Adware.PlayaNext/NSIS!1.EC39 (CLASSIC) Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
Webroot
W32.Adware.Gen Malicious
Microsoft
PUABundler:Win32/FileZilla_BundleInstaller Malicious
GData
Win32.Application.Agent.RX5Y73 Malicious
Varist
W32/ABAdware.SQAN-5449 Malicious
AhnLab-V3
PUP/Win.Bundler.C5615296 Malicious
DeepInstinct
MALICIOUS Malicious
Malwarebytes
PUP.Optional.BundleInstaller Malicious
Fortinet
Riskware/PlayaNext Malicious
57 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: f851536d8642eb81a4eb2fdc1dba3641
Fuzzy: 7c9ba2bdd2a8c45d5149ee6b6821ea21
dHash: 86696ddce4f4d269
Image Base 0x00400000
Entry Point 0x00403645
Compilation Time 2023-07-02 02:09:43
Checksum 0x00c4660d (Actual: 0x00c4660d)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Digital Signature OK
Imports 7 libraries
ADVAPI32, SHELL32, ole32, COMCTL32, USER32, GDI32, KERNEL32
Exports 0 functions
Resources 16 Resources
Sections 5 Sections

Version Information

CompanyName Tim Kosse
FileDescription FileZilla FTP Client
FileVersion 3.67.0
LegalCopyright Tim Kosse
OriginalFilename FileZilla_3.67.0_win32-setup.exe
ProductName FileZilla
ProductVersion 3.67.0
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 26,295 bytes 26,624 bytes 6.44 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E65344AC983813901119E185754EC24E
.rdata 0x00008000 4,952 bytes 5,120 bytes 5.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BD82D08A08DA8783923A22B467699302
.data 0x0000a000 129,912 bytes 1,536 bytes 4.13 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CAA377D001CFC3215A3EDFF6D7702132
.ndata 0x0002a000 290,816 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x00071000 41,888 bytes 41,984 bytes 6.57 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 4552C74A473ACB59E4A52F11580E1614
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 16 (40,934 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 1,638 bytes
4%
RT_ICON 5 35,517 bytes
86.8%
RT_DIALOG 7 1,972 bytes
4.8%
RT_GROUP_ICON 1 76 bytes
0.2%
RT_VERSION 1 672 bytes
1.6%
RT_MANIFEST 1 1,059 bytes
2.6%

Certificate Chain Analysis

Certificate Information
Product FileZilla
Description FileZilla FTP Client
File Version 3.67.0
Original Name FileZilla_3.67.0_win32-setup.exe
Signing Date 06:25 PM 04/15/2024 (427 days ago)
Verification Status Signed
Signers Tim Kosse; Sectigo Public Code Signing CA R36; Sectigo Public Code Signing Root R46; Sectigo (AAA)
Counter Signers DigiCert Timestamp 2023; DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA; DigiCert Trusted Root G4; DigiCert
Copyright Tim Kosse
Certificate Chain Summary
AAA Certificate Services #1 Primary
Validity Period: 2004-01-01 00:00:00 → 2028-12-31 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 01
Sectigo Public Code Signing Root R46 #2 Chain
Validity Period: 2021-05-25 00:00:00 → 2028-12-31 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 48 FC 93 B4 60 55 94 8D 36 A7 C9 8A 89 D6 94 16
Sectigo Public Code Signing CA R36 #3 Chain
Validity Period: 2021-03-22 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 62 1D 6D 0C 52 01 9E 3B 90 79 15 20 89 21 1C 0A
Tim Kosse #4 Chain
Validity Period: 2022-02-18 00:00:00 → 2025-02-17 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 31 83 0C 37 0A D7 E4 97 63 3B 6E B3 A0 2D 69 E6
DigiCert Trusted Root G4 #5 Chain
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #6 Chain
Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B
DigiCert Timestamp 2023 #7 Chain
Validity Period: 2023-07-14 00:00:00 → 2034-10-13 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 05 44 AF F3 94 9D 08 39 A6 BF DB 3F 5F E5 61 16

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
15 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware