Gridinsoft Logo
File Icon

The FileZilla_3.66.5_win64_sponsored2-setup (1).exe (FileZilla FTP Client) File Analysis

Updated 1 year ago
Checked by Malware Check
FileZilla_3.66.5_win64_sponsored2-setup (1).exe

Technical Analysis

File Name FileZilla_3.66.5_win64_sponsored2-setup (1).exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
SSDEEP Hash
393216:TAJ8PZ1g/3inKFsdoSpsK1RVryLx9FPeN:TAJ8P8/yKF+oSpsKPtux9teN
Scanner Version 1.0.171.174
Database Version 2024-04-06 15:00:18 UTC

Suspicious File Detected

Detected by 13 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
19%
Detection Rate
12,800,080
File Size (bytes)
13/68
Engines Detected
2024-04-06
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
861c54a22491b35880f4ec629cfd699f
SHA1
71a32e0d99f6d6a36770bf60686c4ac04eb9d70c
SHA256
dbde8a4bd71bb1fbc0511cdb657dfeffdaedc513aa425f856043532a7cba6fce
SHA512
e34d2a9769bc03f87851b81a88bdb1edbff17725170f6b50bde12a3eb092b221b685160b3b979ca77d249172d2137e7ac9463f2fd8b86296bdd1fa0841a9783c
ImpHash
9dda1a1d1f8a1d13ae0297b47046b26e

Security Engines with Detections (13 of 68)

Bkav
W32.Common.F8C96021 Malicious
Malwarebytes
PUP.Optional.BundleInstaller Malicious
VirIT
Deceptor.FileZillaBd.EEV Malicious
Symantec
PUA.Superfluss Malicious
ESET-NOD32
a variant of Win32/PlayaNext.B potentially unwanted Malicious
Sophos
Generic Reputation PUA (PUA) Malicious
Microsoft
PUABundler:Win32/FileZilla_BundleInstaller Malicious
Xcitium
ApplicUnwnt@#3aq8ttcqtatot Malicious
GData
Win32.Application.Agent.30RPTX Malicious
Cylance
unsafe Malicious
Rising
Adware.PlayaNext/NSIS!1.EC39 (CLASSIC) Malicious
DeepInstinct
MALICIOUS Malicious
CrowdStrike
win/grayware_confidence_60% (D) Malicious
55 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: f851536d8642eb81a4eb2fdc1dba3641
Fuzzy: 7c9ba2bdd2a8c45d5149ee6b6821ea21
dHash: 86696ddce4f4d269
Image Base 0x00400000
Entry Point 0x00403645
Compilation Time 2023-07-02 02:09:43
Checksum 0x00c3ca27 (Actual: 0x00c3ca27)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Digital Signature OK
Imports 7 libraries
ADVAPI32, SHELL32, ole32, COMCTL32, USER32, GDI32, KERNEL32
Exports 0 functions
Resources 16 Resources
Sections 5 Sections

Version Information

CompanyName Tim Kosse
FileDescription FileZilla FTP Client
FileVersion 3.66.5
LegalCopyright Tim Kosse
OriginalFilename FileZilla_3.66.5_win32-setup.exe
ProductName FileZilla
ProductVersion 3.66.5
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 26,295 bytes 26,624 bytes 6.44 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E65344AC983813901119E185754EC24E
.rdata 0x00008000 4,952 bytes 5,120 bytes 5.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ BD82D08A08DA8783923A22B467699302
.data 0x0000a000 129,912 bytes 1,536 bytes 4.13 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE CAA377D001CFC3215A3EDFF6D7702132
.ndata 0x0002a000 290,816 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x00071000 41,888 bytes 41,984 bytes 6.57 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 10F8D2A2A714C753CA0E54E80476847D
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 16 (40,934 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 1,638 bytes
4%
RT_ICON 5 35,517 bytes
86.8%
RT_DIALOG 7 1,972 bytes
4.8%
RT_GROUP_ICON 1 76 bytes
0.2%
RT_VERSION 1 672 bytes
1.6%
RT_MANIFEST 1 1,059 bytes
2.6%

Certificate Chain Analysis

Certificate Information
Product FileZilla
Description FileZilla FTP Client
File Version 3.66.5
Original Name FileZilla_3.66.5_win32-setup.exe
Signing Date 10:14 AM 02/07/2024 (496 days ago)
Verification Status Signed
Signers Tim Kosse; Sectigo Public Code Signing CA R36; Sectigo Public Code Signing Root R46; Sectigo (AAA)
Counter Signers DigiCert Timestamp 2023; DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA; DigiCert Trusted Root G4; DigiCert
Copyright Tim Kosse
Certificate Chain Summary
Tim Kosse #1 Primary
Validity Period: 2022-02-18 00:00:00 → 2025-02-17 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 31 83 0C 37 0A D7 E4 97 63 3B 6E B3 A0 2D 69 E6
AAA Certificate Services #2 Chain
Validity Period: 2004-01-01 00:00:00 → 2028-12-31 23:59:59
Signature Algorithm: sha1RSA
Serial Number: 01
Sectigo Public Code Signing Root R46 #3 Chain
Validity Period: 2021-05-25 00:00:00 → 2028-12-31 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 48 FC 93 B4 60 55 94 8D 36 A7 C9 8A 89 D6 94 16
Sectigo Public Code Signing CA R36 #4 Chain
Validity Period: 2021-03-22 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 62 1D 6D 0C 52 01 9E 3B 90 79 15 20 89 21 1C 0A
DigiCert Trusted Root G4 #5 Chain
Validity Period: 2022-08-01 00:00:00 → 2031-11-09 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 0E 9B 18 8E F9 D0 2D E7 EF DB 50 E2 08 40 18 5A
DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA #6 Chain
Validity Period: 2022-03-23 00:00:00 → 2037-03-22 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 07 36 37 B7 24 54 7C D8 47 AC FD 28 66 2A 5E 5B
DigiCert Timestamp 2023 #7 Chain
Validity Period: 2023-07-14 00:00:00 → 2034-10-13 23:59:59
Signature Algorithm: sha256RSA
Serial Number: 05 44 AF F3 94 9D 08 39 A6 BF DB 3F 5F E5 61 16

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

OK

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
13 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware