Gridinsoft Logo
File Icon

The FileZilla_3.69.1_win64_sponsored2-setup.exe (FileZilla FTP Client) File Analysis

Updated 10 days ago
Checked by Malaware Check
FileZilla_3.69.1_win64_sponsored2-setup.exe

Technical Analysis

File Name FileZilla_3.69.1_win64_sponsored2-setup.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
SSDEEP Hash
393216:9Ro8K+vH2jEL6xe2nhUv12NyEApJlLhn2I9lVG+ZSx5N+pLz:9RrH2DxeSOvQN2H7p3YPc1
Scanner Version 1.0.217.174
Database Version 2025-05-25 16:00:22 UTC

Suspicious File Detected

Detected by 5 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
7%
Detection Rate
12,858,904
File Size (bytes)
5/71
Engines Detected
2025-05-25
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
9cee5deb1063cf3355de213041befd10
SHA1
f30f94f343c17fa42df704773f185bf608b1a7c8
SHA256
e9b416ff84a7cf0b7b3fa1623378ac1f1231149fabd7ec9b37c47f210f13031b
SHA512
d1e2e1a9019f56e4290c5d1b44cd3b146b887dadfc7395620c1d3c0ea780e295f5b88572c65dae03732f07294634297f76c495fae8ca5e64fe61588b1b0c3974
ImpHash
46ce5c12b293febbeb513b196aa7f843

Security Engines with Detections (5 of 71)

McAfee
Artemis!9CEE5DEB1063 Malicious
Cylance
Unsafe Malicious
CrowdStrike
win/grayware_confidence_60% (D) Malicious
Rising
Adware.PlayaNext/NSIS!1.EC39 (CLASSIC) Malicious
Microsoft
PUABundler:Win32/FileZilla_BundleInstaller Malicious
66 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Icon
Hash: f851536d8642eb81a4eb2fdc1dba3641
Fuzzy: 7c9ba2bdd2a8c45d5149ee6b6821ea21
dHash: 86696ddce4f4d269
Image Base 0x00400000
Entry Point 0x0040369f
Compilation Time 2025-03-08 23:05:20
Checksum 0x00c4e958 (Actual: 0x00c4e958)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive
Digital Signature Chain verification from CN=Tim Kosse, O=Tim Kosse, ST=Nordrhein-Westfalen, C=DE (serial:71974109122260358738279808626602625393, sha1:1ff3b857ab5501e21cfec7aee8685172ac56dad2) failed: Unable to build a validation path for the certificate "Common Name: Tim Kosse, Organization: Tim Kosse, State/Province: Nordrhein-Westfalen, Country: DE" - no issuer matching "Common Name: Sectigo Public Code Signing CA R36, Organization: Sectigo Limited, Country: GB" was found
Imports 7 libraries
ADVAPI32, SHELL32, ole32, COMCTL32, USER32, GDI32, KERNEL32
Exports 0 functions
Resources 16 Resources
Sections 5 Sections

Version Information

CompanyName Tim Kosse
FileDescription FileZilla FTP Client
FileVersion 3.69.1
LegalCopyright Tim Kosse
OriginalFilename FileZilla_3.69.1_win32-setup.exe
ProductName FileZilla
ProductVersion 3.69.1
Translation 0x0409 0x04b0

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00001000 26,385 bytes 26,624 bytes 6.45 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ AFB6C5993570F82E85EC446BBB886505
.rdata 0x00008000 4,952 bytes 5,120 bytes 5.10 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ E913094D8CCEACA6B405BBBB52936387
.data 0x0000a000 129,912 bytes 1,536 bytes 4.12 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE 9D011BEBA2FE64A93F62FBB227CC9C35
.ndata 0x0002a000 290,816 bytes 0 bytes 0.00 (Normal) IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE D41D8CD98F00B204E9800998ECF8427E
.rsrc 0x00071000 41,888 bytes 41,984 bytes 6.57 (Compressed) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ F9A2B30DC289EDA80CFB27F6F467034D
Entropy Analysis Alert

1 section(s) with elevated entropy (≥6.5) - possible compression

Resource Analysis

Total Resources: 16 (40,934 bytes)
Resource Type Count Total Size Percentage
RT_BITMAP 1 1,638 bytes
4%
RT_ICON 5 35,517 bytes
86.8%
RT_DIALOG 7 1,972 bytes
4.8%
RT_GROUP_ICON 1 76 bytes
0.2%
RT_VERSION 1 672 bytes
1.6%
RT_MANIFEST 1 1,059 bytes
2.6%

Certificate Chain Analysis

Certificate Information
Product FileZilla
Description FileZilla FTP Client
File Version 3.69.1
Original Name FileZilla_3.69.1_win32-setup.exe
Signing Date 10:10 AM 04/23/2025 (43 days ago)
Verification Status Signed
Signers Tim Kosse; Sectigo Public Code Signing CA R36; Sectigo Public Code Signing Root R46; Sectigo (AAA)
Counter Signers Sectigo Public Time Stamping Signer R36; Sectigo Public Time Stamping CA R36; Sectigo Public Time Stamping Root R46; Sectigo
Copyright Tim Kosse
Certificate Chain Summary
Tim Kosse #1 Primary
Validity Period: 2025-02-11 00:00:00 → 2028-02-11 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 36 25 B5 8D FE 9D C7 D4 4E 89 D1 AB D7 C5 49 71
Sectigo Public Time Stamping Root R46 #2 Chain
Validity Period: 2021-03-22 00:00:00 → 2038-01-18 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 36 C2 B0 BD 7C 1B 3A E7 A3 B3 DD 36 CB C9 75 68
Sectigo Public Time Stamping CA R36 #3 Chain
Validity Period: 2021-03-22 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: 7A 23 AE DA 53 69 96 0F 91 C8 3E 5C F4 C7 E3 3F
Sectigo Public Time Stamping Signer R36 #4 Chain
Validity Period: 2025-03-27 00:00:00 → 2036-03-21 23:59:59
Signature Algorithm: sha384RSA
Serial Number: A4 29 3B 6E 1E DD D7 A7 34 08 87 AD 7A 4E B7 24

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

Chain verification from CN=Tim Kosse, O=Tim Kosse, ST=Nordrhein-Westfalen, C=DE (serial:71974109122260358738279808626602625393, sha1:1ff3b857ab5501e21cfec7aee8685172ac56dad2) failed: Unable to build a validation path for the certificate "Common Name: Tim Kosse, Organization: Tim Kosse, State/Province: Nordrhein-Westfalen, Country: DE" - no issuer matching "Common Name: Sectigo Public Code Signing CA R36, Organization: Sectigo Limited, Country: GB" was found

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
5 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware