home

camfrog.exe

Camfrog Video Chat

RICH MEDIA SYSTEMS INC.

The application camfrog.exe by RICH MEDIA SYSTEMS INC has been detected as a potentially unwanted program by 17 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from camfrog-video-chat.1800download.com and multiple other hosts.
Publisher:
RICH MEDIA SYSTEMS INC.  (signed and verified)

Product:
Camfrog Video Chat

Version:
1.0.0.0

MD5:
078748add0b1a547c66715845080cf69

SHA-1:
a67b00246dcd517f8d5f798f9c83e90be588664a

SHA-256:
2b863ad670298eb69e92fe5c36e58fd318132f92412933c0f887bb4ab4d8a6d4

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
2/25/2025 10:30:22 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AVG
OpenCandy
2016.0.2998

Baidu Antivirus
Adware.Win32.OpenCandy
4.0.3.1592

Clam AntiVirus
Win.Trojan.Agent-855157
0.98/21511

Dr.Web
Adware.Downware.10304
9.0.1.0245

ESET NOD32
Win32/OpenCandy.C potentially unsafe (variant)
9.11638

Fortinet FortiGate
Riskware/OpenCandy
9/2/2015

G Data
Win32.Adware.OpenCandy
15.9.25

K7 AntiVirus
Trojan
13.204.15934

Malwarebytes
PUP.Optional.OpenCandy
v2015.09.02.01

McAfee
Artemis!078748ADD0B1
5600.6654

NANO AntiVirus
Riskware.Win32.Downloader.dqybkl
0.30.24.1357

Panda Antivirus
PUP/OpenCandy
15.09.02.01

Reason Heuristics
PUP.RICHMEDIASYSTEMS.Installer (M)
15.9.2.13

Sophos
OpenCandy
4.98

Trend Micro House Call
Suspicious_GEN.F47V0418
7.2.245

VIPRE Antivirus
Sevas-S Installer
40300

File size:
415.7 KB (425,656 bytes)

File type:
Executable application (Win32 EXE)

Installer:
NSIS (Nullsoft Scriptable Install System)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\camfrog.exe

Digital Signature
Signed by:
RICH MEDIA SYSTEMS INC.

Authority:
Symantec Corporation

Valid from:
2/17/2015 7:00:00 AM

Valid to:
2/18/2016 6:59:59 AM

Subject:
CN=RICH MEDIA SYSTEMS INC., O=RICH MEDIA SYSTEMS INC., L=HENDERSON, S=Nevada, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3F87144C25AF8BCF29F29C5A1FEEF4BA

File PE Metadata
Compilation timestamp:
5/20/2013 6:53:00 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:UiucV6ybxz5n9eMkzlJ+wpRO6NRCNENmz4jCZNiDa8B2iT9Gp9He/:Uiuibxz59hkDNpRO9MsNiV2iTa9u

Entry address:
0x331C

Entry point:
81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 30, 92, 40, 00, 89, 6C, 24, 14, FF, 15, 34, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, BC, 70, 40, 00, 55, FF, 15, AC, 72, 40, 00, 6A, 08, A3, 98, 92, 42, 00, E8, A8, 2E, 00, 00, A3, E4, 91, 42, 00, 55, 8D, 44, 24, 34, 68, B4, 02, 00, 00, 50, 55, 68, 90, 06, 42, 00, FF, 15, 7C, 71, 40, 00, 68, 7C, 93, 40, 00, 68, E0, 81, 42, 00, E8, 13, 2B, 00, 00, FF, 15, 34, 71, 40, 00, BB, 00, 40, 43, 00, 50, 53, E8, 01, 2B, 00, 00...
 
[+]

Entropy:
7.8133

Packer / compiler:
Nullsoft install system v2.x

Code size:
24 KB (24,576 bytes)

The file camfrog.exe has been seen being distributed by the following 3 URLs.

http://camfrog-video-chat.1800download.com/get_azure_file/wUiS4WnYccXEwj /TeqjC1c0kw48PjylER7wZ9rVs h152f0sDcx2dBNJ0DtevylYSfjhxdKOSCGGOO1Xuxj0bIjzsCXFQ6T iv C1T8 3G8geeI943KmiBBo58igFZQXzWtCTRn15p97CCjUGKRS/.../Qr452URBuNfg3gCpKrh 1CagCd0LsZvvFjv7uNKamSYyZrdHV49 M3wpoqL SQhqzRyz3c9FEC3zDU75oZD2g0s3NTHOuWAG3MvYfQ==

http://camfrog-video-chat.1800download.com/get_azure_file/wUiS4WnYccXBwj pXP7oQlssmV89fDKlEgq2JM7Y9uk353f/sGMxwdkEPxikerC/NXS20hMBbDfTXKq1E/Y9wLNygp/JFQfS9SnyHkT1vX 5jOfa7dPem3Ed/slk1hdQXzWtCTRnlcIt7CC5UGCTUvwFnNXqdD0EYqszLBkdOOz9UHBtLYaOf1l3nqq9GCcheozw1 08CG x8VDOnPV UMv MJ7/.../UXKquZWaiHp5O NRTsc3OH4porH2QEwj0UGugpURASeiDA75scO9kx0ufXjGsngX3svYfQ==?_ga=1.44746468.1503561844.1429257174

http://camfrog-video-chat.1800download.com/get_azure_file/wUiS4WnYccXAwj uQbjxCggnkkU3LTPkEhv4cp K4fE9tG//.../5 D9G3ccKkfSUFnIHhTKBh3UEH5sv3jFDyfPkkynrkXJhAqJ7vFib04MnB3j4rJLxBT5Ziem0o8 igFwgm10jkiJoHASeiDA75scO9kx0ufXjGsngX3svYfQ==

Remove camfrog.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.