filezilla_server-0_9_50.exe

Software

Program Soft Installer

The application filezilla_server-0_9_50.exe, “Software Setup ” has been detected as a potentially unwanted program by 7 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The setup program uses the InstallCore engine which may bundle additional software offers including toolbars and browser extensions. While running, it connects to the Internet address ftp.jaist.ac.jp on port 80 using the HTTP protocol.
Publisher:
Program Soft Installer

Product:
Software

Description:
Software Setup

Version:
1.3.4.6

MD5:
cf44c14109884fb6806ce7e4d94bbff2

SHA-1:
52a1d5652f459cdd66bc36ef8b2177f3ef0b0520

SHA-256:
f8825aad1ac79e77c6638bf63d432cd3b942015a6e54d23b40067e2b71665066

Scanner detections:
7 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallCore download manager to install additional potentially unwanted software which may include extensions such as DealPly and various toolbars.

Analysis date:
12/25/2024 1:10:24 PM UTC  (today)

Scan engine
Detection
Engine version

Baidu Antivirus
Adware.Win32.InstallCore
4.0.3.1572

Comodo Security
Application.Win32.InstallCore.DAZ
22322

ESET NOD32
Win32/InstallCore.YJ potentially unwanted application
7.0.302.0

G Data
Win32.Application.InstallCore.EG
15.7.25

Malwarebytes
v2015.07.02.02

Reason Heuristics
PUP.Win.Reputation
15.6.15.10

Vba32 AntiVirus
Malware-Cryptor.InstallCore.gen
3.12.26.4

File size:
738.2 KB (755,917 bytes)

Product version:
4.1.8

Copyright:
Web

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\filezilla_server-0_9_50.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:8PcfGVQfXL4rvfoBTDMMi2Krv8qIdJbCg9igxikybePpZga1ZF6:8Pcf2QfXLaWTQp1v8quVCgdyb2pp6

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.8190

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to ftp.jaist.ac.jp  (150.65.7.130:80)

TCP (HTTP):
Connects to ec2-54-243-153-163.compute-1.amazonaws.com  (54.243.153.163:80)

TCP (HTTP):
Connects to ec2-54-186-47-57.us-west-2.compute.amazonaws.com  (54.186.47.57:80)

TCP (HTTP):
Connects to ec2-52-10-224-155.us-west-2.compute.amazonaws.com  (52.10.224.155:80)

TCP (HTTP):
Connects to downloads.sourceforge.net  (216.34.181.59:80)

TCP (HTTP):

Remove filezilla_server-0_9_50.exe - Powered by Reason Core Security