freeopener.exe

Free Opener

Blue Labs, LLC

The application freeopener.exe by Blue Labs has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup program which is used to install the application. This file is typically installed with the program Toolwiz Time Freeze 2016 by ToolWiz. The file has been seen being downloaded from indir.gezginler.net and multiple other hosts.
Publisher:
Blue Labs, LLC  (signed and verified)

Product:
Free Opener

Version:
1.0.0.0

MD5:
46205dc3d715c9a067910f07b89864dc

SHA-1:
cab36cfbf1e0a508d4d64e8fe37031ad3c65cb7b

SHA-256:
f97054ca1da8ce6e4640eea1fe4498bded6f8bb4fd7ce1489cef91dce3a8e1f6

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
12/25/2024 12:30:54 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.BlueLabs
15.6.29.20

File size:
3.5 MB (3,642,040 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2015

Original file name:
DynamicWebDisclosure.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freeopener.exe

Digital Signature
Signed by:

Authority:
Thawte, Inc.

Valid from:
9/29/2014 9:00:00 PM

Valid to:
9/30/2015 8:59:59 PM

Subject:
CN="Blue Labs, LLC", O="Blue Labs, LLC", L=St Louis Park, S=Minnesota, C=US

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
35D6CCDACB4165CA9B77CCB53FA48DC9

File PE Metadata
Compilation timestamp:
6/12/2015 2:02:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:frgDQMHLZaDL31YsJefEF9zu9n5omgwZf4hUX6vAZlDLew:jxDZbzKf4SX3lDaw

Entry address:
0x367F5E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
3.4 MB (3,563,520 bytes)

The file freeopener.exe has been discovered within the following program.

www.Toolwiz.com
About 4% of users remove it
 
Powered by Should I Remove It?

The file freeopener.exe has been seen being distributed by the following 45 URLs.

http://indir.gezginler.net/i/18022/.../

http://www.filehorse.com/download/file/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://dl.bluelabs.net/download?product=freeopener&type=dhp&browser=chrome&bundleid=deskbarbl&trafficsource=shell&campaign=freeopener_shell

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://download.softpedia.com/dl/b7071b5920f4668e35d56f7bf8519f79/5608c4d3/100188377/software/.../FreeOpener.exe

http://www.tamindir.com/indir/MjAxNy0wMS0wNyAwMjoyMzozMw==/free-opener/windows/.../

http://www.tamindir.com/indir/MjAxNi0xMS0yMiAwMDowMDoxMw==/free-opener/windows/.../

http://indir.gezginler.net/i/18022/.../

http://www.filehorse.com/download/file/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

https://mega.nz/temporary/.../nwckDIoI

http://www.tamindir.com/indir/MjAxNi0xMS0yNiAyMzowNzowMg==/free-opener/windows/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://www.ranchsendgift.com/nrhgsHfM0WpGzDOgbfdLBH UjIsvTaofQqd91U83IG6iQxzmPXx00A1o4oiRlq hvHTnH kM3GlT2Lms7LaOvUjrx tfWUjNlLvp8LOQYpd6BbkcVsb0_HMKGeUXWjcg_3JQ_DKpb6p_qR0y5kQusYOhE5 xHrC6rmR0VZEEZEqqrIVlPl 4q pQcVVIXLYrEnWo6AAdiFot2M6pc4CkkrRh5VqQQ==-G0kAAATqZLH50lQhs12z2RSgGQfs3yUJpuFYBm6y0h4AnM2gt7EcxVQy_OoOGPphddQz9JnUpuzWZciRLwRV4wE=

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://www.filehorse.com/download/file/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

http://indir.gezginler.net/i/18022/.../

Latest 30 of 45 download URLs

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

TCP (HTTP):
Connects to s3-1-w.amazonaws.com  (54.231.81.200:80)

TCP (HTTP):
Connects to ec2-54-241-134-229.us-west-1.compute.amazonaws.com  (54.241.134.229:80)

TCP (HTTP):
Connects to ec2-54-219-145-136.us-west-1.compute.amazonaws.com  (54.219.145.136:80)

TCP (HTTP):
Connects to ec2-54-193-124-252.us-west-1.compute.amazonaws.com  (54.193.124.252:80)

TCP (HTTP):
Connects to ec2-54-183-41-226.us-west-1.compute.amazonaws.com  (54.183.41.226:80)

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

TCP (HTTP):

Remove freeopener.exe - Powered by Reason Core Security