freewifihotspot_is.exe

Free WiFi Hotspot

FreeWiFiHotspot Co., Ltd.

The application freewifihotspot_is.exe, “Free WiFi Hotspot Setup ” has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer, however the file is not signed with an authenticode signature from a trusted source. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
FreeWiFiHotspot Co., Ltd.

Product:
Free WiFi Hotspot

Description:
Free WiFi Hotspot Setup

MD5:
56ace6091c2cd98d4af2052092f031a1

SHA-1:
b4f85a604ff4c71b93b3358a2d845a491ce15ce5

SHA-256:
36a3407b5d935fa089122d4f4458ff59b502b1f10945fbc6a3b418870cd172e9

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
12/29/2024 6:38:33 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/OpenCandy.A potentially unsafe application
8.0.319.0

Kaspersky
not-a-virus:AdWare.Win32.OpenCandy
15.0.0.562

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.3.29.4

File size:
2.5 MB (2,594,488 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\freewifihotspot_is.exe

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:e9p4wsbAVT1BBkn4MXKc99zzbpoKgC7OHxHfo4nAOdBJc+Knrzq/1Sbz2r8a2Y9D:4iwjV5BRMXaFC7ORHToBrzSXr/T2uAk

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file freewifihotspot_is.exe has been seen being distributed by the following 25 URLs.

temp:FreeWiFiHotspot_IS.exe

http://www.bitssigncurrent.com/c?x=2jc NGTKgh901vNvs18UJGntT2tneA5qk0iH4vq6XE0=&c=eh41mw7J/shZk8HlYDpWGr30NtALxoNcnGcqSbjpga8IYB6vZKJWOoG2MnNvnrvBj8hnqIarvz7J1XDyDClTbW3CEDGsoxM0h8yUmHR5XN4w50Kvp2vWNgAFb4oDUO9N3GfT7ZuoytTrg8b0h8R1Sy8tPAj3awQJuH6eWL6fMQ2HrJe rs Tvr5T8kTvH1HL&e=0&downloadAs=FreeWiFiHotspot.exe&fallback_url=http://www.downloadonic.com/free-wifi-hotspot.com/.../FreeWiFiHotspot_IS.exe

http://www.bitssigncurrent.com/WVl6OTRQVXhFVFRCdmEyRk5NamxwTkhZM09TVXlSalpSSlRKR1NuUktSV0ppT0V0TVRUbDZVbFEzZUhGVVdWZEpORUV3SlRORUptTTlPWGR3U25GNFdFRllTMFpDSlRKR1p5VXlSbHB5VkV0cmQxZG5iVTVWUWtWWU1XMVhaMDFRU1Rad0pUSkNaMVV3YXpsMmRDVXlSbVoyZGtKS2EyZG1kR2tsTWtaVlprZGxZMlZYT1RSRU1ETldWRXRxVjNBeU1FZFhSR1psYzBZelZqZEtVRXgzYldKNVJUTlRiMkVsTWtaR2MyTkpKVEpHUlZablVETnROV1JoY1RWd1IwRkxUbkJhZG1Od04yUllZVU4wSlRKR1UwSkJaVWxaYTA5NGFFTmFRVUZMVVNVelJDVXpSQ1psUFRBbVpHOTNibXh2WVdSQmN6MUdjbVZsVjJsR2FVaHZkSE53YjNRdVpYaGxKbVpoYkd4aVlXTnJYM1Z5YkQxb2RIUndKVE5CSlRKR0pUSkdkM2QzTG1SdmQyNXNiMkZrYjI1cFl5NWpiMjBsTWtabWNtVmxMWGRwWm1rdGFHOTBjM0J2ZEM1amIyMGxNa1ptYVd4bGMyUnZkMjVzYjJGa0pUSkdSbkpsWlZkcFJtbEliM1J6Y0c5MFgwbFRMbVY0WlE9PQ==

Remove freewifihotspot_is.exe - Powered by Reason Core Security