home

freezipsetup-3qotdwmc.exe

The application freezipsetup-3qotdwmc.exe has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from d3uhwftq5icnsq.cloudfront.net.
MD5:
760d8c148c02a8c85823a78f64378029

SHA-1:
bde0b72ba3bef231faddafb816a42e1781554516

SHA-256:
ef7cb0e29be25d4e1eb2750c7df627b66d071a23e0490bdbd941cc67d3d31060

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
2/26/2025 10:18:07 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:SaliCode
160310-2

AVG
Win32/Sality
2015.0.4533

Dr.Web
Win32.Sector.30
9.0.1.05190

ESET NOD32
Win32/Sality.NBA virus
7.0.302.0

F-Prot
W32/Sality.gen2
4.6.5.141

F-Secure
Win32.Sality.3
5.15.21

Kaspersky
not-a-virus:Downloader.NSIS.Mazel
15.0.0.562

McAfee
Virus.W32/Sality.gen.z
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.215.2524.0

VIPRE Antivirus
Threat.4721115
47848

File size:
301.8 KB (309,080 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\freezipsetup-3qotdwmc.exe

File PE Metadata
Compilation timestamp:
12/17/2010 4:14:15 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
6144:4J380oq693nrmNNnXogneGMY0ZqbwKTKAx+TS1owWmpgAP2:4F80oqYmbXogeG7x1LsSOeO

Entry address:
0x380C

Entry point:
87, D1, 28, ED, 45, 4B, 69, C6, 6E, 70, 9C, 91, 70, 09, C6, C3, F4, C7, C5, AB, 32, 1B, E3, 0F, B7, DB, C7, C6, 6A, 66, 97, 8C, BA, 8A, 05, 00, 00, F3, 81, F2, 0F, ED, 00, 00, 0F, AF, C2, FE, C3, F3, 0F, AF, FD, C6, C0, 51, 0F, C1, D1, 2D, D3, 72, 16, 65, F2, 81, E9, 28, 39, 00, 00, 0F, BE, FC, 86, D9, 0F, BF, FF, 56, FF, C6, 86, C2, 75, 05, 0F, AF, C8, 12, DE, 68, 83, CE, 0E, 00, EB, 04, B2, CD, 28, D8, E8, 15, 00, 00, 00, F3, 0F, BF, C3, 8D, 1D, 24, 71, 6C, 1E, B3, 37, FE, C4, FF, C9, 33, D5, 0F, BE, ED...
 
[+]

Entropy:
7.8409  (probably packed)

Code size:
30 KB (30,720 bytes)

The file freezipsetup-3qotdwmc.exe has been seen being distributed by the following URL.

http://d3uhwftq5icnsq.cloudfront.net/installers/cli/.../FreeZipSetup-3qOtdWMc.exe

Remove freezipsetup-3qotdwmc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.