» uninstall.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

uninstall.exe

FrostWire 6

FrostWire LLC

The application uninstall.exe, “FrostWire - Search, Download, Play, Share.” has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer, however the file is not signed with an authenticode signature from a trusted source. This is the uninstaller utility registered in the Windows Control Panel for the program FrostWire 6.1.4 by FrostWire LLC. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.

File name:

uninstall.exe

Publisher:

FrostWire LLC

Product:

FrostWire 6

Description:

FrostWire - Search, Download, Play, Share.

Version:

6.1.4.2

MD5:

e88bd7e7abe1676336faf112dd5bb731

SHA-1:

0bfb47e4bcb5bab4e72f6aceb5ec6772d990e56c

SHA-256:

44be44f19fbd868602615678eae225da30f0c87f1814aa8d75e1ab91832feae2

Scanner detections:

3 / 68

Status:

Potentially unwanted

Explanation:

Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:

1/13/2025 7:07:32 AM UTC (today)

Scan engine

Detection

Engine version

Clam AntiVirus

Win.Adware.Opencandy-9

0.98/20791

Reason Heuristics

PUP.OpenCandy (M)

16.12.5.20

Zillya! Antivirus

Adware.OpenCandy.Win32.17

2.0.0.2397

File size:

495.7 KB (507,640 bytes)

Product version:

6.1.4.2

FrostWire LLC 2008

Original file name:

frostwire-6.1.4.windows.coc.premium.exe

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\Program Files\frostwire\uninstall.exe

File PE Metadata

Compilation timestamp:

7/8/2012 6:50:55 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:BqFCijsuos9Wm/3YruiYPL6+WQu5l/7yj:BqvPos9tIkP2+Ra/7yj

Entry address:

0x3A02

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, F0, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 38, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 34, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 1C, 93, 40, 00, 68, C0, AD, 46, 00, E8, 1A, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 08, 27, 00, 00... 
[+]

Entropy:

5.5389

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

Program Uninstaller

Program name:

FrostWire 6.1.4

Display publisher:

FrostWire LLC

Display version:

6.1.4.2

Uninstall string:

C:\Program Files (x86)\FrostWire\Uninstall.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to ec2-50-16-13-109.compute-1.amazonaws.com (50.16.13.109:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.