xfire_setup.exe

Xfire

Xfire Inc

The application xfire_setup.exe, “Xfire Setup ” by Xfire Inc has been detected as a potentially unwanted program by 3 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. Additionally, the file is typically installed by a number of programs including Arcane Saga Online by CJ Games Global and Uncharted Waters Online by NetmarbleGlobal. The installer uses the OpenCandy monitzation platform which will donwload and install offers in the setup for potentially unwanted software including ad/search-supported toolbars.
Publisher:
Xfire, Inc.   (signed by Xfire Inc)

Product:
Xfire

Description:
Xfire Setup

Version:
2.38.0.295

MD5:
29e8a4d48015b4f6f12dd8c16d1ee4e2

SHA-1:
d2fefb06f417dceb71cb2478dc5f376d25748b80

SHA-256:
306fd2db32b61498b3c63f3ddca91619082d9989bac87a6a4d7c12a14f5bae3a

Scanner detections:
3 / 68

Status:
Potentially unwanted

Explanation:
Packages the OpenCandy software bundler that offers to install additional software and may include web browser add-ons and toolbars which display advertising (based on publisher settings and geo context).

Analysis date:
11/27/2024 8:43:11 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
8.10150

NANO AntiVirus
Riskware.Win32.OpenCandy.dbnhoi
0.28.2.60990

Reason Heuristics
PUP.OpenCandy.Installer (L)
16.11.30.17

File size:
14.2 MB (14,927,112 bytes)

Product version:
2.0

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Common path:
C:\users\{user}\downloads\xfire_setup.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
7/18/2012 9:00:00 PM

Valid to:
7/18/2013 8:59:59 PM

Subject:
CN=Xfire Inc, OU=Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Xfire Inc, L=Menlo Park, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
06A70F76C5A51956CB33D6A3FDD5CD93

File PE Metadata
Compilation timestamp:
7/9/2012 10:41:29 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:IMxdljXiYfykRlAaCA1+K03937qiBsBoZxya3:IMxdtRlABAjC937qCMojl3

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B8, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 56, EC, FF, FF, E8, FD, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, E8, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file xfire_setup.exe has been discovered within the following programs.

Arcane Saga Online  by CJ Games Global
www.netmarble.com
About 8% of users remove it
Uncharted Waters Online  by NetmarbleGlobal
www.NetmarbleGlobal.com
About 9% of users remove it
 
Powered by Should I Remove It?

The file xfire_setup.exe has been seen being distributed by the following 3 URLs.

http://filehippo.com/download/file/.../

Remove xfire_setup.exe - Powered by Reason Core Security