deep freeze v7, 6, 5, 4.exe

The executable deep freeze v7, 6, 5, 4.exe has been detected as malware by 37 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dc502.4shared.com.
MD5:
b792927a161ceebfff88ed84a45681e9

SHA-1:
1a7e3327166699a6db7167b754aa4c2b431c3eaa

SHA-256:
aaad37da56f603f7ad3f484b6d2ce0ef1578223e0962f3d5b38c101cbfa0d561

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
11/24/2024 6:35:08 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Dropped:Trojan.Generic.8328225
984

AegisLab AV Signature
Troj.PSW32.W.Agent
2.1.4+

Agnitum Outpost
Trojan.PWS.Agent
7.1.1

Avira AntiVirus
TR/Agent.1531232
7.11.149.220

avast!
Win32:Malware-gen
2014.9-140526

AVG
PSW.Agent
2015.0.3462

Baidu Antivirus
Trojan.Win32.InfoStealer
4.0.3.14526

Bitdefender
Dropped:Trojan.Generic.8328225
1.0.20.730

Bkav FE
W32.Clod2fa.Trojan
1.3.0.4959

Dr.Web
Trojan.PWS.Siggen.54434
9.0.1.0146

Emsisoft Anti-Malware
Dropped:Trojan.Generic.8328225
8.14.05.26.10

Fortinet FortiGate
W32/Agent.ADBF!tr.pws
5/26/2014

F-Secure
Trojan.Generic.8328225
11.2014-26-05_2

G Data
Dropped:Trojan.Generic.8328225
14.5.24

IKARUS anti.virus
Trojan-PWS.Agent
t3scan.1.6.1.0

McAfee
Artemis!B792927A161C
5600.7118

MicroWorld eScan
Dropped:Trojan.Generic.8328225
15.0.0.438

NANO AntiVirus
Trojan.Win32.Chifrax.crgkyr
0.28.0.59911

Norman
Suspicious_Gen4.BWCQI
11.20140526

nProtect
Trojan/W32.Agent.1531232
14.05.15.01

Panda Antivirus
Trj/Downloader.VPT
14.05.26.10

Qihoo 360 Security
Win32/Trojan.PSW.7a2
1.0.0.1015

Quick Heal
TrojanPSW.Agent.adbf
5.14.14.00

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.38L213
7.2.146

Trend Micro
TROJ_SPNR.38L213
10.465.26

Vba32 AntiVirus
TrojanPSW.Agent
3.12.26.0

VIPRE Antivirus
Trojan.Win32.Generic
29246

ViRobot
Trojan.Win32.A.PSW-Agent.1531232
2011.4.7.4223

File size:
1.5 MB (1,531,232 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
3/15/2010 3:27:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:wutr5OUrdhAXt4CdlQbsT104d7koRQ4srpBWuvagj1bB+U0B4IizTEoI1NjarUn4:wuXDhAXt4CHQbsh04CJaaBPzTE31NjL4

Entry address:
0xA7B1

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4...
 
[+]

Entropy:
7.9640  (probably packed)

Code size:
66 KB (67,584 bytes)

The file deep freeze v7, 6, 5, 4.exe has been seen being distributed by the following URL.

Remove deep freeze v7, 6, 5, 4.exe - Powered by Reason Core Security