» deep freeze v7, 6, 5, 4.exe
Overview
Analysis
File Details
Downloads (1)

deep freeze v7, 6, 5, 4.exe

The executable deep freeze v7, 6, 5, 4.exe has been detected as malware by 37 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dc502.4shared.com.

File name:

MD5:

b792927a161ceebfff88ed84a45681e9

SHA-1:

1a7e3327166699a6db7167b754aa4c2b431c3eaa

SHA-256:

aaad37da56f603f7ad3f484b6d2ce0ef1578223e0962f3d5b38c101cbfa0d561

Scanner detections:

37 / 68

Status:

Malware

Analysis date:

11/24/2024 6:35:08 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Dropped:Trojan.Generic.8328225

984

AegisLab AV Signature

Troj.PSW32.W.Agent

2.1.4+

Agnitum Outpost

Trojan.PWS.Agent

7.1.1

Avira AntiVirus

TR/Agent.1531232

7.11.149.220

avast!

Win32:Malware-gen

2014.9-140526

AVG

PSW.Agent

2015.0.3462

Baidu Antivirus

Trojan.Win32.InfoStealer

4.0.3.14526

Bitdefender

Dropped:Trojan.Generic.8328225

1.0.20.730

Bkav FE

W32.Clod2fa.Trojan

1.3.0.4959

Dr.Web

Trojan.PWS.Siggen.54434

9.0.1.0146

Emsisoft Anti-Malware

Dropped:Trojan.Generic.8328225

8.14.05.26.10

Fortinet FortiGate

W32/Agent.ADBF!tr.pws

5/26/2014

F-Secure

Trojan.Generic.8328225

11.2014-26-05_2

G Data

Dropped:Trojan.Generic.8328225

14.5.24

IKARUS anti.virus

Trojan-PWS.Agent

t3scan.1.6.1.0

McAfee

Artemis!B792927A161C

5600.7118

MicroWorld eScan

Dropped:Trojan.Generic.8328225

15.0.0.438

NANO AntiVirus

Trojan.Win32.Chifrax.crgkyr

0.28.0.59911

Norman

Suspicious_Gen4.BWCQI

11.20140526

nProtect

Trojan/W32.Agent.1531232

14.05.15.01

Panda Antivirus

Trj/Downloader.VPT

14.05.26.10

Qihoo 360 Security

Win32/Trojan.PSW.7a2

1.0.0.1015

Quick Heal

TrojanPSW.Agent.adbf

5.14.14.00

Sophos

Mal/Generic-S

4.98

Trend Micro House Call

TROJ_SPNR.38L213

7.2.146

Trend Micro

TROJ_SPNR.38L213

10.465.26

Vba32 AntiVirus

TrojanPSW.Agent

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

29246

ViRobot

Trojan.Win32.A.PSW-Agent.1531232

2011.4.7.4223

File size:

1.5 MB (1,531,232 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

3/15/2010 3:27:50 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:wutr5OUrdhAXt4CdlQbsT104d7koRQ4srpBWuvagj1bB+U0B4IizTEoI1NjarUn4:wuXDhAXt4CHQbsh04CJaaBPzTE31NjL4

Entry address:

0xA7B1

Entry point:

E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, BE, 2B, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, D0, A7, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 1C, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 1C, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, AF, AC, FF, FF, C3, 55, 8B, EC, 83, EC, 1C, 56, 33, F6, 56, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 40, 22, 41, 00, 85, C0, 74, 21, 56, 56, 56, 8D, 45, E4, 50, FF, 15, 44, 22, 41, 00, 8D, 45, E4... 
[+]

Entropy:

7.9640 (probably packed)

Code size:

66 KB (67,584 bytes)

The file deep freeze v7, 6, 5, 4.exe has been seen being distributed by the following URL.

http://dc502.4shared.com/download/.../Anti-Deep_Freeze_v7_6_5_4.exe

Remove deep freeze v7, 6, 5, 4.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.