» halloweenclipartfree.exe
Overview
Analysis
File Details

halloweenclipartfree.exe

Freeze.com, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application halloweenclipartfree.exe by Freeze.com has been detected as adware by 23 anti-malware scanners. The program is a setup application that uses the Wise Installer installer.

File name:

Publisher:

Freeze.com, LLC (signed and verified)

MD5:

8b4d7a832410ab3db8d7c715c1aafcc0

SHA-1:

e83a4336c93899d9e2c0c66a98b86ae15ff9d1d7

Scanner detections:

23 / 68

Status:

Adware

Analysis date:

11/15/2024 6:07:27 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Downloader/Win32.Agent

2013.11.09

Avira AntiVirus

TR/Dldr.Agent.4049008

7.11.112.66

avast!

Win32:Whenu-I [PUP]

2014.9-150818

Bitdefender

Adware.Generic.58788

1.0.20.1150

Comodo Security

TrojWare.Win32.Downloader.Agent.avz

17237

Dr.Web

Trojan.AVKill.230

9.0.1.0230

Emsisoft Anti-Malware

Adware.Generic.58788

8.15.08.18.12

ESET NOD32

Win32/Adware.WhenU.SaveNow

9.9024

Fortinet FortiGate

Adware/Relevant

8/18/2015

F-Prot

W32/WhenU.A.gen

v6.4.7.1.166

F-Secure

Trojan.Downloader.Agent.AVZ

11.2015-18-08_3

G Data

Adware.Generic.58788

15.8.22

Kaspersky

not-a-virus:WebToolbar.Win32.WhenU

14.0.0.1565

McAfee

Artemis!8B4D7A832410

5600.6670

Microsoft Security Essentials

Adware:Win32/WhenU

1.163.1557.3

MicroWorld eScan

Adware.Generic.58788

16.0.0.690

Panda Antivirus

Trj/CI.A

15.08.18.12

Reason Heuristics

PUP.InstallX.Freeze (M)

15.8.18.0

Sophos

WhenU

4.94

Trend Micro House Call

ADW_FREEZESCR

7.2.230

Trend Micro

ADW_FREEZESCR

10.465.18

Vba32 AntiVirus

Signed-Trojan-Downloader.Win32.Agent.avz

3.12.24.3

VIPRE Antivirus

WhenU.Save

23174

File size:

3.9 MB (4,049,008 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Wise Installer

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\my downloads\halloweenclipartfree.exe

Digital Signature

Signed by:

Freeze.com, LLC

Authority:

VeriSign, Inc.

Valid from:

11/13/2005 5:00:00 PM

Valid to:

1/7/2007 4:59:59 PM

Subject:

CN="Freeze.com, LLC", OU=Downloads, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Freeze.com, LLC", L=Waite Park, S=Minnesota, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

760FD90A1A5D07296CE99BD3D412D3DC

File PE Metadata

Compilation timestamp:

4/8/1999 2:24:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:/jTmu3lGDwPxhv3vg28VyeoKSL9K2hJ2/Jw1VYr0Yrd2d:/vmOll/On1S5fTV00YJU

Entry address:

0x1000

Entry point:

55, 8B, EC, 81, EC, 78, 05, 00, 00, 53, 56, BE, 04, 01, 00, 00, 57, 8D, 85, 94, FD, FF, FF, 56, 33, DB, 50, 53, FF, 15, 34, 20, 40, 00, 8D, 85, 94, FD, FF, FF, 56, 50, 8D, 85, 94, FD, FF, FF, 50, FF, 15, 30, 20, 40, 00, 8B, 3D, 2C, 20, 40, 00, 53, 53, 6A, 03, 53, 6A, 01, 8D, 85, 94, FD, FF, FF, 68, 00, 00, 00, 80, 50, FF, D7, 83, F8, FF, 89, 45, FC, 0F, 84, 7B, 01, 00, 00, 8D, 85, 90, FC, FF, FF, 50, 56, FF, 15, 28, 20, 40, 00, 8D, 85, 98, FE, FF, FF, 50, 53, 8D, 85, 90, FC, FF, FF, 68, 10, 30, 40, 00, 50... 
[+]

Entropy:

7.9985

Packer / compiler:

Wise Installer Stub

Code size:

512 Bytes (512 bytes)

Remove halloweenclipartfree.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.