× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 28f3d4d2098a87579268669974071f5050efa48dc1e7aa505e758999d5f713ee
File name: antiFreezeSetup.exe
Detection ratio: 1 / 69
Analysis date: 2019-02-23 07:16:55 UTC ( 3 weeks, 4 days ago )
Antivirus Result Update
Kingsoft VIRUS_UNKNOWN 20190301
Acronis 20190222
Ad-Aware 20190301
AegisLab 20190301
AhnLab-V3 20190301
Alibaba 20180921
Antiy-AVL 20190301
Arcabit 20190301
Avast 20190301
Avast-Mobile 20190301
AVG 20190301
Avira (no cloud) 20190301
Babable 20180918
Baidu 20190215
BitDefender 20190301
Bkav 20190301
CAT-QuickHeal 20190228
ClamAV 20190228
CMC 20190301
Comodo 20190301
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190301
Cyren 20190301
DrWeb 20190301
eGambit 20190301
Emsisoft 20190301
Endgame 20190215
ESET-NOD32 20190301
F-Prot 20190301
F-Secure 20190301
Fortinet 20190301
GData 20190301
Ikarus 20190301
Sophos ML 20181128
Jiangmin 20190301
K7AntiVirus 20190301
K7GW 20190301
Kaspersky 20190301
Malwarebytes 20190301
MAX 20190301
McAfee 20190301
McAfee-GW-Edition 20190301
Microsoft 20190301
eScan 20190301
NANO-Antivirus 20190301
Palo Alto Networks (Known Signatures) 20190301
Panda 20190301
Qihoo-360 20190301
Rising 20190301
SentinelOne (Static ML) 20190203
Sophos AV 20190301
SUPERAntiSpyware 20190227
Symantec 20190301
Symantec Mobile Insight 20190220
TACHYON 20190301
Tencent 20190301
TheHacker 20190225
TotalDefense 20190301
Trapmine 20190301
TrendMicro 20190301
TrendMicro-HouseCall 20190301
Trustlook 20190301
VBA32 20190301
ViRobot 20190301
Webroot 20190301
Yandex 20190228
Zillya 20190228
ZoneAlarm by Check Point 20190301
Zoner 20190228
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright

File version
Description AntiFreeze Setup
Comments This installation was built with Inno Setup.
Packers identified
F-PROT INNO, appended, Unicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 1992-06-19 22:22:17
Entry Point 0x00009A54
Number of sections 8
PE sections
Overlays
MD5 797dfbf0f7cb6b8d5d5e6efd3c1a37aa
File type data
Offset 53248
Size 780291
Entropy 8.00
PE imports
LookupPrivilegeValueA
RegCloseKey
OpenProcessToken
RegQueryValueExA
AdjustTokenPrivileges
RegOpenKeyExA
InitCommonControls
GetSystemTime
GetLastError
GetEnvironmentVariableA
GetStdHandle
EnterCriticalSection
GetUserDefaultLangID
GetSystemInfo
GetFileAttributesA
GetExitCodeProcess
ExitProcess
CreateDirectoryA
VirtualProtect
GetVersionExA
RemoveDirectoryA
RtlUnwind
LoadLibraryA
DeleteCriticalSection
GetCurrentProcess
SizeofResource
GetLocaleInfoA
LocalAlloc
LockResource
IsDBCSLeadByte
DeleteFileA
GetWindowsDirectoryA
GetSystemDefaultLCID
SetErrorMode
MultiByteToWideChar
GetCommandLineA
GetProcAddress
FormatMessageA
SetFilePointer
RaiseException
WideCharToMultiByte
GetModuleHandleA
ReadFile
InterlockedExchange
WriteFile
CloseHandle
GetACP
GetFullPathNameA
LocalFree
CreateProcessA
GetModuleFileNameA
InitializeCriticalSection
LoadResource
VirtualQuery
VirtualFree
TlsGetValue
Sleep
GetFileType
SetEndOfFile
TlsSetValue
CreateFileA
FindResourceA
VirtualAlloc
GetFileSize
SetLastError
LeaveCriticalSection
SysStringLen
SysAllocStringLen
VariantCopyInd
VariantClear
VariantChangeTypeEx
CharPrevA
CreateWindowExA
LoadStringA
DispatchMessageA
CallWindowProcA
MessageBoxA
PeekMessageA
SetWindowLongA
MsgWaitForMultipleObjects
TranslateMessage
ExitWindowsEx
DestroyWindow
Number of PE resources by type
RT_STRING 6
RT_ICON 4
RT_MANIFEST 1
RT_RCDATA 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 7
DUTCH 4
ENGLISH US 3
PE resources
ExifTool file metadata
UninitializedDataSize
0

Comments
This installation was built with Inno Setup.

LinkerVersion
2.25

ImageVersion
0.0

FileVersionNumber
0.0.0.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
AntiFreeze Setup

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

InitializedDataSize
17408

EntryPoint
0x9a54

MIMEType
application/octet-stream

TimeStamp
1992:06:20 00:22:17+02:00

FileType
Win32 EXE

PEType
PE32

SubsystemVersion
4.0

OSVersion
1.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Resplendence Software Projects Sp.

CodeSize
37376

FileSubtype
0

ProductVersionNumber
0.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 25b7a2bf69382e41791ba9103f49e11c
SHA1 487e4de07878d97b285d2f5fc647467b02892b6a
SHA256 28f3d4d2098a87579268669974071f5050efa48dc1e7aa505e758999d5f713ee
ssdeep
12288:Z2UBU+4S7+qKfP4MEV3GDSCt+cFWU8NJ3sBWnXr+WNNynWD6Yy:Z2UayECVUhFkJqOMM6r

authentihash f076a8b3b2ca4ebbb56b974d64b6a7850cce93c62c19b6d2463e59dcbe4228b3
imphash 884310b1928934402ea6fec1dbd3cf5e
File size 814.0 KB ( 833539 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable PowerBASIC/Win 9.x (50.8%)
Inno Setup installer (37.6%)
Win32 Executable Delphi generic (4.8%)
Win32 Dynamic Link Library (generic) (2.2%)
Win32 Executable (generic) (1.5%)
Tags
peexe overlay software-collection

VirusTotal metadata
First submission 2007-12-24 13:03:18 UTC ( 11 years, 2 months ago )
Last submission 2018-07-28 13:07:49 UTC ( 7 months, 3 weeks ago )
File names A进程antiFreezeSetup.exe
antifreezesetup.exe
file
25b7a2bf69382e41791ba9103f49e11c
antiFreezeSetup.exe
ce1cad5de454bcb6edec724459125b8805d718b8057b6d09938637d8a013a82ac74d185be092d7bac31974585f8f71080f56acf7c39d9896693f359736aba24e
smona132368557795266364072
antifreeze_101.exe
antifreezeSetup.exe
antifreeze.exe
antiFreezeSetup (1).exe
antifreezeSetup.exe
Resplendence AntiFreeze_1.01.exe
antiFreezeSetup_2.exe
63067992_ANTIFREEZESETUP.EXE
antifreeze-1-01-en-win.exe
test.exe
file
10009560
output.23722483.txt
file-628817_exe
25b7a2bf69382e41791ba9103f49e11c_INF3063.tmp
23722483
antiFreezeSetup.exe
antifreezesetup.exe
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
dll-injection

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!