× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4767e63c2cc206d719e8740d4bcf0422413357b72a354aa1c5cf5c835cb03f8f
File name: b451a3f4fd592ff83be613e812c289aa
Detection ratio: 18 / 54
Analysis date: 2014-08-30 15:52:11 UTC ( 4 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.1829832 20140830
AhnLab-V3 Dropper/Win32.Necurs 20140830
Avast Win32:Malware-gen 20140830
AVG Crypt3.AMBM 20140830
BitDefender Trojan.GenericKD.1829832 20140830
Emsisoft Trojan.GenericKD.1829832 (B) 20140830
ESET-NOD32 a variant of Win32/Kryptik.CJVR 20140830
F-Secure Trojan.GenericKD.1829832 20140830
GData Trojan.GenericKD.1829832 20140830
Kaspersky Trojan-Spy.Win32.Zbot.tybk 20140830
Kingsoft Win32.Troj.Zbot.ty.(kcloud) 20140830
Malwarebytes Trojan.Inject.ED 20140830
McAfee RDN/Generic PWS.y!b2w 20140830
Microsoft PWS:Win32/Zbot 20140830
eScan Trojan.GenericKD.1829832 20140830
Panda Trj/Chgt.E 20140830
Rising PE:Malware.XPACK-HIE/Heur!1.9C48 20140830
TrendMicro-HouseCall TROJ_GEN.R02SH01HS14 20140830
AegisLab 20140830
Yandex 20140829
AntiVir 20140830
Antiy-AVL 20140830
AVware 20140830
Baidu-International 20140830
Bkav 20140829
ByteHero 20140830
CAT-QuickHeal 20140830
ClamAV 20140830
CMC 20140828
Comodo 20140830
Cyren 20140829
DrWeb 20140830
F-Prot 20140830
Fortinet 20140830
Ikarus 20140830
Jiangmin 20140829
K7AntiVirus 20140830
K7GW 20140830
McAfee-GW-Edition 20140829
NANO-Antivirus 20140830
Norman 20140829
nProtect 20140829
Qihoo-360 20140830
Sophos AV 20140830
SUPERAntiSpyware 20140830
Symantec 20140830
Tencent 20140830
TheHacker 20140829
TotalDefense 20140830
TrendMicro 20140830
VBA32 20140829
ViRobot 20140830
Zillya 20140829
Zoner 20140829
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © 1999-2011 Faronics Corporation

Publisher Faronics Corporation
Product Deep Freeze 7.00
Original name WksInstall.exe
Internal name DfInstall.exe
File version 7.2.0.2
Description Workstation install program for Deep Freeze 7.00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-08-27 21:11:41
Entry Point 0x00005DC1
Number of sections 5
PE sections
PE imports
GetTokenInformation
RegCloseKey
OpenProcessToken
GetUserNameW
IsValidSid
RegQueryValueExA
OpenEventLogA
RegCreateKeyExA
ClearEventLogA
CloseEventLog
RegQueryInfoKeyA
InitCommonControlsEx
GetOpenFileNameA
CommDlgExtendedError
Polygon
CreatePen
SaveDC
TextOutA
GetTextMetricsA
CombineRgn
LineTo
RestoreDC
SetBkMode
SetTextColor
CreateEllipticRgn
MoveToEx
GetStockObject
ExtTextOutA
FloodFill
CreateRoundRectRgn
SetROP2
CreateRectRgn
SelectObject
CreateSolidBrush
DPtoLP
SetBkColor
DeleteObject
Ellipse
GetLastError
InitializeCriticalSection
HeapFree
GetSystemTimeAsFileTime
EnterCriticalSection
LCMapStringW
SetHandleCount
lstrlenA
LoadLibraryW
GetConsoleCP
GetOEMCP
QueryPerformanceCounter
IsDebuggerPresent
GetTickCount
TlsAlloc
GetVersionExA
GetEnvironmentStringsW
FlushFileBuffers
GetModuleFileNameA
WaitForSingleObject
RtlUnwind
LoadLibraryA
GetStdHandle
DeleteCriticalSection
GetCurrentProcess
GetCurrentDirectoryA
GetConsoleMode
DecodePointer
GetCurrentProcessId
WriteConsoleW
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetStartupInfoW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
GetCommandLineA
GetProcAddress
HeapSize
GetProcessTimes
SetStdHandle
RaiseException
GetCPInfo
GetModuleFileNameW
TlsFree
SetFilePointer
HeapSetInformation
ReadFile
CreateEventA
SetUnhandledExceptionFilter
WriteFile
CloseHandle
IsProcessorFeaturePresent
GetCompressedFileSizeA
GetThreadTimes
GetACP
HeapReAlloc
GetStringTypeW
GetModuleHandleW
GetCurrentThread
HeapAlloc
LocalFree
TerminateProcess
WideCharToMultiByte
IsValidCodePage
HeapCreate
lstrcpyA
CreateFileW
SetCurrentDirectoryA
GetPrivateProfileStringA
TlsGetValue
Sleep
GetFileType
TlsSetValue
CreateFileA
EncodePointer
GetCurrentThreadId
LeaveCriticalSection
ExitProcess
LocalAlloc
SetLastError
InterlockedIncrement
NetUserGetInfo
AccessibleObjectFromWindow
SysFreeString
VariantClear
VariantInit
SysAllocString
MapWindowPoints
RedrawWindow
GetMessagePos
SetWindowRgn
UpdateWindow
BeginPaint
GetClassNameW
FindWindowW
DefWindowProcA
KillTimer
GetClassInfoExA
DestroyMenu
GetUpdateRect
ShowWindow
ScreenToClient
GetForegroundWindow
LoadBitmapA
SetWindowPos
SendDlgItemMessageA
GetLastInputInfo
GetWindowRect
EnableWindow
SetCapture
ReleaseCapture
GetDlgItemTextA
WindowFromPoint
MessageBoxA
DialogBoxParamA
GetWindow
GetSysColor
SetDlgItemTextW
GetDC
RegisterClassExA
GetCursorPos
ReleaseDC
SetWindowTextA
ShowCaret
SendMessageA
IsWindowEnabled
GetClientRect
CreateWindowExA
GetDlgItem
IsWindow
IsIconic
RegisterClassA
InvalidateRect
InsertMenuA
DrawFocusRect
CreateMenu
LoadCursorA
LoadIconA
ClientToScreen
TranslateAcceleratorA
TranslateMDISysAccel
ValidateRect
IsRectEmpty
IsMenu
SetForegroundWindow
PtInRect
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
OpenPrinterA
DocumentPropertiesA
ClosePrinter
Ord(201)
WSAGetLastError
GdiplusStartup
CoUninitialize
CoInitializeEx
CoRegisterClassObject
CreateFileMoniker
CoRevokeClassObject
Number of PE resources by type
RT_ICON 6
RT_DIALOG 2
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 13
PE resources
ExifTool file metadata
SubsystemVersion
5.1

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
7.2.0.2

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
60416

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyright 1999-2011 Faronics Corporation

FileVersion
7.2.0.2

TimeStamp
2014:08:27 22:11:41+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
DfInstall.exe

FileAccessDate
2014:12:04 23:06:02+01:00

ProductVersion
7.2.0.2

FileDescription
Workstation install program for Deep Freeze 7.00

OSVersion
5.1

FileCreateDate
2014:12:04 23:06:02+01:00

OriginalFilename
WksInstall.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Faronics Corporation

CodeSize
201216

ProductName
Deep Freeze 7.00

ProductVersionNumber
7.2.0.2

EntryPoint
0x5dc1

ObjectFileType
Executable application

File identification
MD5 b451a3f4fd592ff83be613e812c289aa
SHA1 9c71342b1acf6f5a3905e6b6f8d9413283c4e9b2
SHA256 4767e63c2cc206d719e8740d4bcf0422413357b72a354aa1c5cf5c835cb03f8f
ssdeep
3072:29zXMM35IrJLqXtbMV0ZxZ98Mk5ZausauKdq6e5hywKEvIiuJZsbukloFzzk0W23:zVLqGV0fIMchsahdqHfKEvI7SLzjyrT

authentihash d491b8d58277f8384d7b00a1848deb12bcfc6f9da9e8490ca5d68dc51487d1c5
imphash fe5f5cda51a3421891b211e783dde23d
File size 256.5 KB ( 262656 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.1%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2014-08-30 15:52:11 UTC ( 4 years, 6 months ago )
Last submission 2014-08-30 15:52:11 UTC ( 4 years, 6 months ago )
File names b451a3f4fd592ff83be613e812c289aa
WksInstall.exe
DfInstall.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Deleted files
Created processes
Created mutexes
Opened mutexes
Hooking activity
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
The file installs an application-defined hook procedure into a hook chain. You would install a hook procedure to monitor the system for certain types of events. These events are associated either with a specific thread or with all threads in the same desktop as the calling thread. This is done making use of the SetWindowsHook Windows API function.
UDP communications