× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 9a1dec25be4057fe3e00cd5a3bce4177f266e5afb9161ef44a33fda02657cf2d
File name: ezfree.exe
Detection ratio: 0 / 62
Analysis date: 2017-06-08 14:14:26 UTC ( 2 weeks, 2 days ago ) View latest
Antivirus Result Update
Ad-Aware 20170608
AegisLab 20170608
AhnLab-V3 20170607
Alibaba 20170608
ALYac 20170608
Antiy-AVL 20170608
Arcabit 20170608
Avast 20170608
AVG 20170608
Avira (no cloud) 20170608
AVware 20170608
Baidu 20170608
BitDefender 20170608
Bkav 20170608
CAT-QuickHeal 20170607
ClamAV 20170608
CMC 20170608
Comodo 20170608
CrowdStrike Falcon (ML) 20170420
Cyren 20170608
DrWeb 20170608
Emsisoft 20170608
Endgame 20170515
ESET-NOD32 20170608
F-Prot 20170608
F-Secure 20170608
Fortinet 20170608
GData 20170608
Ikarus 20170608
Invincea 20170607
Jiangmin 20170608
K7AntiVirus 20170608
K7GW 20170608
Kaspersky 20170608
Kingsoft 20170608
Malwarebytes 20170608
McAfee 20170608
McAfee-GW-Edition 20170607
Microsoft 20170608
eScan 20170608
NANO-Antivirus 20170608
nProtect 20170608
Palo Alto Networks (Known Signatures) 20170608
Panda 20170608
Qihoo-360 20170608
Rising None
SentinelOne (Static ML) 20170516
Sophos 20170608
SUPERAntiSpyware 20170608
Symantec 20170608
Symantec Mobile Insight 20170608
Tencent 20170608
TheHacker 20170607
TotalDefense 20170608
TrendMicro 20170608
TrendMicro-HouseCall 20170608
Trustlook 20170608
VBA32 20170608
VIPRE 20170608
ViRobot 20170608
Webroot 20170608
WhiteArmor 20170608
Yandex 20170608
Zillya 20170607
ZoneAlarm by Check Point 20170608
Zoner 20170608
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright © 2001-2017 ATConsulting LLC

Product E-Z Audit
Original name ezfree.exe
Internal name ezfree
File version 15.99.7002
Description E-Z Audit Free Audit Tool
Comments Non-Commercial Use Only.
Signature verification Signed file, verified signature
Signing date 5:53 PM 5/31/2017
Signers
[+] ATConsulting LLC
Status Valid
Issuer DigiCert SHA2 Assured ID Code Signing CA
Valid from 1:00 AM 12/30/2015
Valid to 1:00 PM 1/3/2019
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 39972728467C45301D7AB8AFBA7A2F08692DE26B
Serial number 03 FD CA EA BC F5 68 02 2C 1A 2D 05 A6 B8 8B E0
[+] DigiCert SHA2 Assured ID Code Signing CA
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 PM 10/22/2013
Valid to 1:00 PM 10/22/2028
Valid usage Code Signing
Algorithm sha256RSA
Thumbprint 92C1588E85AF2201CE7915E8538B492F605B80C6
Serial number 04 09 18 1B 5F D5 BB 66 75 53 43 B5 6F 95 50 08
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Counter signers
[+] DigiCert Timestamp Responder
Status Valid
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 10/22/2014
Valid to 1:00 AM 10/22/2024
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 614D271D9102E30169822487FDE5DE00A352B01D
Serial number 03 01 9A 02 3A FF 58 B1 6B D6 D5 EA E6 17 F0 66
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-31 16:53:25
Entry Point 0x000040F0
Number of sections 3
PE sections
Overlays
MD5 c853e4c16c735dca683e7206d98844ac
File type data
Offset 1990656
Size 14464
Entropy 7.21
PE imports
_adj_fdivr_m64
Ord(546)
Ord(518)
Ord(537)
__vbaStrFixstr
__vbaFPException
__vbaVarTextTstNe
Ord(616)
Ord(527)
_adj_fprem
__vbaAryMove
__vbaObjVar
__vbaForEachVar
__vbaCyAdd
__vbaVarAnd
__vbaRedim
__vbaForEachCollObj
__vbaRecDestruct
_adj_fdiv_r
_allmul
__vbaRecAnsiToUni
__vbaChkstk
__vbaObjSetAddref
_adj_fdiv_m64
__vbaHresultCheckObj
__vbaI2Var
__vbaR8Str
_CIlog
__vbaVarMul
__vbaVarTextCmpEq
Ord(595)
__vbaVarLateMemCallLd
_adj_fptan
__vbaFileClose
Ord(581)
__vbaI4Var
__vbaRecUniToAnsi
Ord(608)
__vbaFreeStr
__vbaVarTextCmpNe
Ord(631)
__vbaStrI2
__vbaStrR8
__vbaStrI4
Ord(709)
__vbaFreeStrList
__vbaI2I4
_adj_fdiv_m16i
__vbaStrDate
EVENT_SINK_QueryInterface
Ord(617)
Ord(648)
Ord(516)
__vbaR8Cy
__vbaVarTextCmpGt
__vbaNextEachVar
Ord(607)
__vbaLenBstr
Ord(525)
__vbaRedimPreserve
Ord(561)
Ord(681)
__vbaStrToUnicode
__vbaCyStr
Ord(553)
__vbaInStr
_adj_fdiv_m32i
Ord(717)
Ord(600)
__vbaExceptHandler
__vbaSetSystemError
DllFunctionCall
__vbaPowerR8
__vbaUbound
__vbaVarTstLt
__vbaVarSetObjAddref
__vbaFreeVar
__vbaBoolVarNull
__vbaVargVarMove
__vbaDateStr
__vbaFileOpen
__vbaVarTextTstGt
_CIsin
Ord(711)
Ord(606)
__vbaNew
__vbaAryLock
__vbaLsetFixstr
__vbaVarTstEq
__vbaVarTextTstGe
Ord(704)
__vbaVarFix
__vbaVarDiv
__vbaOnError
_adj_fdivr_m32i
__vbaFpCy
Ord(541)
__vbaInStrVar
__vbaStrCat
__vbaVarDup
__vbaGenerateBoundsError
__vbaPrintFile
EVENT_SINK_Release
__vbaStrCmp
__vbaAryCopy
__vbaErase
__vbaBoolVar
__vbaVarLateMemSt
Ord(710)
__vbaStrVarCopy
__vbaFreeObjList
Ord(650)
Ord(592)
Ord(666)
__vbaVar2Vec
__vbaVarForNext
__vbaFreeVarList
__vbaStrVarMove
Ord(626)
Ord(618)
__vbaExitProc
Ord(542)
__vbaVarOr
__vbaVarTstNe
__vbaLateMemCallLd
__vbaCySub
__vbaAryConstruct2
Ord(520)
__vbaFreeObj
_adj_fdivr_m32
__vbaStrVarVal
__vbaVarSub
Ord(660)
__vbaVarTstGt
__vbaVarIdiv
_CIcos
Ord(716)
__vbaDateVar
Ord(685)
Ord(528)
Ord(705)
__vbaStrErrVarCopy
__vbaExitEachVar
__vbaVarCmpNe
__vbaVarMove
__vbaFPInt
__vbaErrorOverflow
__vbaNew2
__vbaAryUnlock
__vbaVarCmpEq
__vbaAryDestruct
__vbaStrMove
_adj_fprem1
Ord(619)
_adj_fdiv_m32
Ord(560)
__vbaLenVar
__vbaCyI4
__vbaEnd
__vbaPutOwner3
__vbaVarCat
Ord(712)
__vbaVarTextTstEq
__vbaVarLateMemCallLdRf
_adj_fpatan
EVENT_SINK_AddRef
__vbaVarSetVar
__vbaVarTextTstLt
__vbaVarForInit
__vbaVarVargNofree
__vbaCyMulI2
__vbaStrCopy
Ord(702)
Ord(632)
__vbaStrTextCmp
__vbaAryVar
_adj_fdivr_m16i
__vbaVarAdd
Ord(100)
Ord(519)
__vbaNextEachCollObj
Ord(526)
_CIsqrt
__vbaVarCopy
_CIatan
Ord(662)
__vbaLateMemCall
Ord(573)
Ord(529)
__vbaObjSet
__vbaVarTextCmpLt
__vbaVarCmpLt
Ord(644)
__vbaDateR8
_CIexp
__vbaStrToAnsi
_CItan
__vbaFpI4
Ord(598)
Ord(545)
Number of PE resources by type
RT_ICON 5
CUSTOM 2
RT_MANIFEST 1
RT_GROUP_ICON 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 6
ENGLISH US 4
PE resources
ExifTool file metadata
LegalTrademarks
E-Z Audit is a Registered Trademark of ATConsulting LLC

SubsystemVersion
4.0

Comments
Non-Commercial Use Only.

LinkerVersion
6.0

ImageVersion
15.99

FileSubtype
0

FileVersionNumber
15.99.0.7002

LanguageCode
English (U.S.)

FileFlagsMask
0x0000

FileDescription
E-Z Audit Free Audit Tool

CharacterSet
Unicode

InitializedDataSize
692224

EntryPoint
0x40f0

OriginalFileName
ezfree.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2001-2017 ATConsulting LLC

FileVersion
15.99.7002

TimeStamp
2017:05:31 17:53:25+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
ezfree

ProductVersion
15.99.7002

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
ATConsulting, LLC

CodeSize
1302528

ProductName
E-Z Audit

ProductVersionNumber
15.99.0.7002

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 6068dd813823113f0c000973d87fb358
SHA1 323d2603547f269f6d460cd7c44326dee28628f5
SHA256 9a1dec25be4057fe3e00cd5a3bce4177f266e5afb9161ef44a33fda02657cf2d
ssdeep
12288:cB6tlGHU7aDxIB9z/lHq+kUz2e+x6ePeczcDe3eFXYQMt3W7G+3JtI+Z6Jty:FaD/+lz2e+I9my

authentihash f34d3a0dba4435da531ed364b53aea5b1758e3cb8dbdd82c2081f11c5797c42d
imphash 9835673d15e3edd7d1273a40c675abf5
File size 1.9 MB ( 2005120 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (63.9%)
Win32 Executable MS Visual C++ (generic) (24.3%)
Win32 Dynamic Link Library (generic) (5.1%)
Win32 Executable (generic) (3.5%)
Generic Win/DOS Executable (1.5%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2017-06-08 14:14:26 UTC ( 2 weeks, 2 days ago )
Last submission 2017-06-08 14:14:26 UTC ( 2 weeks, 2 days ago )
File names ezfree.exe
ezfree
ezfree.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!