» antifreeze.exe
Overview
Analysis
File Details
Behaviors (1)

antifreeze.exe

AntiFreeze

Daniel Terhell

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘AntiFreeze’.

File name:

antifreeze.exe

Publisher:

Resplendence Software Projects Sp. (signed by Daniel Terhell)

Product:

AntiFreeze

Description:

AntiFreeze hotkey application

Version:

1, 0, 0, 1

MD5:

18770d3d89473bb631c44fd301c2adf0

SHA-1:

17a4eef340393bbea77f996112f722d5192ad7fe

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/11/2024 2:07:48 AM UTC (today)

File size:

142.4 KB (145,840 bytes)

Product version:

1, 0, 0, 1

Original file name:

AF.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\antifreeze\antifreeze.exe

Digital Signature

Signed by:

Daniel Terhell

Authority:

GlobalSign nv-sa

Valid from:

6/4/2007 9:38:13 PM

Valid to:

6/4/2008 9:38:13 PM

Subject:

E=daniel@resplendence.com, CN=Daniel Terhell, C=IT

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

01000000000112F6BE1E50

File PE Metadata

Compilation timestamp:

11/9/2007 9:16:10 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:0tnWZSczeOtMt5CiF2ai8RPoROcH807mwdp:Un6eL5CiF2ai896vTp

Entry address:

0x2FB9

Entry point:

E8, 58, 29, 00, 00, E9, 16, FE, FF, FF, 8B, 44, 24, 04, A3, CC, DC, 40, 00, C3, 55, 8D, AC, 24, 58, FD, FF, FF, 81, EC, 28, 03, 00, 00, A1, 78, D1, 40, 00, 33, C5, 89, 85, A4, 02, 00, 00, 56, 89, 85, 88, 00, 00, 00, 89, 8D, 84, 00, 00, 00, 89, 95, 80, 00, 00, 00, 89, 5D, 7C, 89, 75, 78, 89, 7D, 74, 66, 8C, 95, A0, 00, 00, 00, 66, 8C, 8D, 94, 00, 00, 00, 66, 8C, 5D, 70, 66, 8C, 45, 6C, 66, 8C, 65, 68, 66, 8C, 6D, 64, 9C, 8F, 85, 98, 00, 00, 00, 8B, B5, AC, 02, 00, 00, 8D, 85, AC, 02, 00, 00, 89, 85, 9C, 00... 
[+]

Entropy:

6.1933

Code size:

33 KB (33,792 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

AntiFreeze

Command:

C:\Program Files\antifreeze\antifreeze.exe \splash

Scan antifreeze.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.