» frozenindexsprite.exe
Overview
Analysis
File Details
Behaviors (1)

frozenindexsprite.exe

The application frozenindexsprite.exe has been detected as a potentially unwanted program by 16 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “FrozenIndexSprite”. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup.

File name:

MD5:

7a1020815a586f4982c5177bafd9fe25

SHA-1:

2dca525be67670c831aa864c5a0100e3c833322b

SHA-256:

c6a168f7188f6e284b111864b78d4bb07841e09fe63a85bcccabc1a8b57d0057

Scanner detections:

16 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:

4/26/2024 6:00:50 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Generic.1007182

870

Avira AntiVirus

Adware/Pirrit.60965

7.11.171.32

avast!

Win32:Adware-gen [Adw]

2014.9-140917

Bitdefender

Rootkit.15286

1.0.20.1300

Emsisoft Anti-Malware

Adware.Generic.1007182

8.14.09.17.10

F-Prot

W32/A-e6ff616d

v6.4.7.1.166

F-Secure

Adware.Generic.1007182

11.2014-17-09_4

G Data

Adware.Generic.1007182

14.9.24

IKARUS anti.virus

AdWare.Pirrit

t3scan.1.7.5.0

Kaspersky

not-a-virus:AdWare.Win32.eDeals

14.0.0.3235

Malwarebytes

PUP.Optional.InstallMonetizer

v2014.09.17.10

McAfee

PUP-FNV

5600.7004

MicroWorld eScan

Rootkit.15286

15.0.0.780

nProtect

Trojan-Clicker/W32.eDeals.60453

14.09.16.01

Panda Antivirus

Trj/Genetic.gen

14.09.17.10

Reason Heuristics

Threat.Win.Reputation.IMP

14.9.17.22

File size:

59.5 KB (60,965 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\frozenindexsprite\frozenindexsprite.exe

File PE Metadata

Compilation timestamp:

8/21/2014 8:35:34 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

1536:iX1BpfEf9/Ue+14H8cZNboGeQ/HOrhH2D7D:6pEJURokGeQ/HOFHE

Entry address:

0x7FA6

Entry point:

E8, 3E, 05, 00, 00, E9, 63, FD, FF, FF, 6A, 14, 68, B0, C4, 40, 00, E8, 84, 04, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, 88, 05, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 7A, 04, 00, 00, C2, 10, 00, 6A, 0C, 68, D0, C4, 40, 00, E8, 26, 04, 00, 00, 83, 65, E4, 00, 8B, 75, 0C, 8B, C6, 0F, AF, 45... 
[+]

Code size:

33.5 KB (34,304 bytes)

Service

Display name:

FrozenIndexSprite

Description:

Enables users to manage connectivity and configuration.

Type:

Win32OwnProcess

Remove frozenindexsprite.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.