» mountain lakes (full version).exe
Overview
Analysis
File Details

mountain lakes (full version).exe

Freeze.com, LLC

This is the InstallX/InstallIQ download manager and installer that will bundle offers during setup for additional PUPs and other unwanted software. The application mountain lakes (full version).exe by Freeze.com has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Wise Installer installer.

File name:

Publisher:

Freeze.com, LLC (signed and verified)

MD5:

8499e4f12c6659a818d446fd81a31ccf

SHA-1:

7639194f3b3b4d4a166ab6a767dda11ca0c37eec

SHA-256:

41ab83e9635aac0631f1f500953f2601cccebf88b9d7414ae1c56c361cd2027e

Scanner detections:

1 / 68

Status:

Adware

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

5/5/2024 7:27:22 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallX (M)

16.10.16.8

File size:

5.3 MB (5,512,312 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Wise Installer

Language:

English (United States)

Common path:

C:\users\{user}\downloads\freeze.com\freeze.com\mountain lakes (full version).exe

Digital Signature

Signed by:

Freeze.com, LLC

Authority:

VeriSign, Inc.

Valid from:

1/29/2004 7:00:00 PM

Valid to:

1/29/2005 6:59:59 PM

Subject:

CN="Freeze.com, LLC", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Freeze.com, LLC", L=Waite Park, S=MN, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2001 CA, OU=Terms of use at https://www.verisign.com/rpa (c)01, OU=VeriSign Trust Network, O="VeriSign, Inc."

Serial number:

08E8C10EC02DE5E4FB3201F9EBFB1E0C

File PE Metadata

Compilation timestamp:

4/8/1999 4:24:47 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

98304:jWnIsu3oN4gWOJGBwsrH7CHgJQ3CHgJQ9jh5MasIH7CHgJQ3CHgJQ9/MrQKph597:jWshgWt9L7CT3CTlh5067CT3CTuQIh5V

Entry address:

0x1000

Entry point:

55, 8B, EC, 81, EC, 78, 05, 00, 00, 53, 56, BE, 04, 01, 00, 00, 57, 8D, 85, 94, FD, FF, FF, 56, 33, DB, 50, 53, FF, 15, 34, 20, 40, 00, 8D, 85, 94, FD, FF, FF, 56, 50, 8D, 85, 94, FD, FF, FF, 50, FF, 15, 30, 20, 40, 00, 8B, 3D, 2C, 20, 40, 00, 53, 53, 6A, 03, 53, 6A, 01, 8D, 85, 94, FD, FF, FF, 68, 00, 00, 00, 80, 50, FF, D7, 83, F8, FF, 89, 45, FC, 0F, 84, 7B, 01, 00, 00, 8D, 85, 90, FC, FF, FF, 50, 56, FF, 15, 28, 20, 40, 00, 8D, 85, 98, FE, FF, FF, 50, 53, 8D, 85, 90, FC, FF, FF, 68, 10, 30, 40, 00, 50... 
[+]

Entropy:

7.9835

Packer / compiler:

Wise Installer Stub

Code size:

512 Bytes (512 bytes)

Remove mountain lakes (full version).exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.