» ccffacebook.exe
Overview
Analysis
File Details
Behaviors (1)

ccffacebook.exe

Plura Processing L.P.

The executable ccffacebook.exe has been detected as malware by 10 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Chit Chat for Facebook’.

File name:

ccffacebook.exe

Publisher:

Plura Processing L.P. (signed and verified)

Version:

1.6.0.0

MD5:

c52c2971d5d51be71927c7d3dd070972

SHA-1:

ea9bea3aca4c5695e667ea49710fa1d42c79a0ae

SHA-256:

f241105047b85033c7465f975e8eb68d7f5ea8e5480664b5f739850721dbdfb8

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

4/27/2024 12:35:44 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Vitro

160215-2

Dr.Web

Win32.Virut.56

9.0.1.05190

ESET NOD32

Win32/Virut.NBP virus

8.0.319.0

F-Prot

W32/Virut.AI!Generic

4.6.5.141

Kaspersky

Virus.Win32.Virut

15.0.0.562

McAfee

Virus.W32/Virut.n.gen

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.215.2433.0

Norman

Win32.Virtob.Gen.12

29.02.2016 05:46:54

Sophos

Virus 'W32/Scribble-B'

5.23

VIPRE Antivirus

Threat.4120919

47432

File size:

5.4 MB (5,712,384 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\chit chat for facebook\ccffacebook.exe

Digital Signature

Signed by:

Plura Processing L.P.

Authority:

VeriSign, Inc.

Valid from:

8/3/2011 5:00:00 PM

Valid to:

9/7/2012 4:59:59 PM

Subject:

CN=Plura Processing L.P., OU=Digital ID Class 3 - Java Object Signing, O=Plura Processing L.P., L=Houston, S=Texas, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

30D0E143F198F2579B16E47EDA3E16AB

File PE Metadata

Compilation timestamp:

12/24/2092 5:34:43 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:1Auly6P6whnScCNM1CSX+tf6FfA3PjHyG6Syl2n93kBmXTnOTyTN5wLM61OzL+d0:VlHhhnlC+FfA3PeSP9wmX55WM61OPX

Entry address:

0x5D956F

Entry point:

83, EC, 2C, FC, E8, 2D, 02, 00, 00, 03, 5C, 24, FC, 2A, DB, 81, EB, 80, 00, 00, 00, 0F, B7, 8B, BC, 1B, 00, 00, 81, E9, 00, 0A, 00, 00, 0F, 87, E7, FF, FF, FF, 66, 83, BC, 19, 81, 25, 00, 00, 45, 96, 75, DB, 90, 8A, C6, FC, EB, 43, 8D, 75, 22, FF, D0, E8, 80, FE, FF, FF, 42, F6, D6, 6A, 01, C7, 46, 14, 0C, 00, 00, 00, 8F, 46, 1C, 84, EA, 8D, 85, 27, FF, FF, FF, 11, F2, 83, CA, 5B, B1, A4, 89, 76, 18, 80, 46, 02, 04, 42, 81, E2, 43, 93, C7, FB, 8D, 76, 14, 50, 6A, 05, 6A, 03, E9, A7, FE, FF, FF, 8A, C7, 66... 
[+]

Entropy:

6.7587

Code size:

4 MB (4,172,288 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Chit Chat for Facebook

Command:

C:\Program Files\chit chat for facebook\ccffacebook.exe

Remove ccffacebook.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.