home

FACE.exe

The application FACE.exe has been detected as a potentially unwanted program by 6 anti-malware scanners. The file has been seen being downloaded from b.gourlaouen.free.fr.
MD5:
aea27dcb376976edf0ffb218e7eb2885

SHA-1:
104ee3e6d3931db1fc79a4fdf905dcef1a1ef09c

SHA-256:
efd0c5f37bab9fddec7417387880a3f6972b7cd7db4e47c73826c9faf8aa0ce5

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 10:48:47 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
UnclassifiedMalware
16480

ESET NOD32
Win16/BadJoke
7.8479

Malwarebytes
BadJoke.NotFunny
v2013.08.29.12

McAfee
Joke-Caritas
5600.7181

NANO AntiVirus
Riskware.Win16.Joke.vlfjp
0.24.0.52848

Panda Antivirus
Joke/Caritas
13.08.29.12

File size:
8.3 KB (8,528 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\face.exe

File PE Metadata
OS version:
88.3316

OS bitness:
Win64

Subsystem:

Linker version:
2.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
96:vNJRKFSSXeQYJlPFsdNJjblhXGbUpRYoEXuvCanFJH:VvKFS0eQYJlPFsnhXzpR0Xuvp

Entry address:
0xEE00E6

Entry point:
4D, 5A, D1, 00, 03, 00, 00, 00, 20, 00, 00, 00, FF, FF, 07, 00, 00, 01, 65, 40, 00, 00, 00, 00, 40, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
4.7804

Code size:
256 KB (262,146 bytes)

The file FACE.exe has been seen being distributed by the following URL.

http://b.gourlaouen.free.fr/.../FACE.exe

Remove FACE.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.