home

facebook-video.exe

Video Player - Facebook

The executable facebook-video.exe has been detected as malware by 31 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from bit.ly and multiple other hosts.
Publisher:
Video Player - Facebook

Product:
Video Player - Facebook

Version:
4.3.1.7

MD5:
43933dbad19fa3c3931d7598d4d373fe

SHA-1:
de0b4f1cf770ff1bac4af31d7e7ab0ea8b54b024

SHA-256:
ae56ab0320bbf2d5fdab784a2237dc84f15a8d89f3ad6545633b678a130a99cc

Scanner detections:
31 / 68

Status:
Malware

Analysis date:
4/27/2024 4:17:21 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1877399
319

AegisLab AV Signature
Uds.Dangerousobject.Multi!c
2.1.4+

Agnitum Outpost
Trojan.ExtenBro
7.1.1

Avira AntiVirus
TR/Dldr.Kivat.B.7
8.3.3.2

Arcabit
Trojan.Generic.D1CA597
1.0.0.656

avast!
Win32:Malware-gen
2014.9-160322

AVG
Downloader.MSIL
2017.0.2797

Baidu Antivirus
Trojan.MSIL.ExtenBro
4.0.3.16322

Bitdefender
Trojan.GenericKD.1877399
1.0.20.410

Comodo Security
UnclassifiedMalware
24350

Emsisoft Anti-Malware
Trojan.GenericKD.1877399
8.16.03.22.11

ESET NOD32
MSIL/ExtenBro (variant)
10.13094

Fortinet FortiGate
W32/ExtenBro.E!tr
3/22/2016

F-Secure
Trojan.GenericKD.1877399
11.2016-22-03_3

G Data
Trojan.GenericKD.1877399
16.3.25

IKARUS anti.virus
Trojan.MSIL.ExtenBro
t3scan.2.0.8.0

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.478

McAfee
Artemis!43933DBAD19F
5600.6453

Microsoft Security Essentials
TrojanDownloader:MSIL/Kivat.B
1.1.12400.0

MicroWorld eScan
Trojan.GenericKD.1877399
17.0.0.246

nProtect
Trojan.GenericKD.1877399
16.02.26.01

Panda Antivirus
Trj/CI.A
16.03.22.11

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1120

Quick Heal
TrojanDownloader.Kivat.r3
3.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16320

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_SPNR.28HA14
7.2.82

Trend Micro
TROJ_SPNR.28HA14
10.465.22

VIPRE Antivirus
Trojan.Win32.Generic
47502

ViRobot
Trojan.Win32.S.Agent.380416.CM[h]
2014.3.20.0

Zillya! Antivirus
Trojan.ExtenBro.Win32.4375
2.0.0.2690

File size:
371.5 KB (380,416 bytes)

Product version:
4.3.1.7

Copyright:
Video Player - Facebook

Original file name:
facebook-video.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\facebook-video.exe

File PE Metadata
Compilation timestamp:
7/18/2014 8:16:52 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:gDzL3CLPvZFcrL9LALgLwLUI376oHGPPEo84/CQNKd+KZ+10Kk1vhwCO7MXO:gDzLRhEk0h7kPC4/axKkXlOQXO

Entry address:
0x435FE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
262 KB (268,288 bytes)

The file facebook-video.exe has been seen being distributed by the following 2 URLs.

https://bit.ly/jsdag351

https://j.mp/facevideos

Remove facebook-video.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.