» facebook_watch_video.exe
Overview
Analysis
File Details
Downloads (2)

facebook_watch_video.exe

Project1

The executable facebook_watch_video.exe has been detected as malware by 21 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from storage.googleapis.com and multiple other hosts.

File name:

Product:

Project1

Version:

1.00

MD5:

25c6a50330ca0fd83b7d5bc314e6a0ae

SHA-1:

e202692cfb58c6dbf62e473b48f8899a2b1af400

SHA-256:

dcf713f75ad153d3d321f5d088fa99d6d947c09dacfbff05ec4345a97b7b61d6

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/24/2024 9:37:01 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.539234

721

Avira AntiVirus

TR/Kazy.684032.11

7.11.207.154

avast!

Win32:Malware-gen

2014.9-150213

AVG

Downloader.VB

2016.0.3199

Baidu Antivirus

Trojan.Win32.VB

4.0.3.15213

Bitdefender

Gen:Variant.Kazy.539234

1.0.20.220

Dr.Web

Trojan.DownLoader12.18154

9.0.1.044

Emsisoft Anti-Malware

Gen:Variant.Kazy.539234

8.15.02.13.02

ESET NOD32

Win32/TrojanDownloader.VB.QQT

9.11128

Fortinet FortiGate

W32/Downloader_x.MM!tr

2/13/2015

F-Secure

Gen:Variant.Kazy.539234

11.2015-13-02_6

G Data

Gen:Variant.Kazy.539234

15.2.25

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.6.0

K7 AntiVirus

DoS-Trojan

13.193.14871

Malwarebytes

Trojan.Agent

v2015.02.13.02

McAfee

RDN/Generic Downloader.x!mm

5600.6855

MicroWorld eScan

Gen:Variant.Kazy.539234

16.0.0.132

Norman

Suspicious_Gen5.BCHIP

11.20150213

Panda Antivirus

Trj/CI.A

15.02.13.02

Trend Micro House Call

TROJ_GEN.R047H09AN15

7.2.44

VIPRE Antivirus

Trojan.Win32.Generic

37282

File size:

668 KB (684,032 bytes)

Product version:

1.00

Original file name:

urko.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\facebook_watch_video.exe

File PE Metadata

Compilation timestamp:

1/23/2015 4:31:08 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:aLMeRhpwdeRPPuVzRkVdWUMgKwOMwPuTVln3sYzrpYWa1CmrMbvSYsWLniikQ/Bq:SNRRRPPuX0DU/5XINRRRPPuX0DU/5X

Entry address:

0x1294

Entry point:

68, 48, 26, 45, 00, E8, EE, FF, FF, FF, 00, 00, 48, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, DB, 8C, 9B, 53, 7A, 13, 16, 41, A8, 5C, AA, E7, D4, EE, BE, 5A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 01, 00, 00, 00, B0, 67, 34, 48, AA, 5C, 29, 4D, B5, C6, C7, 90, D2, 6A, 9D, CE, 01, 00, 00, 00, A8, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

332 KB (339,968 bytes)

The file facebook_watch_video.exe has been seen being distributed by the following 2 URLs.

http://storage.googleapis.com/.../Facebook_watch_video.exe

Remove facebook_watch_video.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.