» facebookcrashhandler.exe
Overview
Analysis
File Details

facebookcrashhandler.exe

Facebook Update

Facebook Inc.

The executable facebookcrashhandler.exe, “Facebook Installer” has been detected as malware by 8 anti-virus scanners.

File name:

Publisher:

Facebook Inc.

Product:

Facebook Update

Description:

Facebook Installer

Version:

1.2.205.0

MD5:

078423dbe6f09eba094b246f95cee689

SHA-1:

786f3e608766b069b25f879811dbd3ba73eaf161

SHA-256:

c48d023dd0891866b05ad47a44e6d172bd473bedfeee9ee320e30271ecc96f5f

Scanner detections:

8 / 68

Status:

Malware

Analysis date:

4/30/2024 9:05:55 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Patched.Gen

7.11.30.172

avast!

Win32:Evo-gen [Susp]

150319-1

Clam AntiVirus

Win.Worm.Chir-343

0.98/19289

herdProtect (fuzzy)

variant of facebookupdate.exe

2015.7.26.10

Qihoo 360 Security

HEUR/QVM10.1.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.GenericKDV!6.B5C

23.00.65.15724

Trend Micro House Call

Suspicious_GEN.F47V0425

7.2.140

VIPRE Antivirus

Threat.4150696

39354

File size:

129 KB (132,096 bytes)

Product version:

1.2.205.0

Original file name:

FacebookUpdate.exe

File type:

Executable application (Win32 EXE)

Language:

Spanish

Common path:

C:\Documents and Settings\{user}\Application data\facebook\update\1.2.205.0\facebookcrashhandler.exe

File PE Metadata

Compilation timestamp:

7/6/2012 11:50:19 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:jQEqFLILekfYQFZQ1I+qmQ3oanPZqulpVlM70jpmEXVIhj4ouaAWMIOcPiv79QHK:VqFLIqkf5uI+04oAUraC3chVRnRgIe

Entry address:

0x4FB6

Entry point:

E8, 3C, 24, 00, 00, E9, 79, FE, FF, FF, 6A, 0C, 68, A8, 30, 41, 00, E8, 84, 00, 00, 00, 8B, 75, 08, 85, F6, 74, 75, 83, 3D, DC, 0C, 41, 00, 03, 75, 43, 6A, 04, E8, 26, 26, 00, 00, 59, 83, 65, FC, 00, 56, E8, 4E, 26, 00, 00, 59, 89, 45, E4, 85, C0, 74, 09, 56, 50, E8, 6F, 26, 00, 00, 59, 59, C7, 45, FC, FE, FF, FF, FF, E8, 0B, 00, 00, 00, 83, 7D, E4, 00, 75, 37, FF, 75, 08, EB, 0A, 6A, 04, E8, 12, 25, 00, 00, 59, C3, 56, 6A, 00, FF, 35, 34, F7, 40, 00, FF, 15, 90, 10, 41, 00, 85, C0, 75, 16, E8, 00, 07, 00... 
[+]

Entropy:

5.6734

Code size:

52 KB (53,248 bytes)

Remove facebookcrashhandler.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.