facebookmessengersetup_v1.2.205.0.exe

Setup

Facebook Inc.

The executable facebookmessengersetup_v1.2.205.0.exe has been detected as malware by 3 anti-virus scanners. This is a setup and installation application, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from dragon.ak.fbcdn.net.
Publisher:
Facebook Inc.

Product:
Setup

Version:
1.2.205.0

MD5:
4a09baf1bee21ba29286ade43c72d15a

SHA-1:
e0d296ac36f59c608ba4445c4712736e5d6abd6a

SHA-256:
292c6f5ffa3347d7e4cc07163be84a8e4abe31d4b618827a37aee5013f09013f

Scanner detections:
3 / 68

Status:
Malware

Analysis date:
12/12/2017 2:04:41 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Sality.NBA virus
8.0.319.0

Norman
Win32.Sality.3
28.05.2016 15:32:18

VIPRE Antivirus
Threat.4721115
50690

File size:
2.7 MB (2,811,384 bytes)

Product version:
1.2.205.0

Copyright:
Copyright 2011 Facebook, Inc.

Original file name:
Setup

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\facebookmessengersetup_v1.2.205.0.exe

File PE Metadata
Compilation timestamp:
7/3/2012 4:06:59 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:MqPPUO8GsWlkaEEsev50ngJOEi6U/9lAArgD+VnrDNmWCjB2:5G47XvbEEKnrD7CN2

Entry address:
0x1000

Entry point:
FE, C8, 8B, D5, 8A, D1, 70, 06, 86, C2, 0A, FB, 8A, C7, 8B, F2, 87, DD, 56, 87, FF, 87, D2, 6A, 00, 59, 3D, D7, 96, 52, EA, 69, F6, 2C, 76, 4F, E7, 85, EF, 8D, 2D, BD, 31, D8, 7D, 8B, C3, 05, 4E, 8E, 86, FE, 70, 0D, 8D, 2D, 5F, 30, 55, 8A, BE, 4B, FB, 5A, ED, 0A, FF, BA, 00, 00, 00, 00, 48, BA, E4, F4, FF, FF, F6, C6, 02, C6, C3, 4E, 81, C2, 90, 0A, 00, 00, 20, F7, 0F, C1, D1, 14, 0F, 81, C1, 8D, 00, 00, 00, 0F, BF, EF, 8D, 35, C2, D6, 2B, A7, 87, D0, B7, EC, 80, EF, 0F, F7, C2, A0, 20, 59, 83, 8D, 35, B3...
 
[+]

Code size:
13.5 KB (13,824 bytes)

The file facebookmessengersetup_v1.2.205.0.exe has been seen being distributed by the following URL.

Remove facebookmessengersetup_v1.2.205.0.exe - Powered by Reason Core Security