» facebookvideocallsetup_v1.2.205.0.exe
Overview
Analysis
File Details
Downloads (1)

facebookvideocallsetup_v1.2.205.0.exe

Setup

Facebook, Inc.

This is a setup and installation application. The file has been seen being downloaded from apps.facebook.com.

File name:

Publisher:

Facebook Inc. (signed by Facebook, Inc.)

Product:

Setup

Version:

1.2.205.0

MD5:

d6effd5658db38b07ecdc177d98316de

SHA-1:

69ad3f836caf880dfbc3abd83ebf888a62d28e00

SHA-256:

9458193731bfd92556f941f0ed2b5a6c763e9038da61a91ee72791d168705298

Scanner detections:

7 / 68

Status:

Clean (7 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/19/2024 10:45:23 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Sality

2014.9-160213

McAfee

Artemis!2F357889DF51

5600.6491

Qihoo 360 Security

HEUR/QVM19.1.Malware.Gen

1.0.0.1015

Rising Antivirus

PE:Trojan.Agent!6.14E3

23.00.65.16211

Total Defense

Win32/Tnega.dICee

37.1.62.1

Trend Micro House Call

Suspicious_GEN.F47V0527

7.2.44

VIPRE Antivirus

Trojan.Win32.Generic!SB.0

40796

File size:

489.5 KB (501,248 bytes)

Product version:

1.2.205.0

Original file name:

Setup

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\facebookvideocallsetup_v1.2.205.0.exe

Digital Signature

Signed by:

Facebook, Inc.

Authority:

VeriSign, Inc.

Valid from:

6/19/2012 2:00:00 AM

Valid to:

6/20/2015 1:59:59 AM

Subject:

CN="Facebook, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Facebook, Inc.", L=Menlo Park, S=California, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

27878083400DB86D07DBAB6B43FBA49C

File PE Metadata

Compilation timestamp:

7/2/2012 11:06:59 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:dqPPUO8GsWlkaEEsev50ngJOEi6U/9lAArgD+V:MG47XvbEEK

Entry address:

0x1000

Entry point:

55, 8B, EC, 83, EC, 44, 53, 56, 57, FF, 15, 04, 50, 40, 00, 8B, F0, 8A, 06, 6A, 20, 5B, 3C, 22, 74, 0F, 3A, C3, 76, 1D, 46, 38, 1E, 77, FB, EB, 16, 3C, 22, 74, 11, 46, 8A, 06, 84, C0, 75, F5, 3C, 22, 75, 07, EB, 04, 3A, C3, 77, 07, 46, 8A, 06, 84, C0, 75, F5, 83, 65, E8, 00, 8D, 45, BC, 50, FF, 15, 08, 50, 40, 00, 68, 80, 00, 00, 00, 6A, 08, 89, 1D, D4, 61, 40, 00, FF, 15, 18, 50, 40, 00, 50, FF, 15, 14, 50, 40, 00, A3, D0, 61, 40, 00, B8, 00, 60, 40, 00, BF, 14, 60, 40, 00, 8B, D8, 3B, C7, 73, 0F, 8B, 03... 
[+]

Entropy:

7.9262

Developed / compiled with:

Microsoft Visual C++

Code size:

13.5 KB (13,824 bytes)

The file facebookvideocallsetup_v1.2.205.0.exe has been seen being distributed by the following URL.

https://apps.facebook.com/chat/.../videocalldownload.php

Scan facebookvideocallsetup_v1.2.205.0.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.