» facemoodssrv.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

facemoodssrv.exe

facemoods

Volonet Ltd

The application facemoodssrv.exe by Volonet has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘facemoods’. This file is typically installed with the program Facemoods Toolbar by Facemoods which is a potentially unwanted software program.

File name:

facemoodssrv.exe

Publisher:

facemoods.com (signed by Volonet Ltd)

Product:

facemoods

Version:

1.4.17.0

MD5:

e83686c5f2273f8a7561897dd5f4e570

SHA-1:

c76ed56e82c3198c4948c84a372886bb9bf3c822

SHA-256:

856b3b38f679af08a54656a9e820702602e832ffae2e66c8c903891140a7ba23

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/25/2024 4:59:55 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP (M)

17.1.15.3

File size:

353.7 KB (362,200 bytes)

Product version:

1.4.17.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe

Digital Signature

Signed by:

Volonet Ltd

Authority:

The USERTRUST Network

Valid from:

11/24/2010 1:00:00 AM

Valid to:

11/24/2012 12:59:59 AM

Subject:

CN=Volonet Ltd, O=Volonet Ltd, STREET=hazfira 19, L=Tel-Aviv, S=Israel, PostalCode=67778, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

27228002C4368B8985B0D57BC7FE75CC

File PE Metadata

Compilation timestamp:

10/7/2010 8:28:37 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

7.10

Entry address:

0x2368B

Entry point:

6A, 60, 68, C8, 6B, 43, 00, E8, 89, 0B, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 3D, F9, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 00, 42, 43, 00, 8B, 4E, 10, 89, 0D, 78, 19, 44, 00, 8B, 46, 04, A3, 84, 19, 44, 00, 8B, 56, 08, 89, 15, 88, 19, 44, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 7C, 19, 44, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 7C, 19, 44, 00, C1, E0, 08, 03, C2, A3, 80, 19, 44, 00, 33, F6, 56, 8B, 3D, 78, 40, 43, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03... 
[+]

Developed / compiled with:

Microsoft Visual C++ v7.0

Code size:

204 KB (208,896 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

facemoods

Command:

"C:\Program Files\facemoods.com\facemoods\1.4.17.11\facemoodssrv.exe" \md i

The file facemoodssrv.exe has been discovered within the following program.

Facemoods Toolbar by Facemoods

Installs a Mindspark toolbar in your Web browser that collects and stores information about your web browsing habits and sends this information to Mindspark so they can suggest services or provide ads via the toolbar.

home.funmoods.com

80% remove it

Remove facemoodssrv.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.