» fb.exe
Overview
Analysis
File Details

fb.exe

Chit Chat For Facebook

Athena IT Limited

The application fb.exe, “Chit Chat For Facebook Setup ” by Athena IT Limited has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. Part of RelevantKnowledge, a program typically installed via a software bundle (with the user's knowledge should they read the EULA) and will run in the background collecting and monitoring information about the user's behavior in order to build an extensive profile.

File name:

fb.exe

Publisher:

ChitChat.org.uk (signed by Athena IT Limited)

Product:

Chit Chat For Facebook

Description:

Chit Chat For Facebook Setup

Version:

1.5

MD5:

e16af493afd925bd8b3836399ca06c52

SHA-1:

89a3e67cf676a6538b6ecd1d26d34e2683f533e2

SHA-256:

9e11920b3637c21ee640c9f4bceb93d0914c169ab8767f09ad1bc19a8bda32bd

Scanner detections:

22 / 68

Status:

Adware

Analysis date:

4/25/2024 1:42:21 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Relevant.BH

1047

Avira AntiVirus

ADSPY/NaviPromo.J

7.11.135.64

avast!

Win32:PUP-gen [PUP]

2014.9-140325

AVG

RelevantKnowledge

2015.0.3525

Bitdefender

Adware.Relevant.BH

1.0.20.420

Comodo Security

UnclassifiedMalware

17897

Dr.Web

Trojan.DownLoader7.55414

9.0.1.084

Emsisoft Anti-Malware

Adware.Relevant.BH

8.14.03.25.11

ESET NOD32

Win32/Adware.MarketScore

8.9511

Fortinet FortiGate

Riskware/RK

3/25/2014

F-Secure

Adware.Relevant.BH

11.2014-25-03_3

G Data

Adware.Relevant.BH

14.3.24

K7 AntiVirus

Unwanted-Program

13.176.11367

Kaspersky

not-a-virus:WebToolbar.Win32.RK

14.0.0.4118

Malwarebytes

Adware.RKN

v2014.03.25.11

MicroWorld eScan

Adware.Relevant.BH

15.0.0.252

NANO AntiVirus

Trojan.Win32.Relevant.cbpeni

0.28.0.58101

Norman

RelevantKnowledge.A

11.20140325

nProtect

Adware.Relevant.BH

14.03.06.01

Reason Heuristics

PUP.Installer.AthenaITLimited.C

14.8.31.22

Rising Antivirus

PE:Trojan.Win32.Generic.12F27416!317879318

23.00.65.14323

XVirus List

Win32.Detected

2.8.31

File size:

4.2 MB (4,440,728 bytes)

Product version:

1.5

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Digital Signature

Signed by:

Athena IT Limited

Authority:

COMODO CA Limited

Valid from:

12/8/2011 3:00:00 AM

Valid to:

12/8/2012 2:59:59 AM

Subject:

CN=Athena IT Limited, O=Athena IT Limited, STREET=3 Oakapple Close, STREET=Wanborough, L=Swindon, S=Wiltshire, PostalCode=SN4 0EW, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

008454067F555736D1BA816D7AFE42CE92

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

98304:R96GEQpIfWX1b+V6jB22++TIo6nyxEhgjVEeu:z6T8X1aVIwMhx0yI

Entry address:

0x9C40

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, 86, 94, FF, FF, E8, 8D, A6, FF, FF, E8, 1C, A9, FF, FF, E8, 53, C9, FF, FF, E8, 9A, C9, FF, FF, E8, C9, F2, FF, FF, E8, 30, F4, FF, FF, 33, C0, 55, 68, FC, A2, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, C5, A2, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 96, FE, FF, FF, E8, C9, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 83, CF, FF, FF, 8B, 55, F0, B8, E8, CD, 40, 00, E8, 32, 95, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E8, CD... 
[+]

Entropy:

7.9951

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

Remove fb.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.