» fbautobackup.exe
Overview
Analysis
File Details
Behaviors (1)

fbautobackup.exe

Impressive Publishing

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘FBAutoBackup’.

File name:

fbautobackup.exe

Publisher:

Impressive Publishing (signed and verified)

MD5:

3d4179e4e6cf324d78a2c047553af72d

SHA-1:

f6fa45df2bc5ec7d194f43a3b9316608c6d14ad5

SHA-256:

3e8408de6121a3e52ee0301a85e1a62e7ae9606c6c0ef5ccb6695c1d1ceba767

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/5/2024 7:53:20 PM UTC (today)

File size:

2.9 MB (3,047,976 bytes)

File type:

Executable application (Win32 EXE)

Digital Signature

Signed by:

Impressive Publishing

Authority:

COMODO CA Limited

Valid from:

2/2/2014 5:00:00 PM

Valid to:

2/3/2019 4:59:59 PM

Subject:

CN=Impressive Publishing, OU=Software, O=Impressive Publishing, STREET=105 Ford Avenue Suite 5, L=Kingsport, S=Tennessee, PostalCode=37663, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0423949D71B4C4EA060D02119A229D15

File PE Metadata

Compilation timestamp:

6/19/1992 3:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x2888C0

Entry point:

55, 8B, EC, 83, C4, F0, B8, F0, 82, 68, 00, E8, 68, E9, D7, FF, 68, 38, 89, 68, 00, 6A, FF, 6A, 00, E8, 9A, EC, D7, FF, E8, 45, EE, D7, FF, 3D, B7, 00, 00, 00, 75, 05, E8, 9D, BE, D7, FF, A1, 78, 5F, 69, 00, 8B, 00, E8, A1, F2, DF, FF, A1, 78, 5F, 69, 00, 8B, 00, BA, 50, 89, 68, 00, E8, 78, EE, DF, FF, 8B, 0D, C0, 5D, 69, 00, A1, 78, 5F, 69, 00, 8B, 00, 8B, 15, 28, 67, 68, 00, E8, 90, F2, DF, FF, A1, 78, 5F, 69, 00, 8B, 00, E8, 04, F3, DF, FF, E8, 57, BE, D7, FF, 00, 00, 00, 66, 62, 61, 75, 74, 6F, 62, 61... 
[+]

Entropy:

6.5998

Developed / compiled with:

Microsoft Visual C++

Code size:

2.5 MB (2,652,672 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

FBAutoBackup

Command:

"C:\fbp\fbautobackup.exe"

Scan fbautobackup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.