home

flowers_in_early_spring_picture_03451.exe

FaceDetect

The executable flowers_in_early_spring_picture_03451.exe, “FaceDetect Microsoft ” has been detected as malware by 1 anti-virus scanner. This is a setup program which is used to install the application. The file has been seen being downloaded from catalog.chaosium.com.
Product:
FaceDetect

Description:
FaceDetect Microsoft

Version:
1, 0, 0, 1

MD5:
b597f12f65f3fff56572e4bb51c3de62

SHA-1:
23b768e9b06217df502f89beacc2f550c504fe4b

SHA-256:
a96bd9945da6e331eb257e7531d3334a39dcb758fe374ac1e752aecee7dc2884

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
4/26/2024 4:21:38 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Threat.Win.Reputation.IMP
16.2.21.10

File size:
176 KB (180,224 bytes)

Product version:
1, 0, 0, 1

Copyright:
(C) 2002

Original file name:
FaceDetect.EXE

File type:
Executable application (Win32 EXE)

Language:
Germana (Austria)

Common path:
C:\users\{user}\downloads\flowers_in_early_spring_picture_03451.exe

File PE Metadata
Compilation timestamp:
3/22/2015 8:41:16 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
3072:LaX5F+gcCBH0NWGFjpqbO7fZwKjgeqzc0vxq/Pevbhi6LsI3G8nyHiw:mX5F+g64GyO9JjNWvUevb0ksYyJ

Entry address:
0x6182

Entry point:
55, 8B, EC, 6A, FF, 68, D8, 7B, 40, 00, 68, 08, 63, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 90, 72, 40, 00, E9, 2C, 05, 00, 00, FF, 25, CC, 71, 40, 00, CC, CC, CC, 59, FF, 15, 94, 72, 40, 00, 8B, 0D, 80, 93, 40, 00, 89, 08, FF, 15, 98, 72, 40, 00, 8B, 0D, 7C, 93, 40, 00, 89, 08, A1, 9C, 72, 40, 00, 8B, 00, A3, 88, 93, 40, 00, E8, 16, 01, 00, 00, 39, 1D, 90, 91, 40, 00, 75, 0C, 68, 04, 63, 40, 00, FF, 15, A0, 72...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
24.3 KB (24,832 bytes)

The file flowers_in_early_spring_picture_03451.exe has been seen being distributed by the following URL.

http://catalog.chaosium.com/?lmnarq=515c455

Remove flowers_in_early_spring_picture_03451.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.