home

frst64.exe

Farbar

Publisher:
Farbar

Description:
Farbar Recovery Scan Tool

Version:
7.11.2015.0

MD5:
e692e216b6fb1c1e9deafd1b6e895a94

SHA-1:
fae9a7fb811240aa4328e5a39112af713b9d0469

SHA-256:
6e8bf313c850728328088c2dc10fb5369b9c938f71f58ec7eb8d51374eb1ca51

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
4/24/2024 9:40:22 PM UTC  (today)

Scan engine
Detection
Engine version

Zillya! Antivirus
Trojan.Llac.Win32.51980
2.0.0.2497

File size:
2.1 MB (2,198,528 bytes)

Product version:
3.3.14.0

Copyright:
©1999-2015 Jonathan Bennett & AutoIt Team

File type:
Executable application (Win64 EXE)

Language:
English (United Kingdom)

Common path:
C:\users\{user}\downloads\frst64.exe

File PE Metadata
Compilation timestamp:
11/7/2015 7:57:23 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
49152:2ATXSBZga5GBoZ9Ve3aOciiFJcC/Qd6UsbHTo:hkmoZ9KmJcCod6UkT

Entry address:
0x2F7DC

Entry point:
48, 83, EC, 28, E8, BF, B3, 00, 00, 48, 83, C4, 28, E9, 36, FE, FF, FF, CC, CC, 8B, 05, EA, 9B, 0A, 00, 44, 8B, C2, 23, CA, 41, F7, D0, 44, 23, C0, 44, 0B, C1, 44, 89, 05, D5, 9B, 0A, 00, C3, 48, 83, EC, 28, E8, 87, 28, 00, 00, 48, 85, C0, 74, 0A, B9, 16, 00, 00, 00, E8, A8, 28, 00, 00, F6, 05, B5, 9B, 0A, 00, 02, 74, 29, B9, 17, 00, 00, 00, E8, 25, 1D, 01, 00, 85, C0, 74, 07, B9, 07, 00, 00, 00, CD, 29, 41, B8, 01, 00, 00, 00, BA, 15, 00, 00, 40, 41, 8D, 48, 02, E8, 52, 09, 00, 00, B9, 03, 00, 00, 00, E8...
 
[+]

Entropy:
7.5525

Code size:
672 KB (688,128 bytes)

The file frst64.exe has been seen being distributed by the following 8 URLs.

http://download.bleepingcomputer.com/dl/25c0a4a79c06856715174b96d8057e45/56476484/windows/security/security-utilities/f/farbar-recovery-scan-tool/.../FRST64.exe

http://download.bleepingcomputer.com/dl/66fc05f754e54b1f1f792e0f30f8e2db/5641156e/windows/security/security-utilities/f/farbar-recovery-scan-tool/.../FRST64.exe

http://download.bleepingcomputer.com/dl/842d229349c4f90a282a7cf540f1914c/5641ba51/windows/security/security-utilities/f/farbar-recovery-scan-tool/.../FRST64.exe

http://download.bleepingcomputer.com/dl/efe2a553d81364244886d27036039351/5643f999/windows/security/security-utilities/f/farbar-recovery-scan-tool/.../FRST64.exe

http://filepony.de/.../

http://download.bleepingcomputer.com/dl/ca0965e455256ded9f425c0b57a9814e/563eaea6/windows/security/security-utilities/f/farbar-recovery-scan-tool/.../FRST64.exe

http://download.bleepingcomputer.com/dl/fb2f2653e32e7b6cdec8b77958cf5fe1/56426f12/windows/security/security-utilities/f/farbar-recovery-scan-tool/.../FRST64.exe

http://download.bleepingcomputer.com/dl/b5114e1eae6e3934c616f0b1fdec1efe/563e5edf/windows/security/security-utilities/f/farbar-recovery-scan-tool/.../FRST64.exe

Scan frst64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.