» malware.exe
Overview
Analysis
File Details
Downloads (1)

malware.exe

Facebook Videos Player

The executable malware.exe has been detected as malware by 30 anti-virus scanners. The file has been seen being downloaded from prmngertesfghmrtn.ssl.fatomi.com.

File name:

malware.exe

Publisher:

Microsoft* (Invalid match)

Product:

Facebook Videos Player

Version:

1.0.0.0

MD5:

19b8e4d5e2f6aab70a58a4b5a05e9e2a

SHA-1:

b71155e8d119eafc9a09bca4ae9321e191a860f4

SHA-256:

b5d7e589768fae522e109bb1c738292bda1731cb4e89dc4dd6013ff31526578f

Scanner detections:

30 / 68

Status:

Malware

Analysis date:

5/6/2024 10:16:06 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.1905505

771

Agnitum Outpost

Trojan.ExtenBro

7.1.1

Avira AntiVirus

TR/Rogue.805888.7

7.11.197.26

avast!

Win32:Malware-gen

2014.9-141225

Bitdefender

Trojan.GenericKD.1905505

1.0.20.1795

Comodo Security

UnclassifiedMalware

20436

Dr.Web

Trojan.DownLoader11.46609

9.0.1.0359

Emsisoft Anti-Malware

Trojan.GenericKD.1905505

8.14.12.25.05

ESET NOD32

MSIL/ExtenBro

8.10912

Fortinet FortiGate

W32/Agent.FKLQ!tr

12/25/2014

F-Secure

Trojan-Dropper:MSIL/Kilim.BO

11.2014-25-12_5

G Data

Trojan.GenericKD.1905505

14.12.24

IKARUS anti.virus

Trojan.MSIL.Agent

t3scan.1.8.5.0

K7 AntiVirus

Trojan

13.188.14395

Kaspersky

Trojan.MSIL.Agent

14.0.0.2741

Malwarebytes

Trojan.MSIL

v2014.12.25.05

McAfee

Artemis!19B8E4D5E2F6

5600.6905

MicroWorld eScan

Trojan.GenericKD.1905505

15.0.0.1077

NANO AntiVirus

Trojan.Win32.Agent.dhyxqr

0.28.6.64267

Norman

Agent.BIGTX

11.20141225

nProtect

Trojan.GenericKD.1905505

14.12.19.01

Quick Heal

Trojan.MSI.r3

12.14.14.00

Sophos

Mal/Generic-S

4.98

Total Defense

Win32/Tnega.GWHHXeB

37.0.11342

Trend Micro House Call

TROJ_SPNR.09J914

7.2.359

Trend Micro

TROJ_SPNR.09J914

10.465.25

Vba32 AntiVirus

Trojan.MSIL.Agent

3.12.26.3

VIPRE Antivirus

Trojan.Win32.Generic

35960

ViRobot

Trojan.Win32.S.Agent.805888.Y[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Agent.Win32.494628

2.0.0.2012

File size:

787 KB (805,888 bytes)

Product version:

1.0.0.0

Original file name:

Facebook Videos Player.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

9/30/2014 11:37:25 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

768:vCpgbw20lduavGAmOGX7iWrcPG2w1Sz9:vogbw20lduafNGXuWr3g

Entry address:

0xBE1AD

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 00, 03, 00, 00, 00, 30, 00, 00, 80, 0E, 00, 00, 00, D0, 7D, 00, 80, 10, 00, 00, 00, 4A, 7E, 00, 80, 18, 00, 00, 00, EE... 
[+]

Entropy:

3.0912

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

752.5 KB (770,560 bytes)

The file malware.exe has been seen being distributed by the following URL.

http://prmngertesfghmrtn.ssl.fatomi.com/.../nghmbntrfmghjnmbnfhvnfdbfnmglolor.html

Remove malware.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.