» photo_016.jpeg-www.facebook.exe
Overview
Analysis
File Details
Downloads (2)

photo_016.jpeg-www.facebook.exe

The executable photo_016.jpeg-www.facebook.exe has been detected as malware by 35 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from incitemarketing.ca and multiple other hosts.

File name:

MD5:

a39027994c9ad154ed651175a0ca1fca

SHA-1:

124d0e2807595997553f8a96372b93d7937b4c55

SHA-256:

996905465efe3d65e06bce06b1095affcd3a3aae1de9488a063c62186d4a7185

Scanner detections:

35 / 68

Status:

Malware

Analysis date:

4/26/2024 5:46:30 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Symmi.41507

354

AegisLab AV Signature

Troj.Ransom.W32.BlueScreen.np!c

2.1.4+

Agnitum Outpost

Trojan.Napolar

7.1.1

AhnLab V3 Security

Trojan/Win32.Ransomlock

2016.02.10

Avira AntiVirus

TR/Inject.opanjfv

8.3.3.2

Arcabit

Trojan.Symmi.DA223

1.0.0.653

avast!

Win32:Androp [Drp]

2014.9-160216

AVG

Win32/Cryptor

2017.0.2832

Baidu Antivirus

Trojan.Win32.Agent

4.0.3.16216

Bitdefender

Gen:Variant.Symmi.41507

1.0.20.235

Bkav FE

W32.SimuclucLTAAM.Trojan

1.3.0.7400

Comodo Security

UnclassifiedMalware

24147

Dr.Web

Trojan.Packed.26389

9.0.1.047

ESET NOD32

Win32/Napolar

10.13003

Fortinet FortiGate

W32/Napolar.E!tr

2/16/2016

F-Secure

Gen:Variant.Symmi.41507

11.2016-16-02_3

G Data

Gen:Variant.Symmi.41507

16.2.25

IKARUS anti.virus

Virus.Win32.Cryptor

t3scan.2.0.6.0

K7 AntiVirus

Trojan

13.213.18694

Kaspersky

HEUR:Trojan.Win32.Generic

14.0.0.654

Malwarebytes

Trojan.Agent.ED

v2016.02.16.02

McAfee

Bot-FJP!A39027994C9A

5600.6488

Microsoft Security Essentials

Trojan:Win32/Ptdet

1.1.12400.0

MicroWorld eScan

Gen:Variant.Symmi.41507

17.0.0.141

NANO AntiVirus

Trojan.Win32.Ngrbot.cwwyqk

1.0.14.6071

Panda Antivirus

Trj/Genetic.gen

16.02.16.02

Qihoo 360 Security

Win32/Trojan.Ransom.b05

1.0.0.1120

Quick Heal

Worm.Gamarue.I5

2.16.14.00

Rising Antivirus

PE:Malware.Generic(Thunder)!1.A1C4 [F]

23.00.65.16214

Sophos

Mal/Wonton-J

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Symmi

9321

Trend Micro House Call

TROJ_SPNR.28DE14

7.2.47

Trend Micro

TROJ_SPNR.28DE14

10.465.16

VIPRE Antivirus

Trojan.Win32.Generic

47096

ViRobot

Trojan.Win32.S.Agent.265728.AH[h]

2014.3.20.0

File size:

259.5 KB (265,728 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\downloads\photo_016.jpeg-www.facebook.exe

File PE Metadata

Compilation timestamp:

4/8/2014 7:46:01 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:Iek2nymTmMqYeuiCaQX/xbsr1heoxWHHANEKU0KihIp85Vzh88Ee1QFGBaEZSPTt:I7kXW6Kr+oxWnPNihIp8vuS1DB+C01hj

Entry address:

0x8CD1

Entry point:

E8, 77, 47, 00, 00, E9, 89, FE, FF, FF, B8, 88, 95, 41, 00, C3, A1, 60, D9, 41, 00, 56, 6A, 14, 5E, 85, C0, 75, 07, B8, 00, 02, 00, 00, EB, 06, 3B, C6, 7D, 07, 8B, C6, A3, 60, D9, 41, 00, 6A, 04, 50, E8, 25, 48, 00, 00, 59, 59, A3, 5C, C9, 41, 00, 85, C0, 75, 1E, 6A, 04, 56, 89, 35, 60, D9, 41, 00, E8, 0C, 48, 00, 00, 59, 59, A3, 5C, C9, 41, 00, 85, C0, 75, 05, 6A, 1A, 58, 5E, C3, 33, D2, B9, 88, 95, 41, 00, EB, 05, A1, 5C, C9, 41, 00, 89, 0C, 02, 83, C1, 20, 83, C2, 04, 81, F9, 08, 98, 41, 00, 7C, EA, 6A... 
[+]

Code size:

79 KB (80,896 bytes)

The file photo_016.jpeg-www.facebook.exe has been seen being distributed by the following 2 URLs.

http://incitemarketing.ca/?pjllmh6=0e13a6036f9c710

http://incitemarketing.ca/?ut1532lu=f7fbef84724f81cd94c78

Remove photo_016.jpeg-www.facebook.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.