home

photo_026.jpg-www.facebook.com.exe

The executable photo_026.jpg-www.facebook.com.exe has been detected as malware by 38 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from dc675.4shared.com and multiple other hosts.
MD5:
38b3234fca4c48a2c35c55699a33ea93

SHA-1:
60021f41e32aa5422fa3286e0d63379c5e1b2ac0

SHA-256:
878ef0a27929570ff9751cc0fa2b1880546b67877f0aef86718f1907099a8620

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
4/24/2024 6:38:00 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.CryptRedol.Gen.1
523

Agnitum Outpost
Trojan.Agentb
7.1.1

AhnLab V3 Security
Trojan/Win32.Napolar
2015.08.30

Avira AntiVirus
TR/Crypt.ZPACK.Gen
8.3.2.2

Arcabit
Trojan.CryptRedol.Gen.1
1.0.0.425

avast!
Win32:Napolar-F [Cryp]
2014.9-150830

AVG
Downloader.Agent.15.R
2016.0.3001

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.15830

Bitdefender
Trojan.CryptRedol.Gen.1
1.0.20.1210

Comodo Security
TrojWare.Win32.Injector.cej
23112

Dr.Web
Trojan.DownLoader10.24688
9.0.1.0242

Emsisoft Anti-Malware
Trojan.CryptRedol.Gen
8.15.08.30.08

ESET NOD32
Win32/Napolar
9.12171

Fortinet FortiGate
W32/Napolar.A!tr
8/30/2015

F-Secure
Trojan.CryptRedol.Gen.1
11.2015-30-08_1

G Data
Trojan.CryptRedol.Gen
15.8.25

herdProtect (fuzzy)
variant of photo_025.jpg-www.facebook.com.exe
2015.10.27.0

IKARUS anti.virus
Trojan-Downloader.Agent
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.2017054

Kaspersky
Trojan.Win32.Agentb
14.0.0.1501

Malwarebytes
Trojan.Agent.FICO
v2015.08.30.08

McAfee
Artemis!38B3234FCA4C
5600.6657

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.1.12002.0

MicroWorld eScan
Trojan.CryptRedol.Gen.1
16.0.0.726

NANO AntiVirus
Trojan.Win32.Agentb.cviwly
0.30.24.3283

nProtect
Trojan.CryptRedol.Gen.1
15.08.28.01

Panda Antivirus
Trj/Dtcontx.G
15.08.30.08

Qihoo 360 Security
Win32/Trojan.029
1.0.0.1015

Quick Heal
Trojan.ZAgent.r4
8.15.14.00

Rising Antivirus
PE:Trojan.Win32.Generic.15B96C4F!364473423[F1]
23.00.65.15828

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Heur.Agent/Gen-GalPic[i]
9659

Trend Micro House Call
TROJ_SPNR.06IA13
7.2.242

Trend Micro
TROJ_SPNR.06IA13
10.465.30

Vba32 AntiVirus
Malware-Cryptor.General.3
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43294

ViRobot
Trojan.Win32.Napola.104448[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Agentb.Win32.1532
2.0.0.2379

File size:
102 KB (104,448 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\photo_026.jpg-www.facebook.com.exe

File PE Metadata
Compilation timestamp:
9/4/2013 12:08:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
1536:u241vfK5A6w+ZLVQLZlzZ6Ag1hzaOa1sdf5KvDlPfAmKylE4cs1upaMYS8:kRC5AFaLa1l9Xg1kOCWD4LcpaMYS

Entry address:
0x1000

Entry point:
55, 8B, EC, E8, 4C, 01, 00, 00, 50, 81, 3D, 00, 30, 40, 00, 01, 40, 00, 00, 74, 22, 6A, 10, 68, 00, 30, 40, 00, 68, 00, 80, 01, 00, 68, 10, 30, 40, 00, E8, 57, 00, 00, 00, FF, 05, 00, 30, 40, 00, 68, 09, 10, 40, 00, C3, 6A, 00, 6A, 01, 6A, 00, 68, 53, 10, 40, 00, 68, 0A, 35, 40, 00, C3, 6A, 00, 50, 50, 6A, 00, E8, F5, 00, 00, 00, 6A, 00, 6A, 01, 6A, 00, 68, 6A, 10, 40, 00, 68, 1A, 35, 40, 00, C3, 50, E8, F0, 00, 00, 00, 6A, 00, 6A, 01, 6A, 00, 6A, 00, B8, A2, 32, 40, 00, FF, 30, C3, 6A, 00, E8, CD, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
512 Bytes (512 bytes)

The file photo_026.jpg-www.facebook.com.exe has been seen being distributed by the following 3 URLs.

http://dc675.4shared.com/.../MT2rJDwF

http://huhmagazine.co.uk/?zaeqtykj2b1y=f6983ef7949f0775b84e88

http://huhmagazine.co.uk/?z023os4cdqvi8=a3b5167

Remove photo_026.jpg-www.facebook.com.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.