home

photo_041.jpg-www.facebook.com.exe

Buggy

The executable photo_041.jpg-www.facebook.com.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from allwebhere.com and multiple other hosts.
Publisher:
Buggy

Product:
Buggy

Version:
1.7.0.0

MD5:
4c056539486c5f5991ef1c7795a8a240

SHA-1:
47692c80e1644408b97b0d695607fb616fa50b76

SHA-256:
d05f8986721c6e0f56bd3eb0dc42dd18294bccfb60010b1ba10c419d1a63a97c

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
5/13/2024 1:02:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Symmi.33349
357

AhnLab V3 Security
Dropper/Win32.Dapato
2015.10.27

Avira AntiVirus
TR/Delf.Inject.115712.4
8.3.2.2

Arcabit
Trojan.Symmi.D8245
1.0.0.585

avast!
Win32:Napolar-E [Cryp]
2014.9-160212

AVG
Dropper.Generic8
2017.0.2835

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.16212

Bitdefender
Gen:Variant.Symmi.33349
1.0.20.215

Bkav FE
HW32.Packed
1.3.0.7383

Comodo Security
Backdoor.Win32.Agent.CXI4
23480

Dr.Web
BackDoor.Tishop.75
9.0.1.043

Emsisoft Anti-Malware
Gen:Variant.Symmi.33349
8.16.02.12.01

ESET NOD32
Win32/TrojanDownloader.Agent.RZJ
10.12469

Fortinet FortiGate
W32/Dapato.DANH!tr
2/12/2016

F-Secure
Gen:Variant.Symmi.33349
11.2016-12-02_6

G Data
Gen:Variant.Symmi.33349
16.2.25

IKARUS anti.virus
Trojan-Dropper.Win32.Dapato
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.212.17655

Kaspersky
Trojan-Dropper.Win32.Dapato
14.0.0.672

McAfee
GenericR-CTN!4C056539486C
5600.6491

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.1.12205.0

MicroWorld eScan
Gen:Variant.Symmi.33349
17.0.0.129

NANO AntiVirus
Trojan.Win32.Dapato.cvbcjs
0.30.26.3947

nProtect
Trojan-Dropper/W32.Dapato.115712.B
15.10.26.01

Panda Antivirus
Trj/Dtcontx.G
16.02.12.01

Qihoo 360 Security
Win32/Trojan.Dropper.1b8
1.0.0.1015

Quick Heal
Trojan.ZAgent.r9
2.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16210

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-GalPic
9328

Trend Micro House Call
TROJ_CONFABO.SMA
7.2.43

Trend Micro
TROJ_SPNV.03HK13
10.465.12

Vba32 AntiVirus
TrojanDropper.Dapato
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Napolar.a
44840

ViRobot
Trojan.Win32.Agent.144896.U[h]
2014.3.20.0

Zillya! Antivirus
Dropper.Dapato.Win32.18403
2.0.0.2476

File size:
113 KB (115,712 bytes)

Product version:
1.7.0.0

Original file name:
Buggy.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\photo_041.jpg-www.facebook.com.exe

File PE Metadata
Compilation timestamp:
8/16/2013 7:02:33 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:oicjbytJGAJZdBiuSNI8ftYWQ6ku4ivC:dc3CiuSNI8feWQsf

Entry address:
0x50BC

Entry point:
55, 8B, EC, 83, C4, F0, B8, 7C, 47, 40, 00, E8, 7C, EB, FF, FF, E8, DF, F5, FF, FF, E8, D6, E5, FF, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
15.5 KB (15,872 bytes)

The file photo_041.jpg-www.facebook.com.exe has been seen being distributed by the following 2 URLs.

http://allwebhere.com/?d8cns4y=4921a8e43b338d570a701f43

http://allwebhere.com/?okarst8eitxuhl=89e7892c28000b917099

Remove photo_041.jpg-www.facebook.com.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.