home

برنامج تهكير الفيس بوك.exe

The executable برنامج تهكير الفيس بوك.exe has been detected as malware by 7 anti-virus scanners. The file has been seen being downloaded from dc598.4shared.com.
MD5:
76ac5dfaef7985a348b52205953533b7

SHA-1:
3a6d5464145699598efa4eaf14f6db5a445aa4fc

SHA-256:
613a912013c705c5259565dd130876a1784581d9e02decd507546069386084b5

Scanner detections:
7 / 68

Status:
Malware

Analysis date:
11/16/2024 11:42:43 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Agent-AGPO [Trj]
160216-0

Dr.Web
Trojan.Siggen.2988
9.0.1.05190

ESET NOD32
Win32/PSW.Sagic.15.E trojan
8.0.319.0

F-Prot
W32/Trojan2.HLOK
4.6.5.141

Kaspersky
Trojan.Win32.Agent
15.0.0.562

McAfee
Trojan.Spy-Agent.dt
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.6352.0

File size:
44.7 KB (45,752 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\برنامج تهكير الفيس بوك.exe

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
384:r+MPhTZZg+0Qx5pjOsoTeBtWYexEP4EOWb9cC2zlVRtZIdWT5dK0nMq4DtItt9a:D5TBRYoWYexSbfbqC2z54mi2MGa

Entry address:
0x1000

Entry point:
B8, A8, E4, 41, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 32, 00, 16, 88, DC, 47, 24, 25, 69, 8A, A0, A3, E1, F8, 38, 28, D4, 74, DA, 0F, C2, BF, C0, 5A, 68, F1, 80, 2C, 84, 0F, 4F, 10, 60, 56, 10, 78, 9B, 5C, 95, 24, 0B, DD, 7A, 1E, 49, AB, B6, 87, 30, 24, CA, 7E, 56, 77, 87, DC, E9, C8, 5C, 00, 3F, A5, A7, D9, B3, E5, 61, 6F, 72, 91, 13, 9D, 83, EF, 4A, 6D, 0F, 2F, AB, A6, 62, 80, F7, 58, 9D, D0, 95, 59, 17, 7D, 08, 56, DC, B7, 5C, 5B, 3E, 95, 0D, E1, B9...
 
[+]

Entropy:
5.2161

Packer / compiler:
PeCompact 2.xx (Slim Loader)

Code size:
36.5 KB (37,376 bytes)

The file برنامج تهكير الفيس بوك.exe has been seen being distributed by the following URL.

http://dc598.4shared.com/download/.../___.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.