6_offer_12.exe

Hack Facebook Profiles.com

The executable 6_offer_12.exe, “Facebook Hacker Lite” has been detected as malware by 17 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dl.revenyou.com.
Publisher:
Hack Facebook Profiles.com

Description:
Facebook Hacker Lite

Version:
1.5.0.0

MD5:
17e5d536a79a49e1b122e98970fbe2d5

SHA-1:
37b251f2cfad011ceb49a4c24771755893a3616e

SHA-256:
a23c49f6d7e7b7e537b8ab258d1f8c6e6c03c99d78391372eaf4f6b97a063e54

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
12/25/2024 4:48:58 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Heur.MSIL.Krypt.85
1003

Agnitum Outpost
Trojan.DR.Agent
7.1.1

Avira AntiVirus
TR/Dropper.Gen
7.11.144.50

Bitdefender
Gen:Heur.MSIL.Krypt.85
1.0.20.635

Emsisoft Anti-Malware
Gen:Heur.MSIL.Krypt.85
8.14.05.07.03

F-Secure
Gen:Heur.MSIL.Krypt.85
11.2014-07-05_4

G Data
Gen:Heur.MSIL.Krypt.85
14.5.24

IKARUS anti.virus
Gen.Heur
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11806

Malwarebytes
Spyware.Password
v2014.05.07.03

McAfee
Artemis!17E5D536A79A
5600.7137

MicroWorld eScan
Gen:Heur.MSIL.Krypt.85
15.0.0.381

Norman
Obfuscated.gen!r
11.20140507

Qihoo 360 Security
Win32/Trojan.fe7
1.0.0.1015

SUPERAntiSpyware
Trojan.Agent/Gen-Falofn[Cont]
10620

Trend Micro House Call
TROJ_GEN.F47V0330
7.2.127

VIPRE Antivirus
Trojan.Win32.Generic
28352

File size:
1.5 MB (1,580,544 bytes)

Product version:
1.5.0.0

Copyright:
Copyright © Facebook Hacker Lite 2012

Original file name:
Facebook Hacker Lite.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\6_offer_12.exe

File PE Metadata
Compilation timestamp:
10/5/2013 7:54:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:RlNS8dUoUzmMgj4QexFT0tguC1fu8UsKUTI9u8V:R9qoCJSreDT0uuCw8UkTxa

Entry address:
0x17EF7E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.7051

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.5 MB (1,560,576 bytes)

The file 6_offer_12.exe has been seen being distributed by the following URL.

Remove 6_offer_12.exe - Powered by Reason Core Security