auto facebook marketer-v3.13.exe

The executable auto facebook marketer-v3.13.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from dc196.4shared.com.
Version:
4.0.0.0

MD5:
a45d092867492bf91a2dff6a7800a42d

SHA-1:
1a74619f0f427cdd39e06e53d71040b17c820af7

SHA-256:
663d4ebeff014fd00db42ddccda41438083285181a82242e886bd6dbf122226a

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
12/26/2024 2:43:25 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2921549
5813571

ESET NOD32
MSIL/Ubot.D potentially unsafe application
7.0.302.0

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

VIPRE Antivirus
Threat.4150696
46446

File size:
4.1 MB (4,332,286 bytes)

Product version:
4.0.0.0

Copyright:
Copyright © 2012

Original file name:
Bot.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\auto facebook marketer-v3.13.exe

File PE Metadata
Compilation timestamp:
7/29/2013 10:42:12 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
98304:yT3dlRRPBMfYNPlAjkzgu2d9F8t6Go9/CZ/Il:y9Mf8PlA4zPkF8cGoNCZi

Entry address:
0x2E18CC

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.9 MB (3,013,120 bytes)

The file auto facebook marketer-v3.13.exe has been seen being distributed by the following URL.

Remove auto facebook marketer-v3.13.exe - Powered by Reason Core Security