» FACESLIKES.COM.exe
Overview
Analysis
File Details
Downloads (1)

FACESLIKES.COM.exe

FACESLIKES.COM

The executable FACESLIKES.COM.exe has been detected as malware by 7 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from fs13n3.sendspace.com.

File name:

FACESLIKES.COM.exe

Publisher:

FACESLIKES.COM

Product:

FACESLIKES.COM

Version:

1.0.0.0

MD5:

e715bc4f6955595d6d8278a3dcb5be85

SHA-1:

629f727dee6ce5b2b466c870dfcd2b45b2e5c328

SHA-256:

082ec0b245e0bb27b97955960f4849a73b3a520dda7ec2e5426f7154083e00b7

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

11/8/2024 8:07:03 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

Troj.Spy.Gen!c

2.1.4+

Avira AntiVirus

TR/Spy.Gen

8.3.3.4

Baidu Antivirus

Win32.Trojan.WisdomEyes.151026.9950

4.0.3.16613

ESET NOD32

MSIL/PSW.Agent.ONZ (variant)

10.13636

Fortinet FortiGate

MSIL/Agent.ONZ!tr.pws

6/13/2016

Qihoo 360 Security

HEUR/QVM03.0.0000.Malware.Gen

1.0.0.1120

Rising Antivirus

Stealer.Agent!8.C2-HOInW6lW9aN (Cloud)

23.00.65.16611

File size:

152.5 KB (156,160 bytes)

Product version:

1.0.0.0

Original file name:

FACESLIKES.COM.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\faceslikes.com.exe

File PE Metadata

Compilation timestamp:

6/12/2016 11:21:18 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

1536:HqeIlQwQYGhjuAyik6tX7W1r7gGt1mftxtH0vXo55iM5TI1y1V4sBNah:HzIljigPerWFpt1mDTx5TI10XNah

Entry address:

0x16CEA

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

83.5 KB (85,504 bytes)

The file FACESLIKES.COM.exe has been seen being distributed by the following URL.

https://fs13n3.sendspace.com/dl/366c5a3f74409a73eb193133477e7ac7/575d7a346e29a19f/.../FACESLIKES.COM.exe

Remove FACESLIKES.COM.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.