home

FBAgent.exe

AFBAgent

The executable FBAgent.exe has been detected as malware by 2 anti-virus scanners. It runs as a windows Service named “AFBAgent”. While running, it connects to the Internet address mailrelay.203.website.ws on port 80 using the HTTP protocol.
Publisher:
ASUSTeK Computer Inc.*  (Invalid match)

Product:
AFBAgent

Description:
ASUS FastBoot

Version:
1, 0, 8, 0

MD5:
256517b440d0256760be35846a5a9408

SHA-1:
a4c5860506e107f1ac5d46b5772a65756c89181c

SHA-256:
fcd5de0c109152a89987fcd948c24f8e63ae79320b1659a7a2f53fec3a8ff68e

Scanner detections:
2 / 68

Status:
Malware

Analysis date:
11/16/2024 7:43:42 AM UTC  (today)

Scan engine
Detection
Engine version

Dr.Web
Win64.Expiro.100
9.0.1.05190

ESET NOD32
Win64/Expiro.BB virus
6.3.12010.0

File size:
929.5 KB (951,808 bytes)

Product version:
1, 0, 8, 0

Copyright:
(C) 2008 ASUSTeK Computer Inc. All rights reserved.

Original file name:
FBAgent.exe

File type:
Executable application (Win64 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Windows\System32\fbagent.exe

File PE Metadata
Compilation timestamp:
7/14/2010 11:34:00 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x2EE10

Entry point:
47, 55, 41, 51, 41, 56, 45, BE, F0, 15, 04, 00, 4F, B9, 00, D0, 0E, 40, 01, 00, 00, 00, 57, 45, BD, D7, 06, 00, 00, BF, 40, 5C, 09, 00, 4C, 0F, AF, EF, 4A, BF, E6, 05, 00, 00, 01, 00, 00, 00, 4E, 03, EF, E8, 25, 00, 00, 00, 4F, BD, A6, 2F, 0A, 40, 01, 00, 00, 00, 43, BE, D0, E1, 00, 00, 4F, B9, 00, 10, 23, 40, 01, 00, 00, 00, E8, 06, 00, 00, 00, 5F, 4F, 39, CD, 75, 33, 41, 8B, 7D, 00, 81, F7, A2, 4C, 65, EA, 41, 89, 39, 4B, FF, C5, 4B, FF, C5, 4D, FF, CE, 4D, FF, CE, 4D, FF, C5, 49, FF, C5, 4D, 81, C1, 04...
 
[+]

Entropy:
7.3202

Code size:
250.5 KB (256,512 bytes)

Service
Display name:
AFBAgent

Type:
Win32OwnProcess, InteractiveProcess

Group:
ShellSvcGroup

Depends on:
RPCSS


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to mailrelay.203.website.ws  (64.70.19.203:80)

Remove FBAgent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.