home

fbpasrec.exe

This is a setup program which is used to install the application. It runs as a scheduled task under the Windows Task Scheduler. The file has been seen being downloaded from files.downloadnow.com and multiple other hosts.
MD5:
4476b07b331bb61ab3803e6c23361464

SHA-1:
c2388a3dec17dcdf12365650d8ab6c804ad3942d

SHA-256:
ba16dcade3f2df3ea71529d8f083881aed7910012692580b97b2ff6f76a8acef

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/28/2024 3:28:23 PM UTC  (today)

File size:
1.9 MB (2,010,924 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\fbpasrec.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
49152:DpOSVUbmMU0oqoj8N18GiWacRocrksi+QkT3H6eOqb4xrng7:RValoNje/aao/sFDT3HGQMLg7

Entry point:
50, 4B, 03, 04, 14, 00, 00, 00, 08, 00, B9, 6E, 5C, 45, CB, 52, 0D, C4, 9B, AC, 1E, 00, 7A, 09, 1F, 00, 0E, 00, 00, 00, 46, 42, 50, 61, 73, 52, 65, 63, 32, 31, 2E, 65, 78, 65, EC, FD, 07, 5C, 14, CB, D3, 30, 0A, CF, B2, 0B, AC, B0, 0A, 2A, 98, 03, 2A, 06, 44, 14, C4, 0C, 28, 08, 8B, 18, D0, 25, 19, 30, A2, 80, 80, 08, 08, BB, 82, 0A, 8A, AE, 28, CB, 88, 62, CE, 39, 1C, B3, 9C, A3, 47, 11, 13, B0, 48, 50, 54, C4, 84, 62, C0, 3C, B8, A8, A8, 28, 28, C8, 7E, 55, 3D, B3, 80, 7A, 3C, FF, E7, 79, BF, F7, DE, F7...
 
[+]

Scheduled Task
Task name:
{1A6B5952-1D6F-43FF-99FA-E46F7D8405C7}

Trigger:
Registration (Runs on registration)


The file fbpasrec.exe has been seen being distributed by the following 3 URLs.

http://files.downloadnow.com/s/software/13/93/55/.../fbpasrec.zip?token=1469349178_c28482cbf96efbffcee34ee2c521d4f8&fileName=fbpasrec.zip

http://files.downloadnow.com/s/software/13/93/55/.../fbpasrec.zip?token=1457922927_a27f211eeb940b4068418bd465616189&fileName=fbpasrec.zip

http://www.rixler.com/.../fbpasrec.zip

Scan fbpasrec.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.