» hacker facebook 2017 v7.5.exe
Overview
Analysis
File Details
Behaviors (1)
Downloads (2)

hacker facebook 2017 v7.5.exe

ᅵ퓨뎌ᄐ호ᄐᄆ퓨ᅳᅵ내ᄃᄂᄀ추캬구ᄂᄅ호쇼ᄌᄆᄃ

ᅳᄃ터쇼ᅢᄅ호ᄌ츠ᅥ쇼ᄀᄆᄃ호카ᅢᅧᄌ으ᅳ테ᅦᅢ

The executable hacker facebook 2017 v7.5.exe, “ᅧᅵᅳ호ᄅᄌ먀ᅥ호ᅮᅵᅥ쟈ᅦᄅᄎᄅ버르ᄋᄌ터호호” has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘dfd098cad6de65a234a17bba362ef3fc’. The file has been seen being downloaded from download1478.mediafire.com and multiple other hosts.

File name:

Publisher:

ᅳᄃ터쇼ᅢᄅ호ᄌ츠ᅥ쇼ᄀᄆᄃ호카ᅢᅧᄌ으ᅳ테ᅦᅢ

Product:

ᅵ퓨뎌ᄐ호ᄐᄆ퓨ᅳᅵ내ᄃᄂᄀ추캬구ᄂᄅ호쇼ᄌᄆᄃ

Description:

ᅧᅵᅳ호ᄅᄌ먀ᅥ호ᅮᅵᅥ쟈ᅦᄅᄎᄅ버르ᄋᄌ터호호

Version:

49.44.96.47

MD5:

c99b84bc9f75add551fa5ad8048c38e8

SHA-1:

af80d9a6fb4c866a5773879d7919c50905b92ca2

SHA-256:

c52be4fbb3ead96063a51b85afcbe24376421e6273b249f0583e1247f25c4f21

Scanner detections:

1 / 68

Status:

Malware

Analysis date:

12/26/2024 2:42:54 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

Trojan.Installer (M)

16.6.25.14

File size:

11.5 KB (11,776 bytes)

Product version:

49.44.96.47

ᅥᅧ야ᅢ주ᄃ호르ᄅ라ᅥ쇼ᄂᄂ게ᄀᄀ퓨ᅥᄌᄆᄆ

Trademarks:

ᄆ냐ᄌᄀ체ᅳᅮ쇼호퓨ᅵ머ᄇᄌ루ᄀ호ᅡ투ᅢᅢᅦ쇼ᄎᄏ

Original file name:

Assembly Changer.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

File PE Metadata

Compilation timestamp:

6/25/2016 6:32:33 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

192:EvAiDSOgbkyMhqLzKUrgppgHh0QKdWIILKLyvmduwZbLPE1r:EvAuSOgeqLzp6Ch0QKdpILKLyvJ0bLPk

Entry address:

0x4C38

Entry point:

FF, 25, 28, 4C, 40, 00, 00, 00, 5F, 43, 6F, 72, 45, 78, 65, 4D, 61, 69, 6E, 00, 6D, 73, 63, 6F, 72, 65, 65, 2E, 64, 6C, 6C, 00, 48, 00, 00, 00, 02, 00, 05, 00, A0, 4C, 00, 00, 38, 17, 00, 00, 03, 00, 00, 00, 0E, 00, 00, 06, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 42, 53, 4A, 42, 01, 00, 01, 00, 00, 00, 00, 00, 0C, 00, 00, 00, 76, 32, 2E, 30, 2E, 35, 30, 37... 
[+]

Entropy:

5.1369

Code size:

9 KB (9,216 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

dfd098cad6de65a234a17bba362ef3fc

Command:

"C:\users\{user}\appdata\local\temp\chrome.exe"..

The file hacker facebook 2017 v7.5.exe has been seen being distributed by the following 2 URLs.

http://download1478.mediafire.com/1j653trh42gg/.../Hacker Facebook 2017 v7.5.exe

http://download1478.mediafire.com/kueo8lc7yasg/.../Hacker Facebook 2017 v7.5.exe

Remove hacker facebook 2017 v7.5.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.