home

image_030-www.facebook.com.exe

Solar

The executable image_030-www.facebook.com.exe has been detected as malware by 38 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from insider-plus.com.
Publisher:
Solar

Product:
Solar

Version:
1.4.0.0

MD5:
64c7c1ad3532eb82e6365eacfcd719c1

SHA-1:
055bfb8dd395226662b260ccec0bc9e28c5d8537

SHA-256:
1e87a3604f96ca5b46114fc53ef7022f1a90171ff6bbe3d85b55546cb08d1317

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
11/16/2024 4:44:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.CryptRedol.Gen.1
391

Agnitum Outpost
Trojan.Agentb
7.1.1

AhnLab V3 Security
Trojan/Win32.Agent
2015.09.15

Avira AntiVirus
TR/Crypt.ZPACK.Gen
8.3.2.2

Arcabit
Trojan.CryptRedol.Gen.1
1.0.0.527

avast!
Win32:Napolar-F [Cryp]
2014.9-160109

AVG
Downloader.Agent.15.R
2017.0.2869

Baidu Antivirus
Trojan.Win32.Agentb
4.0.3.1619

Bitdefender
Trojan.CryptRedol.Gen.1
1.0.20.45

Bkav FE
W32.KeylogCuliLTAG.Trojan
1.3.0.7133

Comodo Security
TrojWare.Win32.Injector.cej
23235

Dr.Web
Trojan.Hottrend.355
9.0.1.09

Emsisoft Anti-Malware
Trojan.CryptRedol.Gen
8.16.01.09.02

ESET NOD32
Win32/Napolar
10.12252

Fortinet FortiGate
W32/Napolar.A!tr
1/9/2016

F-Secure
Trojan.CryptRedol.Gen.1
11.2016-09-01_7

G Data
Trojan.CryptRedol.Gen
16.1.25

IKARUS anti.virus
Trojan-Downloader.Agent
t3scan.1.9.5.0

K7 AntiVirus
Trojan
13.210.17211

Kaspersky
Trojan.Win32.Agentb
14.0.0.842

Malwarebytes
Trojan.Agent.BNS
v2016.01.09.02

McAfee
Artemis!64C7C1AD3532
5600.6525

Microsoft Security Essentials
VirTool:Win32/Injector.gen!EC
1.1.12002.0

MicroWorld eScan
Trojan.CryptRedol.Gen.1
17.0.0.27

NANO AntiVirus
Trojan.Win32.Agentb.cvmgsn
0.30.24.3283

nProtect
Trojan.CryptRedol.Gen.1
15.09.14.01

Panda Antivirus
Trj/Genetic.gen
16.01.09.02

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.Napolar.r4
1.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D[F1]
23.00.65.16107

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Heur.Agent/Gen-GalPic[i]
9396

Trend Micro House Call
TROJ_SPNR.35JA13
7.2.9

Trend Micro
TROJ_SPNR.35JA13
10.465.09

Vba32 AntiVirus
Malware-Cryptor.General.3
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
43754

ViRobot
Trojan.Win32.S.Agent.104960.U[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Agentb.Win32.1682
2.0.0.2398

File size:
102.5 KB (104,960 bytes)

Product version:
1.3.0.0

Original file name:
Solar.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\image_030-www.facebook.com.exe

File PE Metadata
Compilation timestamp:
9/6/2013 10:51:35 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
1536:zwMhHfdwdhcA1RUKxidZpbl1zzA2l9NB3xSZVUwdp6STdwaYJgBqsJugTA0Sd0mV:5KhFUKxAZphZ91xu7McdqWF0gTA0Sqm

Entry address:
0x1000

Entry point:
55, 8B, EC, E8, 58, 01, 00, 00, 50, 81, 3D, 00, 30, 40, 00, 11, 40, 00, 00, 74, 22, 6A, 10, 68, 00, 30, 40, 00, 68, 00, 80, 01, 00, 68, 10, 30, 40, 00, E8, 57, 00, 00, 00, FF, 05, 00, 30, 40, 00, 68, 09, 10, 40, 00, C3, 6A, 00, 6A, 01, 6A, 00, 68, 53, 10, 40, 00, 68, 0A, 35, 40, 00, C3, 6A, 00, 50, 50, 6A, 00, E8, 01, 01, 00, 00, 6A, 00, 6A, 01, 6A, 00, 68, 6A, 10, 40, 00, 68, 1A, 35, 40, 00, C3, 50, E8, FC, 00, 00, 00, 6A, 00, 6A, 01, 6A, 00, 6A, 00, B8, A2, 32, 40, 00, FF, 30, C3, 6A, 00, E8, D9, 00, 00...
 
[+]

Entropy:
7.9463

Developed / compiled with:
Microsoft Visual C++

Code size:
512 Bytes (512 bytes)

The file image_030-www.facebook.com.exe has been seen being distributed by the following URL.

http://insider-plus.com/?lr996h7yq9kog0=c0e120eb

Remove image_030-www.facebook.com.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.