home

official liker facebook.exe

Official Liker Facebook

CPnY

This is a setup program which is used to install the application. The file has been seen being downloaded from dc658.4shared.com.
Publisher:
CPnY

Product:
Official Liker Facebook

Version:
1.0.0.0

MD5:
e783f0a56617815ee17fff4609c1abf1

SHA-1:
1b64f2ee870139f38382ce257fd82a1bb26167e7

SHA-256:
f23076f4c9aa6b05f195fb69c17198f12d2eece344f069b2505c52db4b6fbeb8

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/24/2024 4:30:41 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
MSIL/PSW.Agent.OBM trojan
7.0.302.0

File size:
32 KB (32,768 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © CPnY 2014

Original file name:
WindowsApplication1.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\official liker facebook.exe

File PE Metadata
Compilation timestamp:
10/20/2014 4:35:38 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
384:VuCkvwKwq6upswmvjLTEsy9YW+72CQjWayJLf45vyhNQft4I8hTpQ4E//3xsWdvh:VBwmvjLTEsy3ONUyhgxsWdkw

Entry address:
0x7DDE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 3A, AD, 44, 54, 00, 00, 00, 00, 02, 00, 00, 00, 84, 00, 00, 00, 1C, 80, 00, 00, 1C, 62, 00, 00, 52, 53, 44, 53, 67, 2A, 50, F9, 43, 3C, 8E, 42, 82, 70, 03, 06, 69, 8E, 4B, B9, 01, 00, 00, 00, 43, 3A, 5C, 55, 73, 65, 72, 73, 5C, 4C, 75, 63, 61, 73, 5C, 41, 70, 70, 44, 61, 74, 61, 5C, 4C, 6F, 63, 61, 6C, 5C, 54, 65, 6D, 70, 6F, 72, 61, 72, 79, 20, 50, 72, 6F...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
23.5 KB (24,064 bytes)

The file official liker facebook.exe has been seen being distributed by the following URL.

http://dc658.4shared.com/download/.../Official_Liker_Facebook.exe

Scan official liker facebook.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.