home

photo_020.jpeg-www.facebook.exe

The executable photo_020.jpeg-www.facebook.exe has been detected as malware by 38 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from grandilund.se and multiple other hosts.
MD5:
b64e72abdcc96f5734ff7f6aca29587b

SHA-1:
1692a69f3933d35e77ae13e80b484bd0848f475d

SHA-256:
3b47ea550a170f3da9b379487c8893eac11e8a488d4ae48a878611631ee04ec8

Scanner detections:
38 / 68

Status:
Malware

Analysis date:
2/27/2025 12:22:04 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Dropper.XBB
317

AegisLab AV Signature
Backdoor.W32.Napolar.aje!c
2.1.4+

Agnitum Outpost
Backdoor.Napolar
7.1.1

AhnLab V3 Security
Trojan/Win32.Caphaw
2016.03.09

Avira AntiVirus
TR/Inject.owlpannt
8.3.3.2

Arcabit
Trojan.Dropper.XBB
1.0.0.657

avast!
Win32:CeeInject-AP [Trj]
2014.9-160323

AVG
Inject2
2017.0.2795

Baidu Antivirus
Trojan.Win32.Injector
4.0.3.16323

Bitdefender
Trojan.Dropper.XBB
1.0.20.415

Comodo Security
UnclassifiedMalware
24473

Dr.Web
BackDoor.Slym.14318
9.0.1.083

Emsisoft Anti-Malware
Trojan.Dropper.XBB
8.16.03.23.04

ESET NOD32
Win32/Injector.BHBA (variant)
10.13146

Fortinet FortiGate
W32/Injector.BHSP!tr
3/23/2016

F-Secure
Trojan.Dropper.XBB
11.2016-23-03_4

G Data
Trojan.Dropper.XBB
16.3.25

IKARUS anti.virus
Virus.Win32.CeeInject
t3scan.2.0.9.0

K7 AntiVirus
Trojan
13.214.18953

Kaspersky
HEUR:Trojan.Win32.Generic
14.0.0.472

Malwarebytes
Trojan.Agent.ED
v2016.03.23.04

McAfee
Generic-FAUT!B64E72ABDCC9
5600.6451

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.1.12505.0

MicroWorld eScan
Trojan.Dropper.XBB
17.0.0.249

NANO AntiVirus
Trojan.Win32.ZPACK.dbxzlr
1.0.18.6677

nProtect
Trojan.Dropper.XBB
16.03.08.01

Panda Antivirus
Trj/CI.A
16.03.23.04

Qihoo 360 Security
HEUR/Malware.QVM07.Gen
1.0.0.1120

Quick Heal
Trojan.CeeInject.WR
3.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16321

Sophos
Mal/Zbot-QU
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Injector
9248

Trend Micro House Call
TROJ_SPNR.28GA14
7.2.83

Trend Micro
TROJ_SPNR.28GA14
10.465.23

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
47732

ViRobot
Trojan.Win32.S.Agent.192512.YV[h]
2014.3.20.0

Zillya! Antivirus
Backdoor.Napolar.Win32.79
2.0.0.2708

File size:
188 KB (192,512 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\photo_020.jpeg-www.facebook.exe

File PE Metadata
Compilation timestamp:
7/1/2014 10:02:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:8Xevmpf8mJCdUaCh975Z3m9JDbkoMPYgwHNh//5oGLJT7WitvdNHgsTTIFzhpttD:SUdUaCn9GgoMAPth/hhl7LdWsQFdZ

Entry address:
0xA11F

Entry point:
55, 8B, EC, 6A, FF, 68, 70, D3, 40, 00, 68, A6, A2, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 64, C2, 40, 00, 59, 83, 0D, 40, 10, 41, 00, FF, 83, 0D, 44, 10, 41, 00, FF, FF, 15, 60, C2, 40, 00, 8B, 0D, 34, 10, 41, 00, 89, 08, FF, 15, 5C, C2, 40, 00, 8B, 0D, 30, 10, 41, 00, 89, 08, A1, 58, C2, 40, 00, 8B, 00, A3, 3C, 10, 41, 00, E8, 17, 01, 00, 00, 39, 1D, 40, FB, 40, 00, 75, 0C, 68, A2, A2, 40, 00, FF, 15, 54, C2...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
44 KB (45,056 bytes)

The file photo_020.jpeg-www.facebook.exe has been seen being distributed by the following 2 URLs.

http://grandilund.se/?em0c9a5lu7qo6b=a89f637e3834fa15d69733c

http://grandilund.se/?7h4pbrx=530739a

Remove photo_020.jpeg-www.facebook.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.