home

photo_020.jpeg-www.facebook.exe

The executable photo_020.jpeg-www.facebook.exe has been detected as malware by 39 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from grandilund.se.
MD5:
49f96e75c3399e51bdfb981965170fe9

SHA-1:
2be1b6a3a1a963889561fda73d8f5b627e62f2e2

SHA-256:
88cad4948df1478b0e9192c69be38f32b56ee2a3aa1b516764992eb21d8518c7

Scanner detections:
39 / 68

Status:
Malware

Analysis date:
2/27/2025 12:38:36 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Dropper.XBB
299

AegisLab AV Signature
Backdoor.W32.Napolar.ajg!c
2.1.4+

Agnitum Outpost
Backdoor.Napolar
7.1.1

AhnLab V3 Security
Trojan/Win32.Caphaw
2016.02.11

Avira AntiVirus
TR/Injector.awo.3
8.3.3.2

Arcabit
Trojan.Dropper.XBB
1.0.0.653

avast!
Win32:CeeInject-AP [Trj]
2014.9-160411

AVG
Inject2
2017.0.2777

Baidu Antivirus
Backdoor.Win32.Napolar
4.0.3.16411

Bitdefender
Trojan.Dropper.XBB
1.0.20.510

Comodo Security
UnclassifiedMalware
24158

Dr.Web
BackDoor.Slym.14318
9.0.1.0102

Emsisoft Anti-Malware
Trojan.Dropper.XBB
8.16.04.11.05

ESET NOD32
Win32/Napolar
10.13010

Fortinet FortiGate
W32/Napolar.AJG!tr.bdr
4/11/2016

F-Prot
W32/Backdoor2.HUYF
v6.4.7.1.166

F-Secure
Trojan.Dropper.XBB
11.2016-11-04_2

G Data
Trojan.Dropper.XBB
16.4.25

IKARUS anti.virus
Trojan.Injector
t3scan.2.0.6.0

K7 AntiVirus
Trojan
13.213.18708

Kaspersky
Backdoor.Win32.Napolar
14.0.0.379

Malwarebytes
Trojan.Agent.ED
v2016.04.11.05

McAfee
Generic.dx!49F96E75C339
5600.6433

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.1.12400.0

MicroWorld eScan
Trojan.Dropper.XBB
17.0.0.306

NANO AntiVirus
Trojan.Win32.ZPACK.dbxzlr
1.0.14.6071

nProtect
Trojan.Dropper.XBB
16.02.05.01

Panda Antivirus
Trj/WLT.A
16.04.11.05

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1120

Quick Heal
Trojan.CeeInject.WR
4.16.14.00

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.16409

Sophos
Mal/Zbot-QU
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-Injector
9211

Total Defense
Win32/Tnega.AUTZ
37.1.62.1

Trend Micro House Call
TROJ_SPNR.28GA14
7.2.102

Trend Micro
TROJ_SPNR.28GA14
10.465.11

Vba32 AntiVirus
TrojanSpy.Zbot
3.12.26.4

VIPRE Antivirus
Trojan.Win32.Generic
47120

ViRobot
Trojan.Win32.S.Agent.192512.HC[h]
2014.3.20.0

File size:
188 KB (192,512 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
7/1/2014 5:02:28 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:8Xevmpf8mJCdUaCh975ZSm9Jz0yETo8Q5WL+Su1xqvsauyBRKEbMsF9aqiMM7A:SUdUaCn9gorcLH0cKEbtv10k

Entry address:
0xA11F

Entry point:
55, 8B, EC, 6A, FF, 68, 70, D3, 40, 00, 68, A6, A2, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 64, C2, 40, 00, 59, 83, 0D, 40, 10, 41, 00, FF, 83, 0D, 44, 10, 41, 00, FF, FF, 15, 60, C2, 40, 00, 8B, 0D, 34, 10, 41, 00, 89, 08, FF, 15, 5C, C2, 40, 00, 8B, 0D, 30, 10, 41, 00, 89, 08, A1, 58, C2, 40, 00, 8B, 00, A3, 3C, 10, 41, 00, E8, 17, 01, 00, 00, 39, 1D, 40, FB, 40, 00, 75, 0C, 68, A2, A2, 40, 00, FF, 15, 54, C2...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
44 KB (45,056 bytes)

The file photo_020.jpeg-www.facebook.exe has been seen being distributed by the following URL.

http://grandilund.se/?hz9mqyau=4a58c3f348

Remove photo_020.jpeg-www.facebook.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.