home

photo_020.jpeg-www.facebook.exe

The executable photo_020.jpeg-www.facebook.exe has been detected as malware by 6 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from grandilund.se.
MD5:
c9c5b4cdd7f6a6c467635d92c48e8602

SHA-1:
5ec46c20b690eda3626d8ca353d9313a3def012b

SHA-256:
e9ec1f5a8061fa95be5c8723fb7bc097c562caef6d1bf36f3dc4401d134f8f5e

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
2/27/2025 12:21:23 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Kelihos-CA [Trj]
160518-2

Dr.Web
Trojan.DownLoad3.33737
9.0.1.05190

Emsisoft Anti-Malware
Gen:Heur.Zboter
11.5.0.6191

ESET NOD32
Win32/Napolar.E trojan
8.0.319.0

Microsoft Security Essentials
Threat.Undefined
1.223.2255.0

Norman
Gen:Heur.Zboter.5
28.05.2016 15:32:18

File size:
156 KB (159,744 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\photo_020.jpeg-www.facebook.exe

File PE Metadata
Compilation timestamp:
6/18/2014 7:20:12 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:HqXa2Z25ME9DHz2NeWONE06MUQipNgOe/Lr8r7RxzeWDr:Kp45MEdC5B4ipKzrk7zN

Entry address:
0x24E0

Entry point:
55, 8B, EC, 6A, FF, 68, C0, 35, 40, 00, 68, 66, 26, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 14, 32, 40, 00, 59, 83, 0D, C8, 43, 40, 00, FF, 83, 0D, CC, 43, 40, 00, FF, FF, 15, F0, 31, 40, 00, 8B, 0D, BC, 43, 40, 00, 89, 08, FF, 15, EC, 31, 40, 00, 8B, 0D, B8, 43, 40, 00, 89, 08, A1, E8, 31, 40, 00, 8B, 00, A3, C4, 43, 40, 00, E8, 16, 01, 00, 00, 39, 1D, D0, 40, 40, 00, 75, 0C, 68, 62, 26, 40, 00, FF, 15, E4, 31...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

The file photo_020.jpeg-www.facebook.exe has been seen being distributed by the following URL.

http://grandilund.se/?xe5a1ts1b=13927a505baf

Remove photo_020.jpeg-www.facebook.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.