home

photo_025.jpg-www.facebook.com.exe

The executable photo_025.jpg-www.facebook.com.exe has been detected as malware by 36 anti-virus scanners. This is a setup program which is used to install the application. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from huhmagazine.co.uk and multiple other hosts.
MD5:
7d6fbfe63c5c126ed585880b54844edd

SHA-1:
85e5a0951182de95827f1135721f73ad0828b6bc

SHA-256:
760c76455a6271b53afdb40678d2dca2e4339d4df6ac5ac24ec4e2403305baa9

Scanner detections:
36 / 68

Status:
Malware

Analysis date:
12/26/2024 4:21:49 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.CryptRedol.Gen.1
1025

Agnitum Outpost
Trojan.Agentb
7.1.1

AhnLab V3 Security
Trojan/Win32.Napolar
2014.03.06

Avira AntiVirus
TR/Crypt.ZPACK.Gen
7.11.135.30

avast!
Win32:Napolar-F [Cryp]
2014.9-140415

AVG
Downloader.Agent.15.R
2015.0.3503

Baidu Antivirus
Trojan.Win32.Agent
4.0.3.14415

Bitdefender
Trojan.CryptRedol.Gen.1
1.0.20.525

Comodo Security
TrojWare.Win32.Injector.cej
17892

Dr.Web
Trojan.Inject1.32767
9.0.1.0105

Emsisoft Anti-Malware
Trojan.CryptRedol.Gen
8.14.04.15.12

ESET NOD32
Win32/Napolar
8.9507

Fortinet FortiGate
W32/Napolar.A
4/15/2014

F-Secure
Trojan.CryptRedol.Gen.1
11.2014-15-04_3

G Data
Trojan.CryptRedol.Gen
14.4.24

IKARUS anti.virus
Trojan-Downloader.Agent
t3scan.2.2.29

K7 AntiVirus
Trojan
13.176.11351

Kaspersky
Trojan.Win32.Agentb
14.0.0.4012

Malwarebytes
Trojan.Agent.FICO
v2014.04.15.12

McAfee
RDN/Generic Downloader.x!im
5600.7159

Microsoft Security Essentials
Trojan:Win32/Napolar.A
1.10302

MicroWorld eScan
Trojan.CryptRedol.Gen.1
15.0.0.315

NANO AntiVirus
Trojan.Win32.Agentb.cgakwi
0.28.0.58101

Norman
Troj_Generic.PIKKV
11.20140415

nProtect
Trojan.CryptRedol.Gen.1
14.03.05.01

Panda Antivirus
Trj/dtcontx.G
14.04.15.12

Qihoo 360 Security
HEUR/Malware.QVM20.Gen
1.0.0.1015

Quick Heal
Trojan.Napolar
4.14.12.00

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14413

Sophos
Mal/Generic-S
4.98

SUPERAntiSpyware
Heur.Agent/Gen-GalPic[i]
10664

Trend Micro House Call
TROJ_NAPOLAR.AC
7.2.105

Trend Micro
TROJ_NAPOLAR.AC
10.465.15

Vba32 AntiVirus
Malware-Cryptor.General.3
3.12.24.3

VIPRE Antivirus
Trojan.Win32.Generic
27128

ViRobot
Trojan.Win32.Napola.104448
2011.4.7.4223

File size:
102 KB (104,448 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\photo_025.jpg-www.facebook.com.exe

File PE Metadata
Compilation timestamp:
9/4/2013 6:38:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
5.12

CTPH (ssdeep):
1536:u241vfK5A6w+ZLVQLZlzZ6Ag1hzaOa1sdf5KvDlPfAmKylE4cs1upaMXR:kRC5AFaLa1l9Xg1kOCWD4LcpaMXR

Entry address:
0x1000

Entry point:
55, 8B, EC, E8, 4C, 01, 00, 00, 50, 81, 3D, 00, 30, 40, 00, 01, 40, 00, 00, 74, 22, 6A, 10, 68, 00, 30, 40, 00, 68, 00, 80, 01, 00, 68, 10, 30, 40, 00, E8, 57, 00, 00, 00, FF, 05, 00, 30, 40, 00, 68, 09, 10, 40, 00, C3, 6A, 00, 6A, 01, 6A, 00, 68, 53, 10, 40, 00, 68, 0A, 35, 40, 00, C3, 6A, 00, 50, 50, 6A, 00, E8, F5, 00, 00, 00, 6A, 00, 6A, 01, 6A, 00, 68, 6A, 10, 40, 00, 68, 1A, 35, 40, 00, C3, 50, E8, F0, 00, 00, 00, 6A, 00, 6A, 01, 6A, 00, 6A, 00, B8, A2, 32, 40, 00, FF, 30, C3, 6A, 00, E8, CD, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
512 Bytes (512 bytes)

The file photo_025.jpg-www.facebook.com.exe has been seen being distributed by the following 7 URLs.

http://huhmagazine.co.uk/?s460eqcpbp=205559a6a2f63ace7

http://huhmagazine.co.uk/?grjzk5eyn0iryn08=68c2a57a4

http://ecuadorenvivo.com/?uj9dzmza=285cf209785f976

http://huhmagazine.co.uk/?z023os4cdqvi8=a3b5167

http://dc675.4shared.com/.../dIAhF2tU

http://www.4shared.com/download/dIAhF2tU/.../cEwKecdZFbttyYoZ

http://huhmagazine.co.uk/?z1x7x07borrvki=11f64ccd1025d

Remove photo_025.jpg-www.facebook.com.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.