avast.exe

The executable avast.exe has been detected as malware by 24 anti-virus scanners. While running, it connects to the Internet address sage.parklogic.com on port 80 using the HTTP protocol.
MD5:
e2a4736d2b364a82f4fc66ca3eb19ec6

SHA-1:
ceaad9c7008eac6467c8e5a83249313d5f315c9b

SHA-256:
095efd1050b5794b6e080bc6c7b06e65fc11ada79e779923ee2bccc8fd83f574

Scanner detections:
24 / 68

Status:
Malware

Analysis date:
1/22/2018 5:33:59 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.375324
5697958

Avira AntiVirus
TR/Drop.Agent.985.AB
8.3.1.6

Antiy Labs AVL
Worm[:HEUR]/Win32.Unknown
1.0.0.1

Arcabit
Trojan.Kazy.D5BA1C
1.0.0.425

avast!
Win32:Malware-gen
150602-1

AVG
Agent4
2016.0.3085

Baidu Antivirus
Worm.Win32.Agent
4.0.3.1567

Bitdefender
Gen:Variant.Kazy.375324
1.0.20.790

Dr.Web
Trojan.DownLoader10.42760
9.0.1.05190

Emsisoft Anti-Malware
Gen:Variant.Kazy.375324
10.0.0.5366

ESET NOD32
Win32/Agent.NPD worm
7.0.302.0

F-Secure
Gen:Variant.Kazy.375324
5.14.151

G Data
Gen:Variant.Kazy.375324
15.6.25

Kaspersky
HEUR:Worm.Win32.Generic
14.0.0.1921

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
331020.49267

MicroWorld eScan
Gen:Variant.Kazy.375324
16.0.0.474

NANO AntiVirus
Trojan.Win32.Cosmu.csbsnl
0.30.24.1636

Norman
Gen:Variant.Kazy.375324
02.06.2015 14:23:46

Qihoo 360 Security
Win32/Trojan.005
1.0.0.1015

Reason Heuristics
Threat.Win.Reputation.IMP
15.6.8.23

The Hacker
Posible_Worm32
6.8.0.5.575

Trend Micro House Call
TROJ_GEN.R0C1C0OD915
7.2.158

Trend Micro
TROJ_GEN.R0C1C0OD915
10.465.07

Zillya! Antivirus
Trojan.Cosmu.Win32.13449
2.0.0.2211

File size:
122.5 KB (125,440 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
10/4/2013 6:37:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
5.0

CTPH (ssdeep):
1536:kybVKnHlqLhd2zM3bzZGMG5ULHdvTmVuRkaJ96eRVq3yPVS+Z:kJmhIQ3XZGF5rVKY3kS+

Entry address:
0x3B610

Entry point:
60, BE, 00, E0, 42, 00, 8D, BE, 00, 30, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75...
 
[+]

Packer / compiler:
UPX 2.90LZMA

Code size:
56 KB (57,344 bytes)

User Start Menu Item
Name:
AVAST.exe


The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to sage.parklogic.com  (69.39.236.56:80)

Remove avast.exe - Powered by Reason Core Security