» avast.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

avast.exe

The executable avast.exe has been detected as malware by 21 anti-virus scanners. While running, it connects to the Internet address sage.parklogic.com on port 80 using the HTTP protocol.

File name:

avast.exe

MD5:

e2a4736d2b364a82f4fc66ca3eb19ec6

SHA-1:

ceaad9c7008eac6467c8e5a83249313d5f315c9b

SHA-256:

095efd1050b5794b6e080bc6c7b06e65fc11ada79e779923ee2bccc8fd83f574

Scanner detections:

21 / 68

Status:

Malware

Analysis date:

4/19/2024 5:28:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.375324

5697958

Avira AntiVirus

TR/Drop.Agent.985.AB

8.3.1.6

Arcabit

Trojan.Kazy.D5BA1C

1.0.0.425

avast!

Win32:Malware-gen

150602-1

AVG

Agent4

2016.0.3085

Baidu Antivirus

Worm.Win32.Agent

4.0.3.1567

Bitdefender

Gen:Variant.Kazy.375324

1.0.20.790

Dr.Web

Trojan.DownLoader10.42760

9.0.1.05190

Emsisoft Anti-Malware

Gen:Variant.Kazy.375324

10.0.0.5366

ESET NOD32

Win32/Agent.NPD worm

7.0.302.0

F-Secure

Gen:Variant.Kazy.375324

5.14.151

G Data

Gen:Variant.Kazy.375324

15.6.25

Kaspersky

HEUR:Worm.Win32.Generic

14.0.0.1921

MicroWorld eScan

Gen:Variant.Kazy.375324

16.0.0.474

NANO AntiVirus

Trojan.Win32.Cosmu.csbsnl

0.30.24.1636

Norman

Gen:Variant.Kazy.375324

02.06.2015 14:23:46

Qihoo 360 Security

Win32/Trojan.005

1.0.0.1015

Reason Heuristics

Threat.Win.Reputation.IMP

15.6.8.23

Trend Micro House Call

TROJ_GEN.R0C1C0OD915

7.2.158

Trend Micro

TROJ_GEN.R0C1C0OD915

10.465.07

Zillya! Antivirus

Trojan.Cosmu.Win32.13449

2.0.0.2211

File size:

122.5 KB (125,440 bytes)

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

10/4/2013 6:37:48 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

5.0

CTPH (ssdeep):

1536:kybVKnHlqLhd2zM3bzZGMG5ULHdvTmVuRkaJ96eRVq3yPVS+Z:kJmhIQ3XZGF5rVKY3kS+

Entry address:

0x3B610

Entry point:

60, BE, 00, E0, 42, 00, 8D, BE, 00, 30, FD, FF, 57, 83, CD, FF, EB, 10, 90, 90, 90, 90, 90, 90, 8A, 06, 46, 88, 07, 47, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 72, ED, B8, 01, 00, 00, 00, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C0, 01, DB, 73, EF, 75, 09, 8B, 1E, 83, EE, FC, 11, DB, 73, E4, 31, C9, 83, E8, 03, 72, 0D, C1, E0, 08, 8A, 06, 46, 83, F0, FF, 74, 74, 89, C5, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 01, DB, 75, 07, 8B, 1E, 83, EE, FC, 11, DB, 11, C9, 75, 20, 41, 01, DB, 75... 
[+]

Packer / compiler:

UPX 2.90LZMA

Code size:

56 KB (57,344 bytes)

User Start Menu Item

Name:

AVAST.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to sage.parklogic.com (69.39.236.56:80)

Remove avast.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.