» Fazala.exe
Overview
Analysis
File Details
Network (2)

Fazala.exe

FelineSoft

The executable Fazala.exe has been detected as malware by 17 anti-virus scanners. While running, it connects to the Internet address www.1fichier.com on port 443.

File name:

Fazala.exe

Publisher:

FelineSoft

Version:

1.0.0.0

MD5:

049e5c27451ffdbcf345e08167a91ab3

SHA-1:

b6b0c1d2a8273d1d360613827ab5c50f80f0e410

SHA-256:

e7591a2c2b14922899c5df08ce734eaedc36fbea59352685749680e5c6268523

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/26/2024 1:23:19 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.GenericKD.2852969

5731382

Avira AntiVirus

TR/Agent.69632.1007

8.3.2.2

avast!

Win32:Dropper-gen [Drp]

151028-1

Emsisoft Anti-Malware

Trojan.GenericKD.2852969

10.0.0.5366

Fortinet FortiGate

W32/Yakes.NCUW!tr

11/8/2015

F-Secure

Trojan.GenericKD.2852969

5.15.21

G Data

Win32.Trojan.Agent.T2L3R1

15.11.25

IKARUS anti.virus

Trojan.Win32.Yakes

t3scan.1.9.5.0

K7 AntiVirus

Riskware

13.212.17776

Kaspersky

Trojan.Win32.Yakes

15.0.0.562

McAfee

Trojan.Artemis!049E5C27451F

18.0.204.0

Microsoft Security Essentials

Threat.Undefined

1.209.1970.0

Norman

Trojan.GenericKD.2852969

07.10.2015 03:16:12

Panda Antivirus

Generic Suspicious

15.11.08.10

Qihoo 360 Security

HEUR/QVM03.0.Malware.Gen

1.0.0.1077

Rising Antivirus

PE:Malware.Generic/QRS!1.9E2D [F]

23.00.65.151106

Sophos

Mal/Generic-S

4.98

File size:

68 KB (69,632 bytes)

Product version:

1.0.0.0

Original file name:

Fazala.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\roaming\fazala.exe

File PE Metadata

Compilation timestamp:

10/28/2015 10:42:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:PTFc7wJdNl9Pnh1qzkyAxf7nTOg8p1xEG+F2DgDm1kt0lx7y440d4HYJ:PTekdN5sAxxf7nTOg8inF3Reru4zUYJ

Entry address:

0x1470

Entry point:

68, 80, C4, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 44, 04, 20, F3, BC, FE, 0D, 4E, 9A, B2, 0B, 21, F5, A1, 47, 86, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 46, 61, 7A, 61, 6C, 61, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0E, D7, F1, 1F, FA, 3D, F6, EF, 43, 88, 62, 54, E1, 10, 3D, 98, 85, 4C, 92, 7F, FB, 6C, F7, C6, 4F, 93, 4A, E0, C5, 78, 6A, 24, 7B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0/v6.0

Code size:

56 KB (57,344 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):

Connects to www.1fichier.com (5.39.224.140:443)

TCP (HTTP):

Connects to cp-36.webhostbox.net (208.91.198.26:80)

Remove Fazala.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.