Fazala.exe

FelineSoft

The executable Fazala.exe has been detected as malware by 17 anti-virus scanners. While running, it connects to the Internet address www.1fichier.com on port 443.
Publisher:
FelineSoft

Version:
1.0.0.0

MD5:
049e5c27451ffdbcf345e08167a91ab3

SHA-1:
b6b0c1d2a8273d1d360613827ab5c50f80f0e410

SHA-256:
e7591a2c2b14922899c5df08ce734eaedc36fbea59352685749680e5c6268523

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
10/16/2018 8:06:43 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2852969
5731382

Avira AntiVirus
TR/Agent.69632.1007
8.3.2.2

avast!
Win32:Dropper-gen [Drp]
151028-1

Emsisoft Anti-Malware
Trojan.GenericKD.2852969
10.0.0.5366

Fortinet FortiGate
W32/Yakes.NCUW!tr
11/8/2015

F-Secure
Trojan.GenericKD.2852969
5.15.21

G Data
Win32.Trojan.Agent.T2L3R1
15.11.25

IKARUS anti.virus
Trojan.Win32.Yakes
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.17776

Kaspersky
Trojan.Win32.Yakes
15.0.0.562

McAfee
Trojan.Artemis!049E5C27451F
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.209.1970.0

Norman
Trojan.GenericKD.2852969
07.10.2015 03:16:12

Panda Antivirus
Generic Suspicious
15.11.08.10

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.151106

Sophos
Mal/Generic-S
4.98

File size:
68 KB (69,632 bytes)

Product version:
1.0.0.0

Original file name:
Fazala.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\fazala.exe

File PE Metadata
Compilation timestamp:
10/28/2015 10:42:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:PTFc7wJdNl9Pnh1qzkyAxf7nTOg8p1xEG+F2DgDm1kt0lx7y440d4HYJ:PTekdN5sAxxf7nTOg8inF3Reru4zUYJ

Entry address:
0x1470

Entry point:
68, 80, C4, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 44, 04, 20, F3, BC, FE, 0D, 4E, 9A, B2, 0B, 21, F5, A1, 47, 86, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 46, 61, 7A, 61, 6C, 61, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0E, D7, F1, 1F, FA, 3D, F6, EF, 43, 88, 62, 54, E1, 10, 3D, 98, 85, 4C, 92, 7F, FB, 6C, F7, C6, 4F, 93, 4A, E0, C5, 78, 6A, 24, 7B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
56 KB (57,344 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to www.1fichier.com  (5.39.224.140:443)

TCP (HTTP):
Connects to cp-36.webhostbox.net  (208.91.198.26:80)

Remove Fazala.exe - Powered by Reason Core Security