Fazala.exe

FelineSoft

The executable Fazala.exe has been detected as malware by 20 anti-virus scanners. While running, it connects to the Internet address www.1fichier.com on port 443.
Publisher:
FelineSoft

Version:
1.0.0.0

MD5:
049e5c27451ffdbcf345e08167a91ab3

SHA-1:
b6b0c1d2a8273d1d360613827ab5c50f80f0e410

SHA-256:
e7591a2c2b14922899c5df08ce734eaedc36fbea59352685749680e5c6268523

Scanner detections:
20 / 68

Status:
Malware

Analysis date:
6/19/2018 11:17:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2852969
5731382

Avira AntiVirus
TR/Agent.69632.1007
8.3.2.2

Antiy Labs AVL
Trojan/Win32.Yakes
1.0.0.1

avast!
Win32:Dropper-gen [Drp]
151028-1

Emsisoft Anti-Malware
Trojan.GenericKD.2852969
10.0.0.5366

Fortinet FortiGate
W32/Yakes.NCUW!tr
11/8/2015

F-Secure
Trojan.GenericKD.2852969
5.15.21

G Data
Win32.Trojan.Agent.T2L3R1
15.11.25

IKARUS anti.virus
Trojan.Win32.Yakes
t3scan.1.9.5.0

K7 AntiVirus
Riskware
13.212.17776

K7 Gateway Antivirus
Riskware
13.212.17777

Kaspersky
Trojan.Win32.Yakes
15.0.0.562

McAfee
Trojan.Artemis!049E5C27451F
18.0.204.0

McAfee Web Gateway
BehavesLike.Win32.BadFile.kh
7.6587

Microsoft Security Essentials
Threat.Undefined
1.209.1970.0

Norman
Trojan.GenericKD.2852969
07.10.2015 03:16:12

Panda Antivirus
Generic Suspicious
15.11.08.10

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D [F]
23.00.65.151106

Sophos
Mal/Generic-S
4.98

File size:
68 KB (69,632 bytes)

Product version:
1.0.0.0

Original file name:
Fazala.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\fazala.exe

File PE Metadata
Compilation timestamp:
10/28/2015 10:42:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:PTFc7wJdNl9Pnh1qzkyAxf7nTOg8p1xEG+F2DgDm1kt0lx7y440d4HYJ:PTekdN5sAxxf7nTOg8inF3Reru4zUYJ

Entry address:
0x1470

Entry point:
68, 80, C4, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 44, 04, 20, F3, BC, FE, 0D, 4E, 9A, B2, 0B, 21, F5, A1, 47, 86, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 46, 61, 7A, 61, 6C, 61, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 0E, D7, F1, 1F, FA, 3D, F6, EF, 43, 88, 62, 54, E1, 10, 3D, 98, 85, 4C, 92, 7F, FB, 6C, F7, C6, 4F, 93, 4A, E0, C5, 78, 6A, 24, 7B, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00, AA, 00, 60, D3, 93, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
56 KB (57,344 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP SSL):
Connects to www.1fichier.com  (5.39.224.140:443)

TCP (HTTP):
Connects to cp-36.webhostbox.net  (208.91.198.26:80)

Remove Fazala.exe - Powered by Reason Core Security