avast.exe

WinAutomation Job

Created with WinAutomation (http://www.WinAutomation.com)

The executable avast.exe has been detected as malware by 5 anti-virus scanners. While running, it connects to the Internet address p3nlhg304c1304.shr.prod.phx3.secureserver.net on port 80 using the HTTP protocol.
Publisher:
Created with WinAutomation (http://www.WinAutomation.com)

Product:
WinAutomation Job

Version:
3.1.5.637

MD5:
21c6870d2f4337639d116ac0368df11c

SHA-1:
d6603dfd4ae6820647827af0f95033270dd794e4

SHA-256:
929fc66a65569b6c7fe5e72d84b410632fa925ea7bc12a1a1955021ce0812fbc

Scanner detections:
5 / 68

Status:
Malware

Analysis date:
11/6/2024 12:33:05 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Malware-gen
160216-3

Emsisoft Anti-Malware
Gen:Variant.Razy.18738
10.0.0.5366

ESET NOD32
MSIL/Spy.Agent.AKI trojan
8.0.319.0

Kaspersky
Trojan.Win32.Agent.netzbm
15.0.0.562

Norman
Gen:Variant.Razy.18738
17.02.2016 05:18:35

File size:
2.8 MB (2,912,256 bytes)

Product version:
3.1.5.637

Copyright:
Copyright © Softomotive Ltd 2005-2011

Original file name:
tmp7766.tmp

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\avast free antivirus 2016\avast.exe

File PE Metadata
Compilation timestamp:
1/30/2016 4:23:12 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
49152:kiMR9nIhU1cRuVJFgCK73ErErErErErE:qRlIRRKK73ErErErErErE

Entry address:
0x26254E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
5.5833

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
2.4 MB (2,494,464 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to p3nlhg304c1304.shr.prod.phx3.secureserver.net  (50.63.38.1:80)

Remove avast.exe - Powered by Reason Core Security