live.exe

MSN

MXZA

The executable live.exe has been detected as malware by 29 anti-virus scanners. While running, it connects to the Internet address a111.azeelo.com on port 80 using the HTTP protocol.
Publisher:
MXZA

Product:
MSN

Version:
1.00

MD5:
96f9b3cf223e04a781d3f5eae695dcaa

SHA-1:
a32fda1ea5550a8227608a003fc4ccb1572a4ade

SHA-256:
25abfeace29291024b385968da3b6a26dece1f36fd4f8e4c9d0de211d95be257

Scanner detections:
29 / 68

Status:
Malware

Analysis date:
12/25/2024 2:01:39 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.cm0@sb7RdQaiB
366

Agnitum Outpost
Trojan.Clicker
7.1.1

AhnLab V3 Security
Win-Trojan/Agent.40960.AJT
2015.03.08

Avira AntiVirus
TR/Clicker.CZ
7.11.214.168

avast!
Win32:Trojan-gen
2014.9-160203

AVG
PSW.Generic7
2017.0.2844

Baidu Antivirus
Trojan.Win32.Generik
4.0.3.1623

Bitdefender
Gen:Trojan.Heur.cm0@sb7RdQaiB
1.0.20.170

Clam AntiVirus
Win.Trojan.Swisyn-5589
0.98/21511

Comodo Security
TrojWare.Win32.TrojanDownloader.Banload.btw2
21334

Dr.Web
Trojan.Siggen3.7096
9.0.1.034

Emsisoft Anti-Malware
Gen:Trojan.Heur.cm0@sb7RdQaiB
8.16.02.03.04

ESET NOD32
Generik.JULZDYE (variant)
10.11285

Fortinet FortiGate
Malware_fam.A
2/3/2016

F-Secure
Gen:Trojan.Heur.cm0@sb7RdQaiB
11.2016-03-02_4

G Data
Gen:Trojan.Heur.cm0@sb7RdQaiB
16.2.25

IKARUS anti.virus
Trojan.Win32.Swisyn
t3scan.1.8.6.0

K7 AntiVirus
Trojan
13.200.15196

McAfee
Artemis!96F9B3CF223E
5600.6500

Microsoft Security Essentials
TrojanSpy:Win32/Mafod!rts
1.1.11400.0

MicroWorld eScan
Gen:Trojan.Heur.cm0@sb7RdQaiB
17.0.0.102

NANO AntiVirus
Trojan.Win32.Swisyn.bgkphk
0.30.0.296

Norman
Obfuscated.S!genr
11.20160203

Panda Antivirus
Generic Malware
16.02.03.04

Quick Heal
Trojan.Swisyn.r3
2.16.14.00

Sophos
Mal/Generic-L
4.98

VIPRE Antivirus
Trojan.Win32.Generic
38228

ViRobot
Trojan.Win32.A.Swisyn.40960.A[h]
2014.3.20.0

Zillya! Antivirus
Trojan.Swisyn.Win32.5820
2.0.0.2090

File size:
40 KB (40,960 bytes)

Product version:
1.00

Original file name:
live.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\syswow64\live.exe

File PE Metadata
Compilation timestamp:
6/19/2009 8:01:16 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:OiaumBKDyrZmqx7w8voiWg6R3H6b0DryjcMTKDGm:jbm3b+Wpvm

Entry address:
0x14F0

Entry point:
68, 0C, 26, 40, 00, E8, F0, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 5A, 21, CD, EF, 96, DB, 7D, 44, 86, 96, 69, 86, 33, DB, 6E, 11, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 06, 7E, 78, E2, 2F, DE, 1C, 11, 40, 9B, 24, 95, 4B, E1, 62, BD, A1, 5C, 36, 91, A2, EA, 6E, D7, 4D, B8, 0E, 31, 94, 06, DA, FF, 0E, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Entropy:
4.0245

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
24 KB (24,576 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to a111.azeelo.com  (75.101.154.123:80)

Remove live.exe - Powered by Reason Core Security