palla by palavia free.exe

The executable palla by palavia free.exe has been detected as malware by 17 anti-virus scanners. While running, it connects to the Internet address s83.ucoz.net on port 80 using the HTTP protocol.
MD5:
52bdbcb35063de47a59b1c691703f7b9

SHA-1:
0441e9eea331a3b94b5d0ed61c28db22d87a46e8

SHA-256:
96907bf10195e4195b9279b8ff34ea8a768b91ebc611becbe474fb6ba65fed6c

Scanner detections:
17 / 68

Status:
Malware

Analysis date:
12/25/2024 12:49:21 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Kazy.3810816
8.3.2.4

avast!
Win32:Malware-gen
2014.9-160225

Baidu Antivirus
Hacktool.Win32.NoobyProtect
4.0.3.16225

Bkav FE
HW32.Packed
1.3.0.7400

Comodo Security
UnclassifiedMalware
23992

ESET NOD32
Win32/Packed.NoobyProtect.Q suspicious (variant)
10.12896

Fortinet FortiGate
PossibleThreat
2/25/2016

K7 AntiVirus
Trojan
13.212.18477

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.606

Malwarebytes
Trojan.Agent.AutoIt
v2016.02.25.09

McAfee
Artemis!52BDBCB35063
5600.6478

NANO AntiVirus
Virus.Win32.Gen.ccmw
1.0.14.5380

Qihoo 360 Security
HEUR/QVM19.1.Malware.Gen
1.0.0.1077

Rising Antivirus
PE:Malware.Generic(Thunder)!1.A1C4 [F]
23.00.65.16223

Sophos
Generic PUA AE (PUA)
4.98

Trend Micro
TROJ_GEN.R000C0EHB15
10.465.25

VIPRE Antivirus
Trojan.Win32.Generic
46628

File size:
3.6 MB (3,810,816 bytes)

File type:
Executable application (Win32 EXE)

Language:
English

File PE Metadata
Compilation timestamp:
7/18/2015 10:27:03 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:dBZg6Tn8dgVH/s5UHUM8ZoIExhUpT2O6TgZ2RUkYyWzNfhFNrhwL8qYU:VGdgV0OW9ExupTm+CWJNGL8C

Entry address:
0x3971B8

Entry point:
EB, 08, 00, 06, 3A, 00, 00, 00, 00, 00, E9, 21, 0D, 00, 00, B9, 98, FB, D2, 4D, 66, 8F, 44, 24, 07, 8D, 64, 24, 01, F6, D9, BB, CD, D2, 9B, E1, 66, F7, DF, 66, D3, EF, EB, C2, 58, 2D, 14, 70, 79, 00, 83, B8, 12, 50, 52, 00, 00, EB, 44, CC, 5E, CC, AB, 66, 84, 3E, B3, 23, 46, B5, 5A, 36, 21, 8D, 1C, 2A, 66, BB, 93, C4, 4B, 8B, 5C, 24, 1B, 8D, 64, 24, 34, 9D, EB, 04, 60, A3, DA, 35, 68, 95, 6A, 58, 6A, 81, 04, 24, 11, 00, FA, 95, E8, 1E, 00, 00, 00, 36, A6, 34, 53, AE, 09, 44, DB, 4B, 2E, DD, 2A, BE, 89, 0F...
 
[+]

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to s83.ucoz.net  (195.216.243.83:80)

Remove palla by palavia free.exe - Powered by Reason Core Security