» new folder.exe
Overview
Analysis
File Details
Behaviors (1)

new folder.exe

The executable new folder.exe has been detected as malware by 29 anti-virus scanners. It runs as a scheduled task under the Windows Task Scheduler.

File name:

new folder.exe

MD5:

e3903934cef7c43556dad416bbf60e93

SHA-1:

2937581b07682df6e6d20474230bd7428e35cd9a

SHA-256:

384ed2409cf53e5b1c7c35b2446da807255de5ce6b3fb27f4980e7fa19452bc0

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/26/2024 8:31:20 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Worm/Win32.AutoIt

2012.10.16

Avira AntiVirus

TR/Dropper.Gen

7.11.46.46

avast!

AutoIt:AutoRun-B@BC [Wrm]

2014.9-141101

AVG

Worm/AutoRun

2015.0.3304

Bitdefender

Gen:Trojan.Heur.AutoIT.2

1.0.20.1525

Comodo Security

Heur.Suspicious

13872

Dr.Web

Win32.HLLW.Autoruner.7345

9.0.1.0305

ESET NOD32

Win32/Sohanad.NCB

8.7588

Fortinet FortiGate

W32/AutoIt.A!worm

11/1/2014

F-Prot

W32/AutoIt.AF.gen

v6.4.6.5.141

F-Secure

Gen:Trojan.Heur.AutoIT.2

11.2014-01-11_7

G Data

Gen:Trojan.Heur.AutoIT

14.11.22

IKARUS anti.virus

Worm.Win32.AutoIt

t3scan.1.1.122.0

K7 AntiVirus

EmailWorm

13.153.7736

Kaspersky

Worm.Win32.AutoIt

14.0.0.3014

McAfee

W32/YahLover.worm.gen

5600.6960

Microsoft Security Essentials

Worm:Win32/Nuqel.AV

1.163.1557.0

Norman

W32/Obfuscated.H3!genr

11.20141101

nProtect

Trojan/W32.Agent.1235420

12.10.15.01

Panda Antivirus

Trj/Autoit.gen

14.11.01.05

Quick Heal

Trojan.AutoIt.gen

11.14.12.00

Rising Antivirus

Trojan.Win32.Generic.12E5E6CB

23.00.65.141030

Sophos

Mal/Sohana-A

4.81

Total Defense

Win32/Yahlover.IN

37.0.10118

Trend Micro House Call

WORM_SOHAND.SM

7.2.305

Trend Micro

WORM_SOHAND.SM

10.465.01

Vba32 AntiVirus

Trojan-Downloader.Autoit.gen

3.12.18.2

VIPRE Antivirus

Trojan.Win32.Generic

13536

ViRobot

Worm.Win32.A.AutoIt.1235420.H

2011.4.7.4223

File size:

1.2 MB (1,235,420 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

File PE Metadata

Compilation timestamp:

11/25/2007 4:21:46 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:xJeJfAqkjp98zHpieTvCef8V543IJ+Frt+IToydr1EN:/eJfAJGpLLCeQTAgQN6

Entry address:

0x53E3D

Entry point:

E8, 58, B1, 00, 00, E9, 17, FE, FF, FF, B8, BB, FA, 45, 00, A3, 28, 6D, 47, 00, C7, 05, 2C, 6D, 47, 00, B7, F1, 45, 00, C7, 05, 30, 6D, 47, 00, 75, F1, 45, 00, C7, 05, 34, 6D, 47, 00, A9, F1, 45, 00, C7, 05, 38, 6D, 47, 00, 1F, F1, 45, 00, A3, 3C, 6D, 47, 00, C7, 05, 40, 6D, 47, 00, 35, FA, 45, 00, C7, 05, 44, 6D, 47, 00, 35, F1, 45, 00, C7, 05, 48, 6D, 47, 00, 9F, F0, 45, 00, C7, 05, 4C, 6D, 47, 00, 2E, F0, 45, 00, C3, E8, 9B, FF, FF, FF, E8, 90, BC, 00, 00, 83, 7C, 24, 04, 00, A3, 34, 8A, 47, 00, 74, 05... 
[+]

Entropy:

7.3053

Code size:

404.5 KB (414,208 bytes)

Scheduled Task

Task name:

At1

Trigger:

Weekly (Runs weekly on Sundays at 9:00)

Remove new folder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.