home

new folder.exe

The executable new folder.exe has been detected as malware by 37 anti-virus scanners.
Version:
6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)

MD5:
d4b8352beaf80163535df2a23826b11a

SHA-1:
5170843a95654f0b1ab80ba96178c804f744b988

SHA-256:
8d4602cf3f06a266c1fc0fce1fcf1ce1c56cb3dcc6f5e8cbaa6dbbb9e60c4c09

Scanner detections:
37 / 68

Status:
Malware

Analysis date:
4/25/2024 9:59:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur.AutoIT.2
577

Agnitum Outpost
Trojan.Autorun
7.1.1

AhnLab V3 Security
HEUR/Fakon.mwf
2015.02.08

Avira AntiVirus
W32/Singanutre
7.11.208.112

avast!
Win32:Jadtre-F
2014.9-150707

AVG
Win32/Agent
2016.0.3055

Baidu Antivirus
Virus.Win32.Bototer
4.0.3.1577

Bitdefender
Gen:Trojan.Heur.AutoIT.2
1.0.20.940

Comodo Security
TrojWare.Win32.Injector.XEM
20995

Dr.Web
Trojan.StartPage.39200
9.0.1.0188

Emsisoft Anti-Malware
Gen:Trojan.Heur.AutoIT
8.15.07.07.02

ESET NOD32
Win32/Autoit.EB
9.11138

Fortinet FortiGate
W32/AutoVt.AAAD!tr
7/7/2015

F-Prot
W32/AutoIt.AG.gen
v6.4.7.1.166

F-Secure
Gen:Trojan.Heur.AutoIT.2
11.2015-07-07_3

G Data
Gen:Trojan.Heur.AutoIT
15.7.25

IKARUS anti.virus
Worm.Win32.AutoIt
t3scan.1.8.6.0

K7 AntiVirus
EmailWorm
13.193.14895

Kaspersky
Worm.Win32.AutoRun
14.0.0.1772

Malwarebytes
Worm.AutoRun.FLD
v2015.07.07.02

McAfee
W32/Tupym.worm
5600.6711

Microsoft Security Essentials
Worm:Win32/Tupym.B
1.1.11302.0

MicroWorld eScan
Gen:Trojan.Heur.AutoIT.2
16.0.0.564

NANO AntiVirus
Trojan.Win32.Agent.ycbt
0.30.0.65070

Norman
Obfuscated.H5!genr
11.20150707

Panda Antivirus
Trj/OCJ.A
15.07.07.02

Qihoo 360 Security
Malware.Radar01.Gen
1.0.0.1015

Quick Heal
Worm.Tupym.A5
7.15.14.00

Rising Antivirus
PE:Worm.VobfusEx!1.99DF
23.00.65.15705

Sophos
W32/AutoRun-BUC
4.98

Total Defense
Win32/FakeFLDR_i
37.0.11427

Trend Micro House Call
WORM_SOHAND.SM
7.2.188

Trend Micro
WORM_SOHAND.SM
10.465.07

Vba32 AntiVirus
Trojan-Downloader.Autoit.gen
3.12.26.3

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
37332

ViRobot
Worm.Win32.A.AutoRun.1167872.B[h]
2014.3.20.0

Zillya! Antivirus
Worm.Autorun.Win32.79560
2.0.0.2056

File size:
1.1 MB (1,167,872 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United Kingdom)

File PE Metadata
Compilation timestamp:
12/24/2008 1:00:07 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:SpqiC/2OGAtkCP4cejGSOpRK3C1SVt78kd+zB3WbsO:Spo/2+ttPJLfpRK3C1SVt78k8fO

Entry address:
0x17770

Entry point:
E8, C4, AF, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 88, DA, 47, 00, 8B, 09, 83, 60, 08, 00, 89, 48, 04, 5D, C2, 08, 00, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 56, 8B, F1, C7, 06, 88, DA, 47, 00, 8B, 43, 08, 89, 46, 08, 85, C0, 8B, 43, 04, 57, 74, 31, 85, C0, 74, 27, 50, E8, EF, D3, FF, FF, 8B, F8, 47, 57, E8, 10, D3, FF, FF, 59, 59, 89, 46, 04, 85, C0, 74, 18, FF, 73, 04, 57, 50, E8, F2, AF, 00, 00, 83, C4, 0C, EB, 09, 83, 66, 04, 00, EB, 03, 89, 46, 04, 5F, 8B, C6, 5E, 5B...
 
[+]

Entropy:
5.8513

Code size:
847.5 KB (867,840 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-52-76-130-169.ap-southeast-1.compute.amazonaws.com  (52.76.130.169:80)

Remove new folder.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.