new.exe

WindowsApplication1

Karim Lammali

The executable new.exe has been detected as malware by 1 anti-virus scanner. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘5cd8f17f4086744065eb0992a09e05a2’.
Publisher:
Karim Lammali  (signed and verified)

Product:
WindowsApplication1

Version:
1.0.0.0

MD5:
aab608898e7b47b8ca26e793940c805e

SHA-1:
112c6a62a1db37646599316cd3152b014f3a14d5

SHA-256:
bd0ca051a5cf6ea656a42b0a7f5e868825c5653e05a2132cbe8f7a436a8f54a8

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
8/17/2018 12:28:43 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
Trojan.Startup (M)
16.7.26.18

File size:
333.9 KB (341,904 bytes)

Product version:
1.0.0.0

Copyright:
Copyright © 2014

Original file name:
new.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Digital Signature
Signed by:

Authority:
DigiCert Inc

Valid from:
3/18/2013 7:00:00 AM

Valid to:
5/21/2014 7:00:00 PM

Subject:
CN=Karim Lammali, O=Karim Lammali, L=Besançon, C=FR

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
06477E3425F1448995CED539789E6842

File PE Metadata
Compilation timestamp:
2/4/2014 6:07:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
6144:PQYb49KhWoK36YH9Q757rv9tcfjzg/4fBzqdM:oNoKKEa5C9

Entry address:
0x5085E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.1847

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
314.5 KB (322,048 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
5cd8f17f4086744065eb0992a09e05a2

Command:
"C:\users\{user}\appdata\local\temp\trojan.exe"..


Remove new.exe - Powered by Reason Core Security