» njw0rm.exe
Overview
Analysis
File Details
Behaviors (1)

njw0rm.exe

The executable njw0rm.exe has been detected as malware by 29 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘njw0rm.exe’.

File name:

njw0rm.exe

Version:

3, 3, 8, 1

MD5:

ed99d6326220338e6d887d70368f0995

SHA-1:

e1d5c42766493c733779ce318fa2325fcd31da07

SHA-256:

2c6c071d4ab8a493ca41fa8fbb3144bfae4fec301e30a74251f2347f27e15883

Scanner detections:

29 / 68

Status:

Malware

Analysis date:

4/25/2024 10:17:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Trojan.Heur.AutoIT.10

920

AhnLab V3 Security

Trojan/Win32.Genome

14.07.29

Avira AntiVirus

TR/Drop.Autoit.bjn.5

7.11.150.126

AVG

Generic8_c

2015.0.3398

Baidu Antivirus

Trojan.Win32.Autoit

4.0.3.14729

Bitdefender

Gen:Trojan.Heur.AutoIT.10

1.0.20.1050

Clam AntiVirus

Win.Trojan.Autoit-371

0.98/213

Comodo Security

UnclassifiedMalware

18303

Dr.Web

Win32.HLLW.Lime.3343

9.0.1.0210

Emsisoft Anti-Malware

Gen:Trojan.Heur.AutoIT.10

8.14.07.29.09

ESET NOD32

Win32/Autoit.IV

8.9822

Fortinet FortiGate

W32/Autoit.BJN!tr

7/29/2014

F-Secure

Gen:Trojan.Heur.AutoIT.10

11.2014-29-07_3

G Data

Gen:Trojan.Heur.AutoIT.10

14.7.24

IKARUS anti.virus

Trojan-Spy.Win32.Zbot

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.177.12128

Kaspersky

Trojan-Dropper.Win32.Autoit

14.0.0.3485

McAfee

RDN/Generic Dropper!qh

5600.7054

MicroWorld eScan

Gen:Trojan.Heur.AutoIT.10

15.0.0.630

NANO AntiVirus

Trojan.Win32.Autoit.cxnzkp

0.28.0.59921

Norman

Autoit.VVB

11.20140729

Panda Antivirus

Trj/CI.A

14.07.29.09

Qihoo 360 Security

Win32/Trojan.Dropper.819

1.0.0.1015

Quick Heal

Trojan.Agent.r4

7.14.14.00

Sophos

Mal/Generic-S

4.98

SUPERAntiSpyware

Trojan.Agent/Gen-Inject

10453

Trend Micro House Call

TROJ_SPNV.01L513

7.2.210

Vba32 AntiVirus

Trojan.Autoit.Wirus

3.12.26.0

VIPRE Antivirus

Trojan.Win32.Generic

29398

File size:

742 KB (759,781 bytes)

File type:

Executable application (Win32 EXE)

Language:

English (United Kingdom)

Common path:

C:\users\{user}\appdata\roaming\microsoft\windows\start menu\programs\startup\njw0rm.exe

File PE Metadata

Compilation timestamp:

1/30/2012 12:32:28 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:ChkDgouVr2nxKkorvdRgQriDwOIxmxiZnYQE7PJcy4avraBg6Rfc3DJS:iRRJkcoQricOIQxiZY1UavraBgcc3DJS

Entry address:

0x165C1

Entry point:

E8, 16, 90, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 24, 97, 4A, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, DD, 03, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 67, 41, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8... 
[+]

Entropy:

6.4326

Code size:

514 KB (526,336 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

njw0rm.exe

Command:

"C:\users\{user}\appdata\roaming\njw0rm.exe"

Remove njw0rm.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.