» NewFolder.exe
Overview
Analysis
File Details
Behaviors (1)
Network (1)

NewFolder.exe

winexploer

The executable NewFolder.exe has been detected as malware by 3 anti-virus scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘win’. While running, it connects to the Internet address fm.interiowo.pl on port 80 using the HTTP protocol.

File name:

NewFolder.exe

Product:

winexploer

Version:

1.00

MD5:

fa18c7f979345699782163dfbb22feda

SHA-1:

6fa01646ded9f2fc1c1b587f60bb465ff854916d

SHA-256:

a57e7093c9dec9c478489eb28e61177d0f2df4f18492f1fd186a8440ae596707

Scanner detections:

3 / 68

Status:

Malware

Analysis date:

11/27/2024 3:49:10 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:VxBehav

160917-0

Clam AntiVirus

Win.Worm.VB-71924

0.98/23175

F-Prot

W32/MalwareS.ZKB

4.6.5.141

File size:

316 KB (323,584 bytes)

Product version:

1.00

Original file name:

NewFolder.exe

File type:

Executable application (Win32 EXE)

File PE Metadata

Compilation timestamp:

8/25/2006 11:41:21 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

Entry address:

0x4D8F9

Entry point:

83, 3C, 24, FE, 77, FE, 8D, 64, 24, CC, 60, 83, EC, DC, E8, 8C, FE, FF, FF, 18, F8, 4B, 66, 4B, FC, B9, 3E, 41, 6D, B4, 8B, C0, 75, F4, 80, DC, 9E, 4F, 87, FF, FF, 73, 3C, 59, 4A, 81, E9, FD, FF, FF, 7F, 73, E0, 86, C2, F6, D4, F7, D7, 87, D2, 81, D9, E6, 13, 00, 00, 71, D0, 24, FF, 84, CA, FF, B4, 19, E4, 13, 00, 80, 83, C4, 04, B4, 0B, 66, 81, 44, 24, FC, B0, BA, 75, B7, 86, E1, F7, D2, 8D, 02, 42, 80, CE, 96, 40, 68, 59, AF, 0E, C1, E8, 56, FE, FF, FF, 89, 74, 24, 44, FE, C4, E8, 8C, FE, FF, FF, 89, 44... 
[+]

Entropy:

5.1637

Code size:

36 KB (36,864 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

win

Command:

C:\windows\newfolder.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to fm.interiowo.pl (217.74.66.160:80)

Remove NewFolder.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.