Wednesday, December 26, 2007

NEW FOLDER.EXE Dangerous

versions of an executable program.
The most common file size is 107,520 bytes. But the following file sizes have also been seen:
172,032 bytes
222,461 bytes
272,131 bytes
197,120 bytes
106,496 bytes


The filename NEW FOLDER.EXE refers to many The unsafe files using this name are associated with the malware group WORM.VB.NLJ.Some files using the name NEW FOLDER.EXE are also associated with the malware groups:
WORM.SOHANAT.AB
SystemPoser:Trojan-c
These files have no vendor, product or version information specified in the file header.
NEW FOLDER.EXE has been seen to perform the following behavior(s):
The Process is packed and/or encrypted using a software packing process
Disables Access to the Windows Registry Editior
Modifies Windows Security Policies to restrict/expand User Privlidges on the machine
Disables Access to the Task Manager built into Windows
Adds a Registry Key (RUN) to auto start Programs on system start up
Disables the built in Windows File Protection System
This Process Creates Other Processes On Disk
This Process Deletes Other Processes From Disk
Executes a Process
Terminates Processes
Writes to another Process's Virtual Memory (Process Hijacking)
Can communicate with other computer systems using HTTP protocols
Registers a Dynamic Link Library File
Changes the Internet Explorer Home Page Settings
Changes of IE options including home page, security tab, colour, font, advanced, menu
Disables the Built in Windows System Restore Feature
Adds a Link in the Start Menu
NEW FOLDER.EXE has been the subject of the following behavior(s):
Created as a process on disk
Executed as a Process
Added as a Registry auto start to load Program on Boot up
Writes to another Process's Virtual Memory (Process Hijacking)
Executed by Internet Explorer
Deleted as a process from disk
Terminated as a Process
Added as a Link in the Start Menu
NEW FOLDER.EXE can also use the following file names:

SVICHOSSST.EXE
JSA CO2 AREA.EXE
WORKING.EXE
DEHYDRATION SKID TESTING.EXE
10.31.38.03 FIRST AID PRESENTATION.EXE
WORK RELATED INJURIES.EXE
ELECTRICITY.EXE
AFZAL DATA.EXE
AFZAL CV NEW.EXE
FIRST AID PRESENTATION.EXE
TOTAL POSTER.EXE
LEVEL 2 - SOP.EXE
FALLS & FALLING OBJECTS.EXE
ACCESS.EXE
CHEMICALS.EXE
SUPERVISOR SKILPATH.EXE
FIRE.EXE
PPE.EXE
NEW SIGNS.EXE
TOOLBOX TOPICS.EXE
SUPERVISION WORKSHOP.EXE
SOP-FORMET.EXE
SUP TRAINING PPTA.EXE
FORMATS.EXE
RIGGING MANUAL.EXE
SAFETY LEADERSHIP.EXE
PRESENTATIONS.EXE
PLAN-METHOD STATEMENT.EXE
HSE PLANE.EXE
MSDS.EXE
OSHA.DOMENO THEORY.EXE
TERRENSFIN.EXE
DOMINO THEORY.EXE
T&J SAFETY & QUALITY PLAN.EXE
SST.EXE
OSHA 10 HOUR.EXE
SUPERVISOR 40 HOUR TRAINING.EXE
OSHA 10 HOURS.EXE
OSHA FILE.EXE
PMT STANDERED.EXE
OSHA GUIDE.EXE
JCP SAFETY MANUAL.EXE
ERGONOMICS FACT SHEET_FILES.EXE
NET SAFETY.EXE
EMERGENCY RESPONSE PLAN_FILES.EXE
HIGHLY REACTIVE CHEMICALS_FILES.EXE
INDEX - TRAINING - SAFETY SESSIONS_FILES.EXE
PROCESS SAFETY MANAGEMENT - INTRODUCTION_FILES.EXE
URDU.EXE
FIRE EXTINGUISHER TRAING OUTLINE_FILES.EXE
GENERAL SAFETY INSPECTION_FILES.EXE
IAQ - SICK BUILDING SYNDROME_FILES.EXE
FLEET MANAGEMENT - ACCIDENT PREVENTION_FILES.EXE
EYE WASH AND EMERGENCY SHOWERS_FILES.EXE
M A J.EXE
KSAJEEL.EXE
ISO.EXE
JSA MECH.EXE
INCIDENT REPORTS.EXE
CERTIFICATE.EXE
2007-09 (SEP).EXE
DEL DOC. TRANING.EXE
RVHOST.EXE
MSTAN.EXE
RICOH.EXE
DD1.EXE
WEEKLY SCHEDULE 07.EXE
POCKETGUIDE.EXE
JULY DAILY REPORT.EXE
JULY07.EXE
EXPLORE.EXE
WORM2007[1].EXE
LSASS.EXE
SVCHOST32.EXE
PPQ5A.TMP
BOOT.EXE
MSCONFIG.EXE
CALENDARS.EXE
WINDOWS EXPLORER.EXE
TOP PICTURES.EXE
DC3.EXE
DC4.EXE

Artikel yang Berkaitan

0 komentar:

Post a Comment