Associated Malware Groups
The filename is associated with the malware group:
File Behavior
NEW13[n].EXE has been seen to perform the following behavior:
- Enables an In Process Object/Server - Common with DLL Injections
- This process creates other processes on disk
- Executes a Process
- This Process Deletes Other Processes From Disk
- The process hooks code into all running processes which could allow it to take control of the system or record keyboard input, mouse activity and screen contents
- The Process is packed and/or encrypted using a software packing process
- Copies files
- Injects code into other processes
- This Process is a file infector which modifies program files to include a copy of the infection
- Registers a Dynamic Link Library File
- Drops known malicious software during execution
NEW13[n].EXE has been the subject of the following behavior:
- Created as a process on disk
- Executed as a Process
- Deleted as a process from disk
Country Of Origin
The filename NEW13[n].EXE was first seen on Jul 25 2008 in the following geographical regions of the Prevx community:
- SPAIN on Jul 25 2008
- CHINA on Jul 25 2008
- SINGAPORE on Dec 12 2008
File Name Aliases
NEW13[n].EXE can also use the following file names:
- 77870972.EXE
- 21242717.EXE
- HSNSJ.DAT
- QFPSJ.DAT
- DQQSJ.DAT
- HGTSJ.DAT
- 82653096.EXE
- 28480656.EXE
- ADCO13.EXE
- WWMGJ[n].EXE
- 47233166.EXE
- 38226606.EXE
- 58115758.DAT
- 16532935.DAT
- 59965314.EXE
- 76105061.DAT
- 43100876.EXE
Filesizes
The following file size has been seen:
- 19,947 bytes
- 10,752 bytes
- 19,763 bytes
- 14,624 bytes
- 12,354 bytes
- 23,663 bytes
File Type
The filename NEW13[n].EXE refers to many versions of an executable program.
File Activity
One or more files with the name NEW13[n].EXE creates, deletes, copies or moves the following files and folders:
- Copies filec:\windows\system32\sfc_os.dll to c:\windows\system32\mmsfc1.dll
- Moves c:\windows\system32\ComRes.dll to c:\windows\system32\sysgth.dll
- Creates c:\windows\system32\ComRes.dll
- Creates c:\windows\fonts\ComRes.dll
- Creates c:\windows\fonts\gth79326.ttf
- Creates c:\windows\fonts\gth79326.fon
- Copies filec:\windows\system32\rundll32.exe to c:\windows\system32\gth79326.exe
PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.