badnotepad[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

badnotepad.zip
Size

164KB
MD5

4f911f0aac3ce2042403aed9ad09b4c7
SHA1

29b67f1fe111c62f7891d0fd1e94189325822a6e
SHA256

928e353b9371772911b979b22676103186b1ec3c58846c7a7a9f9f9cf1d75f8a
SHA512

25dc831cd7301aa8bb4b9d2415d46b8aaf38ffc2de14e5d5ffdcd9ee06d1b4ccfeb41cc0afa6b29a8c92328084bb1d6505abb87d8d6dda4920c2edaa7ad60d35
SSDEEP

3072:0kSocDPK0oelgqh1OfQLaMSVHjudGwzXK8j8ZEK4W3RXrWbwxKl9+nIFKaCkNGM:h7cbK1elVmZMSVDGGwrKZZLpHxM9+4Kq

Score

1^/10

Malware Config

Signatures

Files

badnotepad.zip
.zip

Password: infected
notepad.exe
.exe windows x64

c8922be3dcdfeb5994c9eee7745dc22e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
GetTokenInformation
DuplicateEncryptionInfoFile
RegSetValueExW
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyExW
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
IsTextUnicode
DecryptFileW

kernel32

GetACP
LocalUnlock
DeleteFileW
SetEndOfFile
GetFullPathNameW
GetFileAttributesExW
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
LocalReAlloc
UnmapViewOfFile
LocalSize
GetStartupInfoW
FindNLSString
LocalLock
GlobalUnlock
GlobalAlloc
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DebugBreak
IsDebuggerPresent
GetLastError
GetFileAttributesW
WriteFile
SetLastError
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetUserDefaultUILanguage
FoldStringW
FormatMessageW
FindClose
FindFirstFileW
lstrcmpW
FreeLibrary
GetCurrentProcessId
HeapSetInformation
GetCommandLineW
GetCurrentProcess
MulDiv
GetLocaleInfoW
GlobalFree
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
GetModuleHandleW
LocalAlloc
LocalFree
CloseHandle
ReadFile
CreateFileW
SetErrorMode
lstrcmpiW
GlobalLock

gdi32

StartPage
StartDocW
SetAbortProc
DeleteDC
CreateDCW
AbortDoc
EndPage
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetTextExtentPoint32W
TextOutW
EnumFontsW
GetTextFaceW
SelectObject
DeleteObject
CreateFontIndirectW
GetDeviceCaps
EndDoc

user32

SetWinEventHook
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWinEvent
SetWindowTextW
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
WinHelpW
GetCursorPos
ScreenToClient
GetKeyboardLayout
GetParent
SetScrollPos
InvalidateRect
UpdateWindow
GetWindowPlacement
SetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
CreateWindowExW
RegisterWindowMessageW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowLongW
PeekMessageW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
CharNextW
RedrawWindow
SetWindowPos
GetDlgCtrlID
GetForegroundWindow
DestroyWindow
MessageBeep
PostQuitMessage
SetFocus
IsIconic
DefWindowProcW
LoadStringW
SetActiveWindow
SetCursor
GetDpiForWindow
ReleaseDC
ChildWindowFromPoint
ShowWindow
EnableMenuItem
GetSubMenu
CheckMenuItem
GetMenu
MessageBoxW
DialogBoxParamW
PostMessageW
SetThreadDpiAwarenessContext
MoveWindow
GetClientRect
SendMessageW
GetDC
GetFocus
LoadIconW
LoadImageW

msvcrt

_lock
_commode
_fmode
_acmdln
__dllonexit
__setusermatherr
_onexit
memcpy
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
memcpy_s
iswctype
wcsnlen
_wcsicmp
__C_specific_handler
_wtol
swprintf_s
_vsnwprintf
?terminate@@YAXXZ
memset
_unlock
_ismbblead
_initterm
_callnewh
malloc
_purecall
__CxxFrameHandler3
wcscmp

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
PropVariantClear

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventExW
ReleaseSRWLockExclusive
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

comctl32

CreateStatusWindowW
ord345

comdlg32

FindTextW
PageSetupDlgW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetFileTitleW
ChooseFontW
PrintDlgExW
ReplaceTextW

ntdll

WinSqmAddToStream

propsys

PropVariantToStringVectorAlloc
PSGetPropertyDescriptionListFromString

shell32

ShellAboutW
DragQueryFileW
SHAddToRecentDocs
DragFinish
DragAcceptFiles
ShellExecuteW
SHCreateItemFromParsingName

shlwapi

SHStrDupW
PathFileExistsW
PathIsNetworkPathW
PathFindExtensionW
PathIsFileSpecW

winspool.drv

ClosePrinter
GetPrinterDriverW
OpenPrinterW

urlmon

FindMimeFromData

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

c8922be3dcdfeb5994c9eee7745dc22e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

comctl32

comdlg32

ntdll

propsys

shell32

shlwapi

winspool.drv

urlmon

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 3KB - Virtual size: 11KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 1024B - Virtual size: 560B

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 1024B - Virtual size: 560B