Static task
static1
Behavioral task
behavioral1
Sample
notepad.exe
Resource
win7-20230220-en
Behavioral task
behavioral2
Sample
notepad.exe
Resource
win10v2004-20230220-en
General
-
Target
notepad.exe
-
Size
183KB
-
MD5
2f2691a783589f8990605fa57eeb76e5
-
SHA1
149d4482a028afcb687124fd7543b3937b0cd8e2
-
SHA256
87ef41a24c01371970d9ee0a9a4f8ff50e7f9488cc3982ef418c60a66bb71fb5
-
SHA512
dd436b5fd5345512e8fb35e66eb1ae100f45531f1606865d9fb99f8a9897151cf9800886b58e21e6c5497b5b9b04c43b87344dd43f9460441aa414fa2d31fb29
-
SSDEEP
3072:pqADH8Hw6Coo7on12W4Wgmg32hE0seKo0S:pYH0Q
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource notepad.exe
Files
-
notepad.exe.exe windows x64
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
Sections
.text Size: 8B - Virtual size: 4KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.reloc Size: 8B - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 181KB - Virtual size: 184KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ