Notepad2[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

Notepad2.exe
Size

1.3MB
MD5

14c3bee9800cb1de43791bdc512555c7
SHA1

07f5876586ce85d384c55f903a26a3b9b4029a1e
SHA256

c8f97be7bab3d73676a2ce9cc4daf619d36eaf9bd4cd89ed9b7331e50e72b917
SHA512

1925459faf39ccf9ab48202b194a07e5ecd6f21593b65d96de3925ab574bcbdda01977b5de7cdb0c7b68d008ee74a81ee12a62b287c84125227e701f6a27f2a8
SSDEEP

24576:iXLtUK8+xBuKhpSK438pckG0WY9gxdvAp2ei9tige/5VwjeueexF5G0vWKhEs5PM:iXLt7GeSYj9fX

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
Notepad2.exe

Files

Notepad2.exe
.exe windows x86

4f1a424414a411e37425d0f692e72728

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord8
ImageList_Destroy
ImageList_AddMasked
ImageList_Create
InitCommonControlsEx
CreateStatusWindowW

shlwapi

StrCpyNW
SHAutoComplete
StrDupA
StrStrIA
StrChrIA
StrTrimA
PathMatchSpecW
StrChrW
PathFileExistsW
PathUnquoteSpacesW
PathQuoteSpacesW
StrCatBuffA
StrNCatW
StrCatW
StrCmpIW
StrCmpW
StrStrA
UrlEscapeW
StrCmpNA
StrDupW
StrChrA
StrCmpNIA
StrCpyW
PathIsUNCW
UrlUnescapeW
PathRelativePathToW
PathIsPrefixW
PathUnExpandEnvStringsW
PathIsDirectoryW
PathFindExtensionW
StrStrW
PathIsRelativeW
PathCanonicalizeW
PathGetDriveNumberW
PathIsRootW
PathAppendW
StrChrIW
StrCmpNIW
PathCommonPrefixW
PathCompactPathExW
PathStripToRootW
StrRChrW
StrFormatByteSizeW
PathRenameExtensionW
StrStrIW
StrTrimW
PathRemoveFileSpecW
PathFindFileNameW
StrCatBuffW
StrRetToBufW

kernel32

ResetEvent
LocalAlloc
CreateEventW
lstrcmpiW
lstrcatW
CloseHandle
LocalFree
lstrcpyW
CreateThread
lstrcmpW
GetFileSize
lstrcmpA
lstrlenA
GetCPInfo
lstrcpynA
SetEndOfFile
GlobalSize
GlobalLock
GetModuleHandleW
GetTickCount
WriteFile
WideCharToMultiByte
ReadFile
CreateFileW
lstrcatA
GetACP
MultiByteToWideChar
GlobalUnlock
GetLastError
lstrcmpiA
GetProcAddress
IsValidCodePage
GetOEMCP
LocalSize
LCMapStringW
lstrcpyA
FreeResource
GlobalFree
LoadResource
GetCurrentProcess
GetLocaleInfoW
SizeofResource
MulDiv
WritePrivateProfileSectionW
GetLongPathNameW
LockResource
GetModuleHandleA
GetWindowsDirectoryW
GetPrivateProfileSectionW
ExpandEnvironmentStringsW
GetCommandLineW
GetDateFormatW
SearchPathW
FindFirstFileW
FindFirstChangeNotificationW
SetErrorMode
FreeLibrary
CreateProcessW
CompareFileTime
FindCloseChangeNotification
GetPrivateProfileStringW
LoadLibraryW
GetTimeFormatW
GetStartupInfoW
FindClose
GetLocalTime
SetCurrentDirectoryW
FindNextChangeNotification
GetVersion
SetFileAttributesW
SetEvent
GlobalAlloc
FormatMessageW
lstrcpynW
GetFileAttributesW
GetCurrentDirectoryW
GetPrivateProfileIntW
WritePrivateProfileStringW
lstrlenW
ExitThread
FindResourceW
FlushFileBuffers
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
OutputDebugStringW
RtlUnwind
HeapReAlloc
GetStringTypeW
RaiseException
HeapSize
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetModuleFileNameA
GetFileType
GetStdHandle
GetProcessHeap
GetModuleHandleExW
ExitProcess
CompareStringW
HeapAlloc
HeapFree
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentThreadId
SetLastError
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
DeleteCriticalSection
LoadLibraryA
EnterCriticalSection
LeaveCriticalSection
GetVersionExW
InitializeCriticalSection
QueryPerformanceCounter
LoadLibraryExW
GetLocaleInfoA
GetModuleFileNameW
WaitForSingleObject

user32

SetCapture
DestroyCursor
GetCaretBlinkTime
ShowOwnedPopups
ClientToScreen
SetWindowPlacement
TranslateAcceleratorW
SetTimer
ScreenToClient
GetMessageW
PostQuitMessage
TrackPopupMenu
ShowWindowAsync
RegisterWindowMessageW
IsIconic
IsChild
UnregisterClassW
KillTimer
IsZoomed
GetSubMenu
EnumWindows
GetDoubleClickTime
LoadAcceleratorsW
GetForegroundWindow
IsDialogMessageW
GetWindowPlacement
OffsetRect
TrackPopupMenuEx
CheckMenuRadioItem
IntersectRect
LoadMenuW
GetClassNameW
EnableMenuItem
ChangeClipboardChain
IsWindow
SetMenuDefaultItem
EqualRect
MessageBoxW
RegisterClassW
IsWindowVisible
CountClipboardFormats
UpdateWindow
DestroyMenu
GetDlgCtrlID
SetClipboardViewer
DefWindowProcW
CheckMenuItem
DrawAnimatedRects
GetWindowRect
SetActiveWindow
CharUpperBuffW
DialogBoxIndirectParamW
GetMenuStringW
IsWindowEnabled
GetClientRect
GetDC
GetMenu
CreateDialogIndirectParamW
SetRect
InvalidateRect
SystemParametersInfoW
ReleaseDC
GetMenuState
SetWindowPos
FindWindowExW
AdjustWindowRectEx
DeferWindowPos
GetSystemMetrics
MapWindowPoints
SetWindowTextW
GetMonitorInfoW
MonitorFromRect
DestroyWindow
SetCursor
CloseClipboard
GetSystemMenu
CharNextW
GetKeyState
IsClipboardFormatAvailable
LoadCursorW
wsprintfA
IsCharLowerA
SetFocus
IsCharUpperW
CharLowerW
GetCapture
ChildWindowFromPoint
SetCursorPos
CharLowerA
GetClipboardData
EmptyClipboard
CharUpperW
GetSysColor
GetCursorPos
GetSysColorBrush
IsCharLowerW
GetActiveWindow
CreateWindowExW
InsertMenuW
OpenClipboard
ReleaseCapture
SetClipboardData
IsCharAlphaNumericA
GetParent
GetWindowTextLengthW
GetDlgItemInt
RemovePropW
wvsprintfW
LoadImageW
PostMessageW
GetFocus
MessageBeep
CharPrevW
wsprintfW
SetPropW
TranslateMessage
SetDlgItemInt
LoadIconW
IsCharAlphaNumericW
GetWindowLongW
PeekMessageW
GetDlgItem
SetWindowLongW
EndDialog
SendDlgItemMessageW
LoadStringW
CheckDlgButton
ShowWindow
IsDlgButtonChecked
GetMessageTime
SetScrollInfo
RegisterClipboardFormatW
SetCaretPos
CreateCaret
AppendMenuA
DestroyCaret
IsWindowUnicode
GetScrollInfo
GetKeyboardLayout
RegisterClassExW
BeginPaint
ShowCaret
MsgWaitForMultipleObjects
HideCaret
GetUpdateRgn
EndPaint
CallWindowProcW
SystemParametersInfoA
FrameRect
CreatePopupMenu
InflateRect
DrawFocusRect
GetIconInfo
CreateIconIndirect
DrawTextA
DrawTextW
FillRect
CheckRadioButton
MessageBoxIndirectW
BeginDeferWindowPos
GetDlgItemTextW
SetDlgItemTextW
SendMessageW
EnableWindow
EndDeferWindowPos
MessageBoxExW
GetPropW
DispatchMessageW
CopyImage
SetForegroundWindow

gdi32

CreateRectRgn
CombineRgn
CreateCompatibleDC
CreateFontIndirectA
StretchBlt
CreateDIBSection
Polygon
GetTextExtentPoint32A
BitBlt
CreateBitmap
CreateSolidBrush
ExtTextOutA
IntersectClipRect
RoundRect
CreatePatternBrush
GetNearestColor
GetTextExtentExPointA
GetTextExtentExPointW
Ellipse
CreateCompatibleBitmap
MoveToEx
EndPage
GetTextMetricsW
LineTo
StartPage
DeleteDC
SetBkColor
DPtoLP
ExtTextOutW
CreateFontW
StartDocW
CreatePen
SetTextAlign
EndDoc
TranslateCharsetInfo
GetTextExtentPoint32W
EnumFontsW
GetDeviceCaps
SetMapMode
SetTextColor
SetBkMode
SelectObject
CreateFontIndirectW
DeleteObject
GetObjectW
GetStockObject
Rectangle

comdlg32

ChooseFontW
PrintDlgW
GetSaveFileNameW
PageSetupDlgW
ChooseColorW
GetOpenFileNameW

advapi32

OpenProcessToken
GetTokenInformation
IsTextUnicode

shell32

ShellExecuteExW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetDataFromIDListW
SHAppBarMessage
SHAddToRecentDocs
SHGetFolderPathW
ord180
SHGetSpecialFolderPathW
SHCreateDirectoryExW
Shell_NotifyIconW
DragFinish
DragQueryFileW
DragAcceptFiles
SHBrowseForFolderW

ole32

OleUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize
RevokeDragDrop
DoDragDrop
RegisterDragDrop

imm32

ImmSetCompositionWindow
ImmGetCompositionStringW
ImmReleaseContext
ImmGetContext
ImmSetCompositionFontA
ImmNotifyIME

Sections

.text
Size: 1023KB - Virtual size: 1022KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 154KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

4f1a424414a411e37425d0f692e72728

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

imm32

Sections

.text Size: 1023KB - Virtual size: 1022KB

.data Size: 154KB - Virtual size: 193KB

.idata Size: 12KB - Virtual size: 11KB

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 40KB - Virtual size: 39KB

.text
Size: 1023KB - Virtual size: 1022KB

.data
Size: 154KB - Virtual size: 193KB

.idata
Size: 12KB - Virtual size: 11KB

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 40KB - Virtual size: 39KB