notes[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

notes.exe
Size

1.5MB
MD5

dc1b3cdcd704a5801d04adf1c46742b2
SHA1

f0a3c6034a76831fa75c81415f6c98ed0613cf5a
SHA256

50dcb667e50691470d8826cd6b815c2baa1a7170ba102318fe8b80e3eccdfa77
SHA512

e22626d89f1ebbeb95fab3572801c668aef5cd8188e0bb34d71d3a4724a52dd53831cb380f17521fdd840b3ba29fb05962adcd4c935411af713d3e236a454e17
SSDEEP

24576:MrvieksnT9a9rv6ggFmqsPEXCfIhQfwVxHgcbuVT0kFx4mSc:+vi2nT9a9L6ggwqbXCfIKIVxHgb94m5

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
notes.exe

Files

notes.exe
.exe windows x64

1cd364a9e949d5ecebd6c614e64bc545

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

WriteFile
WriteConsoleW
WaitForMultipleObjects
WaitForSingleObject
VirtualQuery
VirtualFree
VirtualAlloc
SwitchToThread
SetWaitableTimer
SetUnhandledExceptionFilter
SetProcessPriorityBoost
SetEvent
SetErrorMode
SetConsoleCtrlHandler
LoadLibraryA
LoadLibraryW
GetSystemInfo
GetSystemDirectoryA
GetStdHandle
GetQueuedCompletionStatus
GetProcessAffinityMask
GetProcAddress
GetEnvironmentStringsW
GetConsoleMode
FreeEnvironmentStringsW
ExitProcess
DuplicateHandle
CreateThread
CreateIoCompletionPort
CreateEventA
CloseHandle
AddVectoredExceptionHandler

Sections

.text
Size: 449KB - Virtual size: 448KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 585KB - Virtual size: 585KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 71KB - Virtual size: 202KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 281B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/32
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/46
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/63
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/80
Size: 512B - Virtual size: 45B

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/99
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/112
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/124
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 948B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.symtab
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

1cd364a9e949d5ecebd6c614e64bc545

Headers

File Characteristics

Imports

kernel32

Sections

.text Size: 449KB - Virtual size: 448KB

.rdata Size: 585KB - Virtual size: 585KB

.data Size: 71KB - Virtual size: 202KB

/4 Size: 512B - Virtual size: 281B

/19 Size: 68KB - Virtual size: 68KB

/32 Size: 18KB - Virtual size: 18KB

/46 Size: 7KB - Virtual size: 7KB

/63 Size: 11KB - Virtual size: 10KB

/80 Size: 512B - Virtual size: 45B

/99 Size: 146KB - Virtual size: 146KB

/112 Size: 65KB - Virtual size: 64KB

/124 Size: 22KB - Virtual size: 21KB

.idata Size: 1024B - Virtual size: 948B

.symtab Size: 94KB - Virtual size: 94KB

.text
Size: 449KB - Virtual size: 448KB

.rdata
Size: 585KB - Virtual size: 585KB

.data
Size: 71KB - Virtual size: 202KB

/4
Size: 512B - Virtual size: 281B

/19
Size: 68KB - Virtual size: 68KB

/32
Size: 18KB - Virtual size: 18KB

/46
Size: 7KB - Virtual size: 7KB

/63
Size: 11KB - Virtual size: 10KB

/80
Size: 512B - Virtual size: 45B

/99
Size: 146KB - Virtual size: 146KB

/112
Size: 65KB - Virtual size: 64KB

/124
Size: 22KB - Virtual size: 21KB

.idata
Size: 1024B - Virtual size: 948B

.symtab
Size: 94KB - Virtual size: 94KB