notepad[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

notepad.exe
Size

248KB
MD5

5394096a1cebf81af24e993777caabf4
SHA1

5be67dad56e33cdbd1c327948ee70d43e69ed106
SHA256

a28438e1388f272a52559536d99d65ba15b1a8288be1200e249851fdf7ee6c7e
SHA512

734f89e2746203ad3059dc44725a23c0b5686ca914147d367f74231f239f03ec1390aa55cee15ca439bb1651c39629a4c8264e1b6ba859b2f6f5b09cc5f90b21
SSDEEP

3072:Vkcc7NgOFP/HM9kTYSU0Np4KGQ0hlB2FSzvkwwCJSLChRycsJLgf7nDVF6PUp1Yb:VklNJH1T4w1GDlBTfSIRW5gfzDVlVXg

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
notepad.exe

Files

notepad.exe
.exe windows:10 windows x64

c8922be3dcdfeb5994c9eee7745dc22e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

OpenProcessToken
GetTokenInformation
DuplicateEncryptionInfoFile
RegSetValueExW
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyExW
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
IsTextUnicode
DecryptFileW

kernel32

GetACP
LocalUnlock
DeleteFileW
SetEndOfFile
GetFullPathNameW
GetFileAttributesExW
GetFileInformationByHandle
CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
LocalReAlloc
UnmapViewOfFile
LocalSize
GetStartupInfoW
FindNLSString
LocalLock
GlobalUnlock
GlobalAlloc
GetModuleFileNameA
CreateSemaphoreExW
ReleaseSemaphore
GetModuleHandleExW
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
CreateMutexExW
DebugBreak
IsDebuggerPresent
GetLastError
GetFileAttributesW
WriteFile
SetLastError
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetUserDefaultUILanguage
FoldStringW
FormatMessageW
FindClose
FindFirstFileW
lstrcmpW
FreeLibrary
GetCurrentProcessId
HeapSetInformation
GetCommandLineW
GetCurrentProcess
MulDiv
GetLocaleInfoW
GlobalFree
HeapAlloc
GetProcessHeap
HeapFree
GetProcAddress
GetModuleHandleW
LocalAlloc
LocalFree
CloseHandle
ReadFile
CreateFileW
SetErrorMode
lstrcmpiW
GlobalLock

gdi32

StartPage
StartDocW
SetAbortProc
DeleteDC
CreateDCW
AbortDoc
EndPage
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetTextExtentPoint32W
TextOutW
EnumFontsW
GetTextFaceW
SelectObject
DeleteObject
CreateFontIndirectW
GetDeviceCaps
EndDoc

user32

SetWinEventHook
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWinEvent
SetWindowTextW
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
WinHelpW
GetCursorPos
ScreenToClient
GetKeyboardLayout
GetParent
SetScrollPos
InvalidateRect
UpdateWindow
GetWindowPlacement
SetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
CreateWindowExW
RegisterWindowMessageW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowLongW
PeekMessageW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
CharNextW
RedrawWindow
SetWindowPos
GetDlgCtrlID
GetForegroundWindow
DestroyWindow
MessageBeep
PostQuitMessage
SetFocus
IsIconic
DefWindowProcW
LoadStringW
SetActiveWindow
SetCursor
GetDpiForWindow
ReleaseDC
ChildWindowFromPoint
ShowWindow
EnableMenuItem
GetSubMenu
CheckMenuItem
GetMenu
MessageBoxW
DialogBoxParamW
PostMessageW
SetThreadDpiAwarenessContext
MoveWindow
GetClientRect
SendMessageW
GetDC
GetFocus
LoadIconW
LoadImageW

msvcrt

_lock
_commode
_fmode
_acmdln
__dllonexit
__setusermatherr
_onexit
memcpy
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
memcpy_s
iswctype
wcsnlen
_wcsicmp
__C_specific_handler
_wtol
swprintf_s
_vsnwprintf
?terminate@@YAXXZ
memset
_unlock
_ismbblead
_initterm
_callnewh
malloc
_purecall
__CxxFrameHandler3
wcscmp

api-ms-win-core-com-l1-1-0

CoCreateGuid
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitializeEx
CoUninitialize
CoCreateFreeThreadedMarshaler
CoWaitForMultipleHandles
PropVariantClear

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
Sleep

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
CreateEventExW
ReleaseSRWLockExclusive
SetEvent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-1

GetProcessMitigationPolicy

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateString
WindowsGetStringRawBuffer
WindowsDeleteString
WindowsCreateStringReference

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoGetActivationFactory
RoUninitialize

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

comctl32

CreateStatusWindowW
ord345

comdlg32

FindTextW
PageSetupDlgW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
GetFileTitleW
ChooseFontW
PrintDlgExW
ReplaceTextW

ntdll

WinSqmAddToStream

propsys

PropVariantToStringVectorAlloc
PSGetPropertyDescriptionListFromString

shell32

ShellAboutW
DragQueryFileW
SHAddToRecentDocs
DragFinish
DragAcceptFiles
ShellExecuteW
SHCreateItemFromParsingName

shlwapi

SHStrDupW
PathFileExistsW
PathIsNetworkPathW
PathFindExtensionW
PathIsFileSpecW

winspool.drv

ClosePrinter
GetPrinterDriverW
OpenPrinterW

urlmon

FindMimeFromData

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 560B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c8922be3dcdfeb5994c9eee7745dc22e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

kernel32

gdi32

user32

msvcrt

api-ms-win-core-com-l1-1-0

api-ms-win-core-synch-l1-2-0

api-ms-win-core-rtlsupport-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-profile-l1-1-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

comctl32

comdlg32

ntdll

propsys

shell32

shlwapi

winspool.drv

urlmon

Sections

.text Size: 107KB - Virtual size: 106KB

.rdata Size: 30KB - Virtual size: 30KB

.data Size: 3KB - Virtual size: 11KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 103KB - Virtual size: 103KB

.reloc Size: 1024B - Virtual size: 560B

.text
Size: 107KB - Virtual size: 106KB

.rdata
Size: 30KB - Virtual size: 30KB

.data
Size: 3KB - Virtual size: 11KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 103KB - Virtual size: 103KB

.reloc
Size: 1024B - Virtual size: 560B