notepad[.]exe | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

notepad.exe
Size

1.2MB
MD5

5af6de4390ba17649fd55624e4a2d73e
SHA1

14fac7492a1426b49ea716f8f81e5cc1c581ee3f
SHA256

d4457d9d3bb89b2395e6c841ddefada9bb067bcf51fc75bb4413d57d87b7a7cd
SHA512

a30d4733be3e79852f8b96f2a975c852f259ec2d6a9b8bbc774e3492bdce749e11574a7d26743603dbad76d8c34ae9863de7944fa1ba2db6b2e0a6b6257a85eb
SSDEEP

24576:21zx6qnt0RVEyxHFply0jM3azzHsAt+3lkZ8h/vBjGSLBrnAE:21z4q2R/NysLYBVLJnR

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
notepad.exe

Files

notepad.exe
.exe windows:4 windows x86 arch:x86

8a2c8ce882e74222d2793357d997beb8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord6
ImageList_Destroy
ImageList_Create
InitCommonControlsEx
ImageList_AddMasked

shlwapi

PathQuoteSpacesA
PathIsRootA
PathMatchSpecA
SHCopyKeyA
SHAutoComplete
PathIsDirectoryA

imm32

ImmReleaseContext
ImmGetCompositionStringW
ImmGetContext
ImmSetCompositionFontA
ImmNotifyIME
ImmSetCompositionWindow

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

ExpandEnvironmentStringsA
GetFullPathNameA
GetLongPathNameA
LocalFree
FormatMessageA
GetLastError
LockResource
SizeofResource
LoadResource
FindResourceA
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceCounter
OutputDebugStringA
IsDBCSLeadByteEx
DebugBreak
DeleteCriticalSection
InitializeCriticalSection
GlobalSize
GetTickCount
GetUserDefaultLCID
GetStringTypeExA
LCMapStringA
GlobalUnlock
GetStringTypeA
GetCurrentProcessId
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
LoadLibraryW
HeapSize
ExitProcess
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetOEMCP
GetCPInfo
GetProcessHeap
GetCommandLineA
GetSystemTimeAsFileTime
GetModuleFileNameW
GetTempPathA
GetFileType
WriteConsoleW
HeapAlloc
HeapReAlloc
CreateThread
GetCurrentThreadId
ExitThread
RtlUnwind
RaiseException
HeapFree
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedDecrement
InterlockedIncrement
FindFirstFileA
FindClose
CreateFileA
WideCharToMultiByte
GlobalAlloc
GlobalFree
SetErrorMode
GetModuleHandleA
GetProcAddress
EnumSystemCodePagesA
GetCPInfoExA
SetFileAttributesA
GetModuleFileNameA
CopyFileA
DeleteFileA
MultiByteToWideChar
GetNumberFormatA
InterlockedCompareExchange
GetFileTime
GetFileAttributesA
CompareFileTime
GetACP
GetLocalTime
GetDateFormatA
GetTimeFormatA
GetLocaleInfoA
MulDiv
GetVersionExA
CreatePipe
GetStartupInfoA
CreateProcessA
PeekNamedPipe
Sleep
GetExitCodeProcess
InterlockedExchange
WaitForSingleObject
SetEndOfFile
GetFileSize
WriteFile
SetFilePointer
ReadFile
CloseHandle
GetConsoleCP
GetConsoleMode
GetWindowsDirectoryA
LCMapStringW
LoadLibraryA
FreeLibrary
GetStdHandle
GlobalLock
FlushFileBuffers
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
GetStringTypeW

user32

IsClipboardFormatAvailable
GetClipboardData
ShowCaret
CreateCaret
DestroyCaret
HideCaret
SetCaretPos
GetUpdateRgn
MsgWaitForMultipleObjects
GetMessageTime
IsChild
DrawAnimatedRects
GetDesktopWindow
PeekMessageA
LoadStringA
CharPrevA
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetMenuState
GetMenuItemID
CallWindowProcA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
DispatchMessageA
GetScrollInfo
LoadIconA
RegisterClassA
SetClipboardViewer
ChangeClipboardChain
PostQuitMessage
ShowOwnedPopups
GetKeyState
GetActiveWindow
SystemParametersInfoA
GetWindowPlacement
IsZoomed
OemToCharBuffA
CharToOemBuffA
IsCharAlphaNumericA
CharNextA
GetMenu
wsprintfA
CheckMenuRadioItem
ModifyMenuA
IsDialogMessageA
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
DefWindowProcA
ClientToScreen
TrackPopupMenuEx
FindWindowExA
IsWindowEnabled
IsIconic
ShowWindowAsync
SetScrollInfo
ScrollWindow
SetTimer
KillTimer
GetKeyboardLayout
IsWindow
RegisterClassExA
SetWindowLongA
IsWindowVisible
UnregisterClassA
CheckMenuItem
EnableMenuItem
RemoveMenu
IsMenu
InvalidateRect
UpdateWindow
CreatePopupMenu
LoadBitmapA
ReleaseCapture
SetCapture
GetDC
GetDoubleClickTime
BeginPaint
EndPaint
AdjustWindowRectEx
InflateRect
DrawTextW
DrawTextA
DrawFocusRect
FillRect
RegisterClipboardFormatA
DialogBoxIndirectParamA
GetSysColorBrush
GetMenuStringA
GetWindowTextA
MapDialogRect
SetMenuDefaultItem
SetActiveWindow
GetWindowLongA
EnableWindow
GetDlgItem
ShowWindow
MoveWindow
SendMessageA
MapWindowPoints
GetWindowRect
DestroyCursor
SetCursor
ReleaseDC
GetSysColor
RedrawWindow
IsDlgButtonChecked
LoadMenuA
GetSubMenu
SetForegroundWindow
GetCursorPos
TrackPopupMenu
DestroyMenu
AppendMenuA
CheckDlgButton
MessageBeep
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItemInt
SetDlgItemInt
CreateWindowExA
GetClientRect
GetSystemMetrics
SetWindowPos
DialogBoxParamA
CreateDialogParamA
PostMessageA
GetParent
EndDialog
PtInRect
GetMessagePos
ScreenToClient
LoadImageA
SetWindowTextA
GetDlgItemTextA
SetDlgItemTextA
MessageBoxA
SendDlgItemMessageA
DestroyWindow
LoadCursorA
GetMenuItemCount

gdi32

StartPage
StartDocA
GetTextMetricsA
SelectObject
CreateFontA
DPtoLP
SetMapMode
GetObjectA
AddFontResourceA
CreateCompatibleDC
SetBkMode
CreateFontIndirectA
GetStockObject
SetTextColor
SelectPalette
CreateCompatibleBitmap
GetNearestColor
Polygon
Rectangle
CreatePatternBrush
RoundRect
Ellipse
BitBlt
RealizePalette
IntersectClipRect
ExtTextOutW
GetTextExtentPoint32W
GetTextExtentExPointA
GetTextExtentExPointW
CombineRgn
CreateRectRgn
CreateBitmap
SetBkColor
SetTextAlign
ExtTextOutA
GetTextExtentPoint32A
CreatePen
MoveToEx
LineTo
EndPage
EndDoc
DeleteDC
GetDeviceCaps
CreateSolidBrush
CreatePalette
DeleteObject

comdlg32

GetSaveFileNameA
PrintDlgA
PageSetupDlgA
ChooseFontA
ChooseColorA
GetOpenFileNameA

advapi32

RegEnumValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey

shell32

SHBrowseForFolderA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHAppBarMessage
SHGetMalloc
SHBindToParent
DragQueryFileA
DragFinish
DragAcceptFiles
ShellExecuteExA
SHGetSpecialFolderPathA
Shell_NotifyIconA
SHGetDesktopFolder
SHChangeNotify
ShellExecuteA
SHGetFileInfoA
ord25

ole32

RegisterDragDrop
ReleaseStgMedium
CoUninitialize
CoInitialize
OleUninitialize
OleInitialize
RevokeDragDrop
DoDragDrop
CoCreateInstance

Sections

.text
Size: 792KB - Virtual size: 788KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 280KB - Virtual size: 278KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8a2c8ce882e74222d2793357d997beb8

Headers

File Characteristics

Imports

comctl32

shlwapi

imm32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 792KB - Virtual size: 788KB

.rdata Size: 124KB - Virtual size: 122KB

.data Size: 44KB - Virtual size: 55KB

.rsrc Size: 280KB - Virtual size: 278KB

.text
Size: 792KB - Virtual size: 788KB

.rdata
Size: 124KB - Virtual size: 122KB

.data
Size: 44KB - Virtual size: 55KB

.rsrc
Size: 280KB - Virtual size: 278KB