notepad[.]exe | Triage

Sharing

Copy URL Twitter E-mail

General

Target

notepad.exe
Size

304KB
MD5

87a52a86f81b4c5af03cabb7514631f4
SHA1

188bc17b2c6545ff3de799581e100bf60d685ca3
SHA256

154ac2e88711abce834cedca3dc98688d0552b0737de8f91609fb999337d5747
SHA512

fc679d54040153ed7bef8b94bdf4617462ec8ffa3dce0ed54bd8d099373e206980d65870ba63d8d31d5df06e07e04f83af3f6e1fe301502727d966adf8504787
SSDEEP

6144:El37xqC/3pbo92Gz9UjLk5gfzDVlVXgJJp:6xqCvd22GELk5GpXMp

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
notepad.exe

Files

notepad.exe
.exe windows:10 windows x86 arch:x86

9b443497c39099250d3c5c51cbfd6eda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

notepad.pdb

Imports

gdi32

SetMapMode
SetViewportExtEx
SetWindowExtEx
LPtoDP
SetBkMode
GetTextMetricsW
TextOutW
AbortDoc
EndDoc
SetAbortProc
StartDocW
StartPage
CreateDCW
EnumFontsW
GetTextFaceW
GetDeviceCaps
DeleteDC
DeleteObject
SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
SelectObject
CreateCompatibleDC
EndPage
CreateFontIndirectW

user32

PostQuitMessage
BeginPaint
EndPaint
FillRect
DrawTextW
DrawFocusRect
DefWindowProcW
TrackMouseEvent
InvalidateRect
DestroyIcon
SetThreadDpiAwarenessContext
DialogBoxParamW
LoadIconW
GetFocus
MessageBoxW
ShowWindow
SetCursor
SetActiveWindow
EnableMenuItem
IsIconic
SetFocus
MessageBeep
GetForegroundWindow
GetDlgCtrlID
SetWindowPos
RedrawWindow
GetKeyboardLayout
CharNextW
SetWinEventHook
GetMessageW
TranslateAcceleratorW
IsDialogMessageW
TranslateMessage
DispatchMessageW
UnhookWinEvent
SetWindowTextW
GetMenu
GetSubMenu
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
CheckMenuItem
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
SetScrollPos
UpdateWindow
GetWindowPlacement
SetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
MonitorFromWindow
RegisterWindowMessageW
LoadCursorW
LoadImageW
RegisterClassExW
GetWindowLongW
PeekMessageW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
IsWindow
CreateDialogIndirectParamW
GetPropW
SetPropW
GetDlgItem
RemovePropW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
NotifyWinEvent
CreateWindowExW
GetWindowTextLengthW
GetClientRect
DestroyWindow
GetDpiForWindow
SystemParametersInfoForDpi
SendMessageW
MoveWindow
GetDC
LoadStringW
PostMessageW
ReleaseDC

api-ms-win-crt-string-l1-1-0

wcsnlen
memset

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_c_exit
_register_thread_local_exe_atexit_callback
_initterm

api-ms-win-crt-private-l1-1-0

_o__get_wide_winmain_command_line
_o__initialize_onexit_table
_o__initialize_wide_environment
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_exe
_o__set_app_type
_o__set_fmode
_o__set_new_mode
_o__wcsicmp
_o__wtol
_o_exit
_o_free
_o_iswdigit
_o_malloc
_o_terminate
__CxxFrameHandler3
_except_handler4_common
__current_exception
__current_exception_context
_CxxThrowException
_o__errno
_o__cexit
_o___std_exception_destroy
_o___std_exception_copy
_o__callnewh
_o__beginthreadex
_o___p__commode
_o__crt_atexit
_o__controlfp_s
_o__configure_wide_argv
_o__configthreadlocale
wcsrchr
wcschr
memcmp
_o__exit
memcpy
_o___stdio_common_vswprintf
memmove

api-ms-win-core-libraryloader-l1-2-0

LockResource
GetModuleHandleExW
FindResourceExW
LoadResource
GetModuleHandleA
GetModuleFileNameA
FreeLibrary
GetProcAddress
GetModuleHandleW
GetModuleFileNameW

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
InitializeCriticalSectionEx
CreateSemaphoreExW
ReleaseSemaphore
ReleaseSRWLockExclusive
ReleaseMutex
SetEvent
CreateEventExW
AcquireSRWLockExclusive
WaitForSingleObject
EnterCriticalSection
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
WaitForSingleObjectEx
ReleaseSRWLockShared
OpenSemaphoreW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapAlloc
HeapSetInformation
HeapFree

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter
RaiseException
GetLastError
SetLastError

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CreateThreadpoolTimer
CloseThreadpoolTimer

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
OpenProcessToken
CreateProcessW
TerminateProcess
GetCurrentThreadId
GetStartupInfoW
GetCurrentProcessId

api-ms-win-core-localization-l1-2-0

FormatMessageW
FindNLSString
GetLocaleInfoW
GetACP

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW
DebugBreak

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance
CoInitializeEx
PropVariantClear
CoUninitialize
CoWaitForMultipleHandles
CoCreateGuid
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

api-ms-win-core-registry-l1-1-1

RegSetKeyValueW

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-shlwapi-legacy-l1-1-0

PathIsFileSpecW
PathFileExistsW
PathFindExtensionW

api-ms-win-core-winrt-string-l1-1-0

WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegGetValueW
RegDeleteKeyExW
RegQueryValueExW
RegEnumValueW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW
RegQueryInfoKeyW

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory

api-ms-win-core-heap-l2-1-0

LocalUnlock
LocalFree
LocalLock
GlobalAlloc
GlobalFree
LocalAlloc
LocalReAlloc

api-ms-win-core-file-l1-1-0

DeleteFileW
GetFileAttributesW
SetEndOfFile
GetFileAttributesExW
GetFileInformationByHandle
FindClose
FindFirstFileW
CreateFileW
ReadFile
GetDiskFreeSpaceExW
GetFullPathNameW
CreateDirectoryW
WriteFile

api-ms-win-shcore-obsolete-l1-1-0

SHStrDupW

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-processenvironment-l1-1-0

GetCurrentDirectoryW
GetCommandLineW
SetCurrentDirectoryW

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
FoldStringW
CompareStringOrdinal
WideCharToMultiByte

api-ms-win-core-psapi-l1-1-0

K32GetModuleFileNameExW

api-ms-win-core-localization-obsolete-l1-2-0

GetUserDefaultUILanguage

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetLocalTime

api-ms-win-core-datetime-l1-1-0

GetDateFormatW
GetTimeFormatW

api-ms-win-shcore-path-l1-1-0

ord170

api-ms-win-core-memory-l1-1-0

MapViewOfFile
CreateFileMappingW
UnmapViewOfFile

api-ms-win-core-registry-l2-1-0

RegCreateKeyW

api-ms-win-core-heap-obsolete-l1-1-0

LocalSize
GlobalLock
GlobalUnlock

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-windowserrorreporting-l1-1-3

RegisterApplicationRestart

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventUnregister
EventRegister

api-ms-win-base-util-l1-1-0

IsTextUnicode

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
GetProcessMitigationPolicy

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-winrt-error-l1-1-0

SetRestrictedErrorInfo

api-ms-win-core-winrt-error-l1-1-1

RoGetMatchingRestrictedErrorInfo

comctl32

ImageList_Create
ImageList_SetBkColor
ord381
ImageList_ReplaceIcon
ord410
ImageList_Draw
ImageList_GetIconSize
ord413
ImageList_Destroy
ord345
CreateStatusWindowW

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9b443497c39099250d3c5c51cbfd6eda

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

gdi32

user32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-private-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-threadpool-l1-2-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-registry-l1-1-1

api-ms-win-core-largeinteger-l1-1-0

api-ms-win-core-shlwapi-legacy-l1-1-0

api-ms-win-core-winrt-string-l1-1-0

api-ms-win-core-registry-l1-1-0

api-ms-win-core-winrt-l1-1-0

api-ms-win-core-heap-l2-1-0

api-ms-win-core-file-l1-1-0

api-ms-win-shcore-obsolete-l1-1-0

api-ms-win-security-base-l1-1-0

api-ms-win-core-processenvironment-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-psapi-l1-1-0

api-ms-win-core-localization-obsolete-l1-2-0

api-ms-win-core-sysinfo-l1-1-0

api-ms-win-core-datetime-l1-1-0

api-ms-win-shcore-path-l1-1-0

api-ms-win-core-memory-l1-1-0

api-ms-win-core-registry-l2-1-0

api-ms-win-core-heap-obsolete-l1-1-0

api-ms-win-shcore-scaling-l1-1-1

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-windowserrorreporting-l1-1-3

api-ms-win-eventing-provider-l1-1-0

api-ms-win-base-util-l1-1-0

api-ms-win-core-libraryloader-l1-2-1

api-ms-win-core-processthreads-l1-1-1

api-ms-win-core-profile-l1-1-0

api-ms-win-core-interlocked-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-winrt-error-l1-1-1

comctl32

api-ms-win-core-delayload-l1-1-1

api-ms-win-core-delayload-l1-1-0

Sections

.text Size: 158KB - Virtual size: 158KB

.data Size: 2KB - Virtual size: 7KB

.idata Size: 11KB - Virtual size: 11KB

.didat Size: 512B - Virtual size: 124B

.rsrc Size: 120KB - Virtual size: 120KB

.reloc Size: 9KB - Virtual size: 9KB

.text
Size: 158KB - Virtual size: 158KB

.data
Size: 2KB - Virtual size: 7KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 124B

.rsrc
Size: 120KB - Virtual size: 120KB

.reloc
Size: 9KB - Virtual size: 9KB