Windows Analysis Report
NOTEPAD.EXE.exe

Overview

General Information

Sample name: NOTEPAD.EXE.exe
Analysis ID: 1433164
MD5: 45388b2204e71b3157d016e98faebe68
SHA1: 993aba7a0a4ed533756550f108742ca475dc5e0a
SHA256: 692ceb419276b70440c833672cb42c820e68adbd552a73f3ebb8176cb1a66162
Tags: exeHUN

Detection

Score: 60
Range: 0 - 100
Whitelisted: false
Confidence: 100%

Signatures

Antivirus / Scanner detection for submitted sample
Multi AV Scanner detection for submitted file
Machine Learning detection for sample
Detected potential crypto function
Entry point lies outside standard sections
PE file contains sections with non-standard names
Program does not show much activity (idle)
Sample file is different than original file name gathered from version info
Uses 32bit PE files

Classification

AV Detection
barindex
Antivirus / Scanner detection for submitted sample
Source: NOTEPAD.EXE.exe Avira: detected
Multi AV Scanner detection for submitted file
Source: NOTEPAD.EXE.exe ReversingLabs: Detection: 31%
Source: NOTEPAD.EXE.exe Virustotal: Detection: 28% Perma Link
Machine Learning detection for sample
Source: NOTEPAD.EXE.exe Joe Sandbox ML: detected
Uses 32bit PE files
Source: NOTEPAD.EXE.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
Detected potential crypto function
Source: C:\Users\user\Desktop\NOTEPAD.EXE.exe Code function: 0_2_0043839F 0_2_0043839F
Sample file is different than original file name gathered from version info
Source: NOTEPAD.EXE.exe, 00000000.00000000.2056624774.0000000000439000.00000008.00000001.01000000.00000003.sdmp Binary or memory string: OriginalFilenameNOTEPAD.EXEj% vs NOTEPAD.EXE.exe
Source: NOTEPAD.EXE.exe Binary or memory string: OriginalFilenameNOTEPAD.EXEj% vs NOTEPAD.EXE.exe
Uses 32bit PE files
Source: NOTEPAD.EXE.exe Static PE information: EXECUTABLE_IMAGE, 32BIT_MACHINE, DEBUG_STRIPPED
Source: NOTEPAD.EXE.exe Static PE information: Section: .MPRESS1 ZLIB complexity 0.997802734375
Source: classification engine Classification label: mal60.winEXE@1/0@0/0
Source: NOTEPAD.EXE.exe ReversingLabs: Detection: 31%
Source: NOTEPAD.EXE.exe Virustotal: Detection: 28%
Entry point lies outside standard sections
Source: initial sample Static PE information: section where entry point is pointing to: .MPRESS2
PE file contains sections with non-standard names
Source: NOTEPAD.EXE.exe Static PE information: section name: .MPRESS1
Source: NOTEPAD.EXE.exe Static PE information: section name: .MPRESS2
Source: NOTEPAD.EXE.exe Static PE information: section name: .MPRESS1 entropy: 7.995353805960629
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
Program does not show much activity (idle)
Source: all processes Thread injection, dropped files, key value created, disk infection and DNS query: no activity detected
windows-stand
Hide Legend

Legend:

  • Process
  • Signature
  • Created File
  • DNS/IP Info
  • Is Dropped
  • Is Windows Process
  • Number of created Registry Values
  • Number of created Files
  • Visual Basic
  • Delphi
  • Java
  • .Net C# or VB.NET
  • C, C++ or other language
  • Is malicious
  • Internet
behaviorgraph top1 signatures2 2 Behavior Graph ID: 1433164 Sample: NOTEPAD.EXE.exe Startdate: 29/04/2024 Architecture: WINDOWS Score: 60 7 Antivirus / Scanner detection for submitted sample 2->7 9 Multi AV Scanner detection for submitted file 2->9 11 Machine Learning detection for sample 2->11 5 NOTEPAD.EXE.exe 2->5         started        process3
No contacted IP infos