» NOTEPAD.EXE
Overview
Analysis
File Details

NOTEPAD.EXE

Notepad

Pandaje Technical Services Pvt Ltd.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable NOTEPAD.EXE has been detected as malware by 10 anti-virus scanners.

File name:

NOTEPAD.EXE

Publisher:

Microsoft Corporation (signed by Pandaje Technical Services Pvt Ltd.)

Product:

Microsoft® Windows® Operating System

Description:

Notepad

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

8525031837e2f4b7a11478c1b4f40374

SHA-1:

4fcd98e08fc2d8f4b0c474cdb20562e5a71d12c9

SHA-256:

3c22a21003a547bf289aaa24f23a7bf91df570c6ffa575470156bd3e57867ff2

Scanner detections:

10 / 68

Status:

Malware

Analysis date:

5/22/2024 1:14:37 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Patched.Gen

7.11.181.246

avast!

Win32:WrongInf-A [Susp]

2014.9-150708

AVG

Win32/Virut

2016.0.3055

Bkav FE

W32.HfsAutoA

1.3.0.6185

F-Prot

W32/Patched.BZ.gen

v6.4.7.1.166

G Data

Win32.Virus.Patched.M@susp

15.7.24

herdProtect (fuzzy)

variant of 20b92840-sample

2015.7.8.3

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.7.8.0

NANO AntiVirus

Virus.Win32.Virut-Gen.bwpxnc

0.28.6.62995

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

File size:

183.1 KB (187,512 bytes)

Product version:

6.1.7600.16385

Original file name:

NOTEPAD.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\pandaje group\junk cleaner\notepad.exe

Digital Signature

Signed by:

Pandaje Technical Services Pvt Ltd.

Authority:

COMODO CA Limited

Valid from:

4/25/2014 7:00:00 PM

Valid to:

4/26/2015 6:59:59 PM

Subject:

CN=Pandaje Technical Services Pvt Ltd., O=Pandaje Technical Services Pvt Ltd., STREET=D-215, STREET=Sector 63, L=Noida, S=Uttar Pradesh, PostalCode=201301, C=IN

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

2B727CF6E94CBEB0DEE82B8538609328

File PE Metadata

Compilation timestamp:

7/13/2009 6:41:03 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:kVexzTMlI0frxJLgf7nDVF6PUp1Yo3ICgxgV2t:kExJex5gfzDVlVXgaV8

Entry address:

0x3689

Entry point:

E8, C5, F9, FF, FF, 6A, 58, 68, A0, 37, 00, 01, E8, 72, 04, 00, 00, 33, DB, 89, 5D, E4, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, FC, 10, 00, 01, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 70, 04, BF, 5C, C2, 00, 01, 6A, 00, 56, 57, FF, 15, 00, 11, 00, 01, 85, C0, 0F, 85, 36, 35, 00, 00, 33, F6, 46, A1, A4, C0, 00, 01, 3B, C6, 0F, 84, 44, 35, 00, 00, A1, A4, C0, 00, 01, 85, C0, 0F, 85, 7A, 0C, 00, 00, 89, 35, A4, C0, 00, 01, 68, 9C, 37, 00, 01, 68, 90, 37, 00, 01, E8, 54... 
[+]

Entropy:

7.1642

Code size:

42 KB (43,008 bytes)

Remove NOTEPAD.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.