home

notepad.exe

The executable notepad.exe has been detected as malware by 4 anti-virus scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from doc-10-4c-docs.googleusercontent.com.
MD5:
ada86a758435c7852de94d1a6274459f

SHA-1:
df690ad90e6346c628e30e7846b8323b85b5479a

SHA-256:
d28c438ae1a92e66ac08ea73cac3b12af820c570302275905df0a825bc474ea4

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
5/7/2024 12:31:04 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Trojan-gen
160518-2

Emsisoft Anti-Malware
Gen:Variant.Strictor.9331
11.5.0.6191

Norman
Gen:Variant.Strictor.9331
28.05.2016 15:32:18

VIPRE Antivirus
Threat.4779008
29708

File size:
1.4 MB (1,446,287 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\notepad.exe

File PE Metadata
Compilation timestamp:
4/13/2004 3:16:22 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:AGV0vwvsxdyx/jNzr2plquvQul7A83BynHw+eVxOyvqnqPF4m8y0d8ztKPxAiA3V:AZvwjx/jNzr2PD3IQ+eVknG4Ry0S5knq

Entry address:
0x40D6

Entry point:
51, 51, 53, 55, 56, 57, FF, 15, 90, 70, 40, 00, 05, E8, 03, 00, 00, 89, 44, 24, 14, FF, 15, 8C, 70, 40, 00, 8B, F0, FF, 15, 28, 70, 40, 00, 8A, 06, 8B, 1D, 7C, 70, 40, 00, 3C, 22, 75, 41, 46, 8A, 06, 84, C0, 74, 09, 3C, 22, 75, F5, 84, C0, 74, 01, 46, 80, 3E, 20, 74, FA, 80, 3E, 2F, 75, 7B, 46, 8A, 16, 80, FA, 53, 75, 25, 8D, 46, 01, 8A, 08, 80, F9, 20, 74, 04, 84, C9, 75, 17, FE, 05, 98, A4, 40, 00, 8B, F0, EB, 52, 3C, 20, 74, D1, 46, 8A, 06, 84, C0, 75, F5, EB, C9, 8B, 06, 3B, 05, 44, 83, 40, 00, 75, 16...
 
[+]

Entropy:
7.9956  (probably packed)

Code size:
21.5 KB (22,016 bytes)

The file notepad.exe has been seen being distributed by the following URL.

https://doc-10-4c-docs.googleusercontent.com/docs/securesc/sen2us5vj5qppa6i03f6308g8b0gsds4/isira76r91nqejv4nos6orbefesssbds/1459346400000/.../06887023414845766191/0B8jQVdTwhQ4yRUVNQ2VPM0xCSEU?e=download

Remove notepad.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.