home

notepadruntime.exe

QUANTO SOLUCOES E SISTEMA LTDA

The executable notepadruntime.exe has been detected as malware by 15 anti-virus scanners.
Publisher:
QUANTO SOLUCOES E SISTEMA LTDA  (signed and verified)

MD5:
e5273fd23709afaebe01c14a94a26464

SHA-1:
1b68d75f48f6bb2949350f5d53aae4764f799646

Scanner detections:
15 / 68

Status:
Malware

Analysis date:
4/26/2024 9:33:41 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Kazy.383414
269

avast!
Win32:Banker-KYB [Trj]
2014.9-160510

AVG
Win32/Blacked
2017.0.2747

Bitdefender
Gen:Variant.Kazy.383414
1.0.20.655

Emsisoft Anti-Malware
Gen:Variant.Kazy.383414
8.16.05.10.12

ESET NOD32
Win32/Spy.Banker.ABEO (variant)
10.10456

Fortinet FortiGate
W32/Banker.ABEO!tr.spy
5/10/2016

F-Secure
Gen:Variant.Kazy.383414
11.2016-10-05_3

G Data
Gen:Variant.Kazy.383414
16.5.24

McAfee
Artemis!E5273FD23709
5600.6403

MicroWorld eScan
Gen:Variant.Kazy.383414
17.0.0.393

Qihoo 360 Security
HEUR/Malware.QVM18.Gen
1.0.0.1015

Trend Micro House Call
PAK_Generic.009
7.2.131

Trend Micro
PAK_Generic.009
10.465.10

VIPRE Antivirus
Trojan.Win32.Packer.EnigmaProtector1.1X-1.3X
33382

File size:
1.3 MB (1,404,256 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Documents and Settings\{user}\AppData\notepadruntime.exe

Digital Signature
Signed by:
QUANTO SOLUCOES E SISTEMA LTDA

Authority:
Thawte, Inc.

Valid from:
4/2/2014 9:00:00 PM

Valid to:
4/3/2015 8:59:59 PM

Subject:
CN=QUANTO SOLUCOES E SISTEMA LTDA, O=QUANTO SOLUCOES E SISTEMA LTDA, L=PRESIDENTE PRUDENTE, S=SAO PAULO, C=BR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
00B87EDE3281FFB1EE77DF86B54A8CB0

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:goVHrYgA3wdD+8NtqaJsiKYLvAuPyKRX7C/QxUygyWjxwaCVC70/M4RpGkAv:goVH0wqaaiKY7bhXGoDgy2xwG70/M7tv

Entry address:
0x2C27B

Entry point:
55, 8B, EC, 83, C4, F0, B8, 00, 10, 40, 00, E8, 01, 00, 00, 00, 9A, 83, C4, 10, 8B, E5, 5D, E9, 15, D2, 3F, 00, 11, 35, 97, F2, 92, 3D, 33, 10, 5C, A6, 80, 03, 10, 82, 88, 81, 1B, 18, 51, 1D, DA, 4D, CA, A3, 16, 6C, 13, 41, E1, C0, 5E, 7C, 81, 2F, 84, DF, A8, 51, 0C, 76, 96, C2, C3, F8, 35, 74, 52, 1A, 00, B6, 17, EF, 42, EB, EE, 1D, 23, 10, 07, C3, FB, 0D, 0C, 08, FD, A0, 27, EB, 2B, 4D, 9B, D2, E8, 99, 47, 6B, DB, C7, 38, 40, 4C, 28, B5, 50, DD, 6C, 32, 8E, A8, 64, AD, 65, 1C, 90, DA, 3B, F8, 53, BF, F2...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
617.5 KB (632,320 bytes)

Remove notepadruntime.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.