» 20b92840-sample
Overview
Analysis
File Details

20b92840-sample

Notepad

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file 20b92840-sample has been detected as malware by 9 anti-virus scanners.

File name:

20b92840-sample

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Notepad

Version:

6.1.7600.16385 (win7_rtm.090713-1255)

MD5:

06f490eceba91572c9af21d436b42f38

SHA-1:

8ec749d8119eee1615d14521336b62989df8848b

SHA-256:

d05b2aba775be59d72ca8ec31df851d69d4035dfabe4213121b79a2c74b4ac6b

Scanner detections:

9 / 68

Status:

Malware

Analysis date:

11/27/2024 9:43:32 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Patched.Gen

7.11.181.246

avast!

Win32:WrongInf-A [Susp]

2014.9-141231

AVG

Win32/Virut

2015.0.3243

Bkav FE

W32.HfsAutoA

1.3.0.6185

F-Prot

W32/Patched.BZ.gen

v6.4.7.1.166

G Data

Win32.Virus.Patched.M@susp

14.12.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.7.8.0

NANO AntiVirus

Virus.Win32.Virut-Gen.bwpxnc

0.28.6.62995

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

File size:

178 KB (182,272 bytes)

Product version:

6.1.7600.16385

Original file name:

NOTEPAD.EXE

Language:

English (United States)

File PE Metadata

Compilation timestamp:

2/23/2023 4:07:27 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:mVexzTMlI0frxJLgf7nDVF6PUp1Yo3ICgxgV3s:mExJex5gfzDVlVXgaVc

Entry address:

0x3689

Entry point:

E8, C5, F9, FF, FF, 6A, 58, 68, A0, 37, 00, 01, E8, 72, 04, 00, 00, 33, DB, 89, 5D, E4, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, FC, 10, 00, 01, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 70, 04, BF, 5C, C2, 00, 01, 6A, 00, 56, 57, FF, 15, 00, 11, 00, 01, 85, C0, 0F, 85, 36, 35, 00, 00, 33, F6, 46, A1, A4, C0, 00, 01, 3B, C6, 0F, 84, 44, 35, 00, 00, A1, A4, C0, 00, 01, 85, C0, 0F, 85, 7A, 0C, 00, 00, 89, 35, A4, C0, 00, 01, 68, 9C, 37, 00, 01, 68, 90, 37, 00, 01, E8, 54... 
[+]

Entropy:

7.1392

Code size:

42 KB (43,008 bytes)

Remove 20b92840-sample - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.