20b92840-sample

Notepad

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The file 20b92840-sample has been detected as malware by 9 anti-virus scanners.
Publisher:
Microsoft Corporation*  (Invalid match)

Product:
Microsoft® Windows® Operating System

Description:
Notepad

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
06f490eceba91572c9af21d436b42f38

SHA-1:
8ec749d8119eee1615d14521336b62989df8848b

SHA-256:
d05b2aba775be59d72ca8ec31df851d69d4035dfabe4213121b79a2c74b4ac6b

Scanner detections:
9 / 68

Status:
Malware

Analysis date:
11/27/2024 9:43:32 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Gen
7.11.181.246

avast!
Win32:WrongInf-A [Susp]
2014.9-141231

AVG
Win32/Virut
2015.0.3243

Bkav FE
W32.HfsAutoA
1.3.0.6185

F-Prot
W32/Patched.BZ.gen
v6.4.7.1.166

G Data
Win32.Virus.Patched.M@susp
14.12.24

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.8.0

NANO AntiVirus
Virus.Win32.Virut-Gen.bwpxnc
0.28.6.62995

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

File size:
178 KB (182,272 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
NOTEPAD.EXE

Language:
English (United States)

File PE Metadata
Compilation timestamp:
2/23/2023 4:07:27 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:mVexzTMlI0frxJLgf7nDVF6PUp1Yo3ICgxgV3s:mExJex5gfzDVlVXgaVc

Entry address:
0x3689

Entry point:
E8, C5, F9, FF, FF, 6A, 58, 68, A0, 37, 00, 01, E8, 72, 04, 00, 00, 33, DB, 89, 5D, E4, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, FC, 10, 00, 01, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 70, 04, BF, 5C, C2, 00, 01, 6A, 00, 56, 57, FF, 15, 00, 11, 00, 01, 85, C0, 0F, 85, 36, 35, 00, 00, 33, F6, 46, A1, A4, C0, 00, 01, 3B, C6, 0F, 84, 44, 35, 00, 00, A1, A4, C0, 00, 01, 85, C0, 0F, 85, 7A, 0C, 00, 00, 89, 35, A4, C0, 00, 01, 68, 9C, 37, 00, 01, 68, 90, 37, 00, 01, E8, 54...
 
[+]

Entropy:
7.1392

Code size:
42 KB (43,008 bytes)

Remove 20b92840-sample - Powered by Reason Core Security