NOTEPAD.EXE

Notepad

Pandaje Technical Services Pvt Ltd.

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable NOTEPAD.EXE has been detected as malware by 10 anti-virus scanners.
Publisher:
Microsoft Corporation  (signed by Pandaje Technical Services Pvt Ltd.)

Product:
Microsoft® Windows® Operating System

Description:
Notepad

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
8525031837e2f4b7a11478c1b4f40374

SHA-1:
4fcd98e08fc2d8f4b0c474cdb20562e5a71d12c9

SHA-256:
3c22a21003a547bf289aaa24f23a7bf91df570c6ffa575470156bd3e57867ff2

Scanner detections:
10 / 68

Status:
Malware

Analysis date:
11/5/2024 1:00:30 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Gen
7.11.181.246

avast!
Win32:WrongInf-A [Susp]
2014.9-150708

AVG
Win32/Virut
2016.0.3055

Bkav FE
W32.HfsAutoA
1.3.0.6185

F-Prot
W32/Patched.BZ.gen
v6.4.7.1.166

G Data
Win32.Virus.Patched.M@susp
15.7.24

herdProtect (fuzzy)
2015.7.8.3

IKARUS anti.virus
Win32.SuspectCrc
t3scan.1.7.8.0

NANO AntiVirus
Virus.Win32.Virut-Gen.bwpxnc
0.28.6.62995

Qihoo 360 Security
Malware.QVM10.Gen
1.0.0.1015

File size:
183.1 KB (187,512 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
NOTEPAD.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pandaje group\junk cleaner\notepad.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
4/25/2014 7:00:00 PM

Valid to:
4/26/2015 6:59:59 PM

Subject:
CN=Pandaje Technical Services Pvt Ltd., O=Pandaje Technical Services Pvt Ltd., STREET=D-215, STREET=Sector 63, L=Noida, S=Uttar Pradesh, PostalCode=201301, C=IN

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
2B727CF6E94CBEB0DEE82B8538609328

File PE Metadata
Compilation timestamp:
7/13/2009 6:41:03 PM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:kVexzTMlI0frxJLgf7nDVF6PUp1Yo3ICgxgV2t:kExJex5gfzDVlVXgaV8

Entry address:
0x3689

Entry point:
E8, C5, F9, FF, FF, 6A, 58, 68, A0, 37, 00, 01, E8, 72, 04, 00, 00, 33, DB, 89, 5D, E4, 89, 5D, FC, 8D, 45, 98, 50, FF, 15, FC, 10, 00, 01, C7, 45, FC, FE, FF, FF, FF, C7, 45, FC, 01, 00, 00, 00, 64, A1, 18, 00, 00, 00, 8B, 70, 04, BF, 5C, C2, 00, 01, 6A, 00, 56, 57, FF, 15, 00, 11, 00, 01, 85, C0, 0F, 85, 36, 35, 00, 00, 33, F6, 46, A1, A4, C0, 00, 01, 3B, C6, 0F, 84, 44, 35, 00, 00, A1, A4, C0, 00, 01, 85, C0, 0F, 85, 7A, 0C, 00, 00, 89, 35, A4, C0, 00, 01, 68, 9C, 37, 00, 01, 68, 90, 37, 00, 01, E8, 54...
 
[+]

Entropy:
7.1642

Code size:
42 KB (43,008 bytes)

Remove NOTEPAD.EXE - Powered by Reason Core Security