» notepad.exe
Overview
Analysis
File Details
Downloads (6)

notepad.exe

Notepad

Microsoft Corporation

It is installed with the Windows 8 pre-release build (RTM). The file has been seen being downloaded from app4com.how2safeupgradenewest.xyz and multiple other hosts.

File name:

notepad.exe

Publisher:

Microsoft Corporation

Product:

Microsoft® Windows® Operating System

Description:

Notepad

Part of the Windows 8.1 (Blue) Operating System

Version:

6.3.9600.16384 (winblue_rtm.130821-1623)

MD5:

9d12a01443d52bb25a8ad0f100f91b83

SHA-1:

c632ae4d41821da3f16d8678fb29a880c2035a4a

SHA-256:

7fbfab17fe55578159f482a3c9741f02ef5c15c939f4bf1c7b164faa0ab6dda3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/15/2024 1:35:46 PM UTC (today)

File size:

208 KB (212,992 bytes)

Product version:

6.3.9600.16384

Original file name:

NOTEPAD.EXE.MUI

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\notepad.exe

File PE Metadata

Compilation timestamp:

7/9/2015 11:30:46 AM

OS version:

6.3

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

3072:yOVtvOX1sptKYqiKEye4P0GzT8GrJLgf7nDVF6PUp1Yo3ICg6g:yOmItKlihyv//r5gfzDVlVXgd

Entry address:

0x62F0

Entry point:

E8, 63, FE, FF, FF, 6A, 5C, 68, 08, 64, 40, 00, E8, A0, FE, FF, FF, 83, 65, DC, 00, 83, 65, FC, 00, 8D, 45, 94, 50, FF, 15, 0C, A1, 41, 00, C7, 45, FC, FE, FF, FF, FF, 33, DB, 43, 89, 5D, FC, 64, A1, 18, 00, 00, 00, 8B, 78, 04, 33, F6, BA, 3C, 72, 41, 00, 8B, CF, 33, C0, F0, 0F, B1, 0A, 85, C0, 0F, 85, C6, C6, 00, 00, 39, 1D, 68, 70, 41, 00, 0F, 84, C5, C6, 00, 00, 83, 3D, 68, 70, 41, 00, 00, 0F, 85, E1, 00, 00, 00, 89, 1D, 68, 70, 41, 00, 68, 04, 64, 40, 00, 68, F8, 63, 40, 00, E8, 6A, FD, FF, FF, 59, 59... 
[+]

Entropy:

7.0667

Code size:

88 KB (90,112 bytes)

The file notepad.exe has been seen being distributed by the following 6 URLs.

http://app4com.how2safeupgradenewest.xyz/dl.php?pcl=iKLF--OW7otjfYc5bgWxsDzFObo2MAW_XOlNTKQrZrw.&cid=VjJ8NjUxNTM1OXw1NTUxNTJ8MTYyMjY0fDE0NjgwMzExMTl8YzQ2ZDQwZGYtMTMxOC00OGVkLWM4ODktY2Q1M2M3ZTNmMDQ4fDEwNC4xMS4yMC42NHx8MnxmMGVlMzFkZTYzODA3ZTk2YTI3N2IwZDU2NGRkZDFjYw==&sub=22211_6515359&conversion_id=14680312096804&app_id=2&lp_id=1692&v=tribat&stub_id=305&v_id=-QX5J5rZuBdiTTiEUOvpNcdHe-5wgQG2sWDTwDwqeMY.&lpp=No match

http://whenupdate.newestsoft4ever.download/dl.php?pcl=iKLF--OW7otjfYc5bgWxsDzFObo2MAW_XOlNTKQrZrw.&cid=VjJ8NTYxODR8NTU1MTgxfDMyNzA1NXwxNDY4MTAxMDUzfDFjOTlhMWE0LTIwODgtNGQxNi1jZGZmLWNkOGQ3YzYyM2MzMnw3NS42Ni4xOTEuMTc1fHwxfGYwZWUzMWRlNjM4MDdlOTZhMjc3YjBkNTY0ZGRkMWNj&sub=22211_56184&conversion_id=14681010713219&app_id=2&lp_id=1694&v=tribat&stub_id=305&v_id=cijA3_D0ng6r4iZw5nCyQMhvCaOyqydELELunaPiFtc.&lpp=No match

http://check4upgrade.yourmuchbettersoft.site/dl.php?pcl=iKLF--OW7otjfYc5bgWxsDzFObo2MAW_XOlNTKQrZrw.&cid=VjJ8MzUxOTd8NTU1MjA3fDMyNzA1NXwxNDY5NzQ2NDkyfDIxYmJmMWE5LTVkMjEtNDk1ZS1jOWY4LTc4ZWQwMDIyMzI0MXw2OC41NC45LjIyN3x8M3xmMGVlMzFkZTYzODA3ZTk2YTI3N2IwZDU2NGRkZDFjYw==&sub=22211_35197&conversion_id=14697465902933&app_id=2&lp_id=1694&v=tribat&stub_id=305&v_id=-wrK2g9-Ug2URQ1gnCpL33q1_rwTJUUGmKiKUne9zUY.&lpp=*-*-*

http://setupupgrade.nowupdates.tech/dl.php?tfyhg=bFRb5DxiSdzBNQInAYVPvTSMb9ZiNY3gSXn9urPHnJU.&cid=18329350811466793592&SUB_ID=976456-353246668-339061209&conversion_id=14667935942975&app_id=4&lp_id=1362&v=tribat&stub_id=305&v_id=jGYhCjeTkdTsRIw8_RM4VV8UQtXUP6vtJwOW9K0Q4k4.&lpp=*-*-*

http://keyupgrade.newupdater4u.xyz/dl.php?fds=lXTIdHUqBhcqbUT7Jr3oC_4gTLaMjQ6wME1kIep_0ZM.&cid=13372686011466797622&conversion_id=14667976312746&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=miEyn6A63ClKQSdDaYV0z4-BfCGajVzr0gL7hH73l-U.&lpp=*-*-*

http://keyupgrade.newupdater4u.xyz/dl.php?fds=HBfZBqmjvShSyN8T7B6GF4EWeDXqP2-LqaW3Zz-EIQc.&cid=25056253201466794020&conversion_id=14667940224016&app_id=4&lp_id=954&v=tribat&stub_id=305&v_id=-yj2_-k2zHnpGzdWYZR4jJLGnvY69ULrYUaOeVtG4ME.&lpp=*-*-*

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.