home

wordpad.exe

Windows Wordpad Application

Microsoft Corporation

It is included with the Windows 7 OS. The file has been seen being downloaded from s1423.chomikuj.pl.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Wordpad Application

 
Part of the Windows 7 Operating System

Version:
6.1.7600.16385 (win7_rtm.090713-1255)

MD5:
39bfd86634004b7c0d3fd81d2cbb8f92

SHA-1:
c13f466a2e354775af9055d551b6c112b2af0564

SHA-256:
35a4fb24b0470dbb59c87f61515320a4276b6b22813340872c1d23e9ef6ae8f3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
11/1/2024 1:20:08 AM UTC  (today)

File size:
4.1 MB (4,247,040 bytes)

Product version:
6.1.7600.16385

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
WORDPAD.EXE.MUI

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\windows nt\accessories\wordpad.exe

File PE Metadata
Compilation timestamp:
6/29/2010 4:08:25 AM

OS version:
6.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:j93N/msgNXGN/SGxCPSCvgxIM2FxvNEtXcPCl9AuDF5zUPGLG5SvAMZAMgp+GT:5d/msgN2N/PCas3xvW9cPy9AuDzYpDT

Entry address:
0x2D5B1

Entry point:
E8, 0A, 00, 00, 00, E9, 42, 56, FF, FF, 90, 90, 90, 90, 90, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, 90, A0, 0A, 01, 83, 65, F8, 00, 83, 65, FC, 00, 53, 57, BF, 4E, E6, 40, BB, BB, 00, 00, FF, FF, 3B, C7, 0F, 85, 61, 3B, 02, 00, 56, 8D, 45, F8, 50, FF, 15, 74, 11, 00, 01, 8B, 75, FC, 33, 75, F8, FF, 15, 78, 11, 00, 01, 33, F0, FF, 15, 74, 10, 00, 01, 33, F0, FF, 15, 7C, 11, 00, 01, 33, F0, 8D, 45, F0, 50, FF, 15, 80, 11, 00, 01, 8B, 45, F4, 33, 45, F0, 33, F0, 3B, F7, 74, 1B, 85, 1D, 90, A0, 0A, 01, 74, 13, 89...
 
[+]

Entropy:
4.9735

Code size:
676 KB (692,224 bytes)

Shell Open Command
Open type:
rtffile

Command:
"C:\Program Files\windows nt\accessories\wordpad.exe" "%1"


The file wordpad.exe has been seen being distributed by the following URL.

http://s1423.chomikuj.pl/File.aspx?e=DURzZ0poAb6Oh3IDRH-vZSRSPbP4xhqhzuBUWoFjHAyfOyWwS8wFB_ALJNPsAvyWYekRh2huT2Gjz_M7SzjS-MMqwJ4-d3pAjF2yOJ59nixUd6fqB6q61KYa6IZKHrs5rLeDyVBtsKIAX7vHiS4XpA&pv=2

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.