File 18ab8337c01b1a5bc483267f4208e95799b2ca9e8bf2a3497ed901cc0472a53e Summary
Like

Analyse score

0 / 14

No antivirus venders flagged
this file as malicious

Signature

File is not signed

Last scanned

First submission

Basic properties

CRC32

0x978be2ed

MD5

bbe8a31bd45b0f5b7e055349c783edcd

Magic

PE32+ executable (GUI) x86-64, for MS Windows

SHA1

55a3e2ca134a7e93e777128957f39775ea46838d

SHA256

18ab8337c01b1a5bc483267f4208e95799b2ca9e8bf2a3497ed901cc0472a53e

SHA512

7647ceaa5a96b5befbc10d85e7984dc5dacdca354ca70506afe7fee8bee081cb32f3d380da413b095c7543d445177a94db88d3042998029780c752dc4ead1695

SSDeep

6144:igARqOq/Q/3HDTeWICwpEM7Nm0f1s2eX:1AoY/3neWEp7Nmi/

Size

196.50KB

Packer
  • PE+(64): compiler: Microsoft Visual C/C++(2019 v.16.0)[-]
  • PE+(64): linker: Microsoft Linker(14.20, Visual Studio 2019 16.0*)[EXE64]
TrID
  • 90.1% (.CPL) Windows Control Panel Item (generic) (197083/11/60)
  • 4.8% (.EXE) Win64 Executable (generic) (10523/12/4)
  • 2.3% (.EXE) Win16 NE executable (generic) (5038/12/1)
  • 0.9% (.EXE) OS/2 Executable (generic) (2029/13)
  • 0.9% (.EXE) Generic Win/DOS Executable (2002/3)
Tags

ExifTool File Metadata

CharacterSet

Unicode

CodeSize

146.00KB

CompanyName

Microsoft Corporation

EntryPoint

0x23e90

ExifToolVersionNumber

12.62

FileDescription

Notepad

FileFlags

(none)

FileFlagsMask

0x003f

FileOs

Windows NT 32-bit

FileSize

201 kB

FileSubtype

0

FileType

Win64 EXE

FileTypeExtension

exe

FileVersion

10.0.19041.3570 (WinBuild.160101.0800)

FileVersionNumber

10.0.19041.3570

ImageFileCharacteristics

Executable, Large address aware

ImageVersion

10.0

InitializedDataSize

56.00KB

InternalName

Notepad

LanguageCode

English (U.S.)

LegalCopyright

© Microsoft Corporation. All rights reserved.

LinkerVersion

14.20

MachineType

AMD AMD64

MimeType

application/octet-stream

ObjectFileType

Executable application

OriginalFileName

NOTEPAD.EXE

OsVersion

10.0

PeType

PE32+

ProductName

Microsoft® Windows® Operating System

ProductVersion

10.0.19041.3570

ProductVersionNumber

10.0.19041.3570

Subsystem

Windows GUI

SubsystemVersion

10.0

UninitializedDataSize

0

Show all

Submissions

Published Name Source Country
notepad.exe web FR

Indicators

Description Severity Category Module
Malware detection of a yara signature: Win32/WannaCry
malicious
Sandbox Detection Behavior
Communicates over HTTP with a low reputation domain
informational
C2 Behavior
Deletes itself after process termination
suspicious
Stealth Behavior
Write a file to the startup folder
suspicious
Persistence Behavior
Check for the existence of Virtual Machines
suspicious
Signature Yara

🚀 Coming soon!

Virtual Screens

🚀 Coming soon!