Architecture |
IMAGE_FILE_MACHINE_I386
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 1998-Apr-29 02:33:09 |
Detected languages |
English - United States
|
Debug artifacts |
Embedded COFF debugging symbols
|
CompanyName | Microsoft Corporation |
FileDescription | Windows Notepad application file |
FileVersion | 4.10.1998 |
InternalName | Notepad |
LegalCopyright | Copyright (C) Microsoft Corp. 1991-1998 |
OriginalFilename | NOTEPAD.EXE |
ProductName | Microsoft(R) Windows(R) Operating System |
ProductVersion | 4.10.1998 |
Suspicious | PEiD Signature: | ASPack v2.12 |
Suspicious | The PE is packed with Aspack or Armadillo |
Unusual section name found: .aspack
Unusual section name found: .adata The PE only has 8 import(s). |
Info | The PE contains common functions which appear in legitimate applications. |
[!] The program may be hiding some of its imports:
|
Malicious | VirusTotal score: 18/72 (Scanned on 2022-09-22 11:40:18) |
Lionic:
Riskware.Win32.Generic.1!c
ClamAV: Win.Trojan.OnlineGames-4771 McAfee: Artemis!85CFD7FAAA37 Cyren: W32/OnlineGames.FT.gen!Eldorado Symantec: ML.Attribute.HighConfidence APEX: Malicious Cynet: Malicious (score: 100) Avast: Win32:Malware-gen McAfee-GW-Edition: BehavesLike.Win32.Fake.nh Trapmine: malicious.moderate.ml.score SentinelOne: Static AI - Malicious PE Microsoft: PUA:Win32/Presenoker Google: Detected Malwarebytes: Malware.Heuristic.1004 Rising: PUA.Presenoker!8.F608 (CLOUD) MaxSecure: Trojan.Malware.300983.susgen AVG: Win32:Malware-gen CrowdStrike: win/malicious_confidence_70% (W) |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0x80 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_I386
|
NumberofSections | 7 |
TimeDateStamp | 1998-Apr-29 02:33:09 |
PointerToSymbolTable | 0x726f4c5b |
NumberOfSymbols | 1564823652 |
SizeOfOptionalHeader | 0xe0 |
Characteristics |
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
|
Magic | PE32 |
---|---|
LinkerVersion | 3.0 |
SizeOfCode | 0x4000 |
SizeOfInitializedData | 0x7400 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000D001 (Section: .aspack) |
BaseOfCode | 0x1000 |
BaseOfData | 0x5000 |
ImageBase | 0x400000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 4.0 |
ImageVersion | 0.0 |
SubsystemVersion | 4.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x13000 |
SizeOfHeaders | 0x600 |
Checksum | 0xdd05 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
SizeofStackReserve | 0x100000 |
SizeofStackCommit | 0x1000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
kernel32.dll |
GetProcAddress
GetModuleHandleA LoadLibraryA |
---|---|
shell32.dll |
ShellExecuteA
|
user32.dll |
wsprintfA
|
gdi32.dll |
GetStockObject
|
comdlg32.dll |
GetOpenFileNameA
|
advapi32.dll |
RegSetValueExA
|
繾繾繾繾繾睾睠胿 睠聿 繾繾繾繾繾繾ݶ聿 ݶ聿 渀繾繾繾繾繾繾恷x 渀滦曮惦p 替ヲ潦曶替衯 肈袈蠈袀࢈肈肈 ̀ Ā À À À à à ð ð ø ø ü ü þ þ ÿ ÿ 胿 胿 샿 샿 ﳿ Ā ﳿ ̀ ܀ 萐ἡ ( 耀 耀 肀 샀À肀 ÿ ÿÿ ÿÿ ÿ 眈睷灷 (烿 眀烮昆晦ݦ烿繮繾ݾ灾惧灿繾灾灾瀏渀繾睾瀇渀灠à縀灰v 繮繾惧 蝮螇悇 昆晦fǼ ø ø À À À à à ð ǰ ϸ ( @ Ȁ 耀 耀 肀 샀À肀 ÿ ÿÿ ÿÿ ÿ 袈袈袈袈 ࠀ胷 蜀睷睷キ胿 蜀睷睷罷胿 蠀躈繾聾昆晦晦晦ݦ睷胿睮睷睷睷恷睷胿惧袈胧繮繾繾繾百眇ソ胿盧眇ソ胿繾繾繾睾衠纎聾渀睠キ胿渀繾繾繾繾ݶキ胿ࡶ胧绮繾繾繾恷罷胿 惧罷胿 繮繾繾繾百踈聾 盧眇胿 繾繾繾睾睠胿 渀ç 衠胧 渀繾繾繾繾ݶ聿 ݶ聿 绮繾繾繾恷職 惧職 繮繾繾繾百耇 盧耇 滮柮` 漀景濶 ࠀ袀耈࢈袀 ̀Ā 샿 샿 À À À à à ð ð ø ø ü ü þ þ ÿ ÿ 胿 胿Ā샿̀侒( @ Ȁ 耀 耀 肀 샀À肀 ÿ ÿÿ ÿÿ ÿ ࠀ袈袈袈袈 眀睷睷睷硷 /矿 眇睷睷 蠈袈袈袈螈 眇睷睷キ 眇睷睷キ 蠈袈袈袈螈 眇睷睷罷 ܀罷昆晦晦晦恦袈螈縎繾繾繾恾睷眇縀繾繾繾百蠈螈睠繾繾繾繾睠܀ࣦ螈 繾繾繾繾ݶ 惧 縎繾繾繾恾螈 à ܀眇 縀繾繾繾百眇 ç 睠 繾繾繾繾睠 ܀ߦ 繾繾繾繾ݶ ߧ怇 ð ༀ샿܀胿̀ÿ̀ÿ̀ÿ̀ÿ̀ÿ̀ÿ̀ÿ̀̀ ̀ ̀ ̀̀̀À̀À̀à̀à̀ð̀ð̀ø̀ø̀ǜǜþ̀þ܀ÿༀ鋿㽉( 耀 耀 肀 샀À肀 ÿ ÿÿ ÿÿ ÿ 眇睷職 眇睷灷 眇睷烿 眇睷灷 眀灷ߦ灿߮灷惮灷灷渀瀇曦瀇曦湦灠 烠 昈梆` Ǹ ð ð ð ð À À à à ǰ ϸ |