× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2383b1b142c624bbb0234046cf2e94a69cc15d686b3862689e58ce8a7f5f2bfd
File name: notepad.exe
Detection ratio: 0 / 56
Analysis date: 2015-08-28 12:14:21 UTC ( 3 years, 6 months ago ) View latest
Antivirus Result Update
Ad-Aware 20150828
AegisLab 20150828
Yandex 20150827
AhnLab-V3 20150828
Alibaba 20150828
ALYac 20150828
Antiy-AVL 20150828
Arcabit 20150828
Avast 20150828
AVG 20150828
Avira (no cloud) 20150828
AVware 20150828
Baidu-International 20150828
BitDefender 20150828
Bkav 20150828
ByteHero 20150828
CAT-QuickHeal 20150828
ClamAV 20150828
CMC 20150827
Comodo 20150828
Cyren 20150828
DrWeb 20150828
Emsisoft 20150828
ESET-NOD32 20150828
F-Prot 20150828
F-Secure 20150828
Fortinet 20150828
GData 20150828
Ikarus 20150828
Jiangmin 20150827
K7AntiVirus 20150828
K7GW 20150828
Kaspersky 20150828
Kingsoft 20150828
Malwarebytes 20150828
McAfee 20150828
McAfee-GW-Edition 20150828
Microsoft 20150827
eScan 20150828
NANO-Antivirus 20150828
nProtect 20150828
Panda 20150828
Qihoo-360 20150828
Rising 20150826
Sophos AV 20150828
SUPERAntiSpyware 20150826
Symantec 20150827
Tencent 20150828
TheHacker 20150828
TrendMicro 20150828
TrendMicro-HouseCall 20150828
VBA32 20150828
VIPRE 20150828
ViRobot 20150828
Zillya 20150828
Zoner 20150828
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2006-05-29 07:55:30
Entry Point 0x0005359A
Number of sections 4
PE sections
PE imports
AreAnyAccessesGranted
Polygon
CreateHalftonePalette
OffsetRgn
CreatePen
GdiFlush
GetTextMetricsA
AddFontResourceW
PathToRegion
GetClipBox
GetViewportOrgEx
GetObjectType
SetMapMode
CreateDCA
GetMetaFileBitsEx
DeleteDC
SetPixel
PtInRegion
FillPath
PatBlt
CreateDIBSection
GetCharacterPlacementA
CreateHatchBrush
FillRgn
SetDIBitsToDevice
AngleArc
SelectPalette
GetOutlineTextMetricsW
GetGraphicsMode
SetTextAlign
GetDCOrgEx
CreateCompatibleDC
StretchBlt
ScaleViewportExtEx
SelectObject
GetNearestPaletteIndex
CopyMetaFileW
Pie
GetEnhMetaFileW
EnumEnhMetaFile
SetTextJustification
GetStretchBltMode
BeginPath
SetViewportExtEx
GetTextCharacterExtra
MoveToEx
GetLastError
FreeConsole
GlobalFindAtomW
GlobalDeleteAtom
FileTimeToSystemTime
EnumResourceLanguagesA
EnumResourceNamesW
GetConsoleCP
GetDriveTypeA
GetHandleInformation
GlobalFindAtomA
DebugBreak
GetEnvironmentStringsW
EnumSystemLocalesW
GetFileAttributesW
GetLocalTime
FindFirstChangeNotificationW
CreateRemoteThread
CreatePipe
GetStartupInfoA
GetVolumeInformationA
FileTimeToLocalFileTime
CompareFileTime
GetLocaleInfoA
GetFileSize
CreateIoCompletionPort
DeleteFileA
GetCPInfo
GetSystemDefaultLCID
LoadLibraryExW
DeleteFileW
GetPrivateProfileIntW
GetSystemPowerStatus
GetPrivateProfileStringW
FormatMessageA
EnumResourceLanguagesW
GetFileTime
ExpandEnvironmentStringsW
GlobalMemoryStatus
GlobalAddAtomW
GetFileAttributesExW
GlobalReAlloc
GetModuleHandleA
GetSystemTimeAsFileTime
HeapCompact
FindFirstFileA
CreateFileA
GetAtomNameA
DeleteAtom
GetCurrentProcess
GetComputerNameA
FindNextFileA
ClearCommError
GetSystemDirectoryA
GetDiskFreeSpaceA
GetExitCodeProcess
ExpandEnvironmentStringsA
FindCloseChangeNotification
Beep
FindAtomW
GetLongPathNameW
GetLogicalDriveStringsA
GlobalFlags
FreeLibraryAndExitThread
FindResourceW
CreateProcessW
DeleteCriticalSection
CancelIo
GetFileAttributesExA
GetProcessVersion
ConnectNamedPipe
_except_handler3
__p__fmode
_acmdln
_exit
__p__commode
_controlfp
exit
_XcptFilter
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__set_app_type
RasSetEntryPropertiesA
RasDeleteEntryW
RasGetEntryPropertiesA
RasGetConnectStatusW
RasGetEntryDialParamsA
RasEditPhonebookEntryA
RasDialW
RasSetEntryDialParamsA
RasEnumDevicesA
RasGetEntryPropertiesW
RasEnumConnectionsW
RasGetErrorStringA
RasEditPhonebookEntryW
RasCreatePhonebookEntryW
RasGetEntryDialParamsW
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 4
RT_VERSION 1
Number of PE resources by language
ENGLISH PHILIPPINES 7
MACEDONIAN DEFAULT 4
SERBIAN ARABIC ALGERIA 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
6.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
0.235.10.103

UninitializedDataSize
0

LanguageCode
Neutral

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
4136960

EntryPoint
0x5359a

OriginalFileName
Spencer.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright 2043

FileVersion
0.154.181.89

TimeStamp
2006:05:29 08:55:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Rumbling

FileDescription
Redoubt

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
KDT Software Solutions

CodeSize
339968

ProductName
Shuffle Regenerated

ProductVersionNumber
0.32.124.107

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 c9582bc11ebf406eb617985b07fb9939
SHA1 4b54646119094af46cd7b32e70295f605a1c4b8c
SHA256 2383b1b142c624bbb0234046cf2e94a69cc15d686b3862689e58ce8a7f5f2bfd
ssdeep
6144:c87c6+iTIrwnSfQt9vdDr0mDb8MbbMjjL+k++owhk6ogv3OiDZCMxN:c87xYASfsvdhIjqgVpo/snb

authentihash b245aa03f70ff3e86699616589aa59d0c13ee1fcbf614014a0d0f0f84a3ed38c
imphash fb7fda30336f281349cd30c4e6a83ad4
File size 376.0 KB ( 385024 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (42.2%)
Win64 Executable (generic) (37.3%)
Win32 Dynamic Link Library (generic) (8.8%)
Win32 Executable (generic) (6.0%)
Generic Win/DOS Executable (2.7%)
Tags
peexe

VirusTotal metadata
First submission 2015-08-28 12:14:21 UTC ( 3 years, 6 months ago )
Last submission 2015-08-28 12:14:21 UTC ( 3 years, 6 months ago )
File names notepad.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Created processes
Code injections in the following processes
Opened mutexes
Opened service managers
Runtime DLLs