![notepad++ download portugues notepad++ download portugues](https://pt.all7soft.com/images/upload/c/b/youtube-downloader-hd-windows-7-screenshot.jpg)
Notepad++’s source code is available publicly thus, anyone (including malware authors) can access it. Threat actors achieved this disguise by trojanizing open-source software. Weaponizing open-source softwareĭue to its uncanny resemblance to a legitimate Notepad++ file, the analyzed sample can be easily mistaken as a non-malicious file, especially by employees with limited technical know-how. The notepad.exe file that we investigated came from malicious sources and are not associated with official distributing sites of Notepad and Notepad++.exe. After the initial machine was infected, propagating the malicious notepad++ and config.dat via admin shares would be easy. We suspect that the file in this incident got into the organization through a targeted watering hole attack.
![notepad++ download portugues notepad++ download portugues](https://enemaneiras.com.br/wp-content/uploads/2021/01/dicas-notepad-6.jpg)
Further investigation also revealed other blob files with the same loader which lead to different payloads. One of the payloads is detected as, while the other is detected as -B ( Defray ransomware). We observed two instances using the same loader but delivering different payloads. This reminds us of some older malware types like PLUGX. However, the malicious Notepad++ file has additional code that loads an encrypted blob file (config.dat) that decrypts the code and executes it in the memory so it can perform its backdoor routines. These code snippets bear many similarities. The details listed in the file properties of notepad.exe show this: The notepad.exe file’s link to these processes and their functions indicates that the file is a typical backdoor that gets commands from a malicious remote user. Gets a list of currently running processes on either a local or remote machine Gathers operating system configuration information for a local or remote machine, including service pack levels
![notepad++ download portugues notepad++ download portugues](https://cdn.download.it/gen_screenshots/it-IT/windows/netbeans-ide/large/netbeans-ide-10.jpg)
Notepad++ download portugues windows#
The notepad.exe file was dropped through ntoskrnl.exe, short for Windows NT operating system kernel executable.