Threat Database Trojans Trojan.Noon.E

Trojan.Noon.E

By CagedTech in Trojans

Analysis Report

General information

Family Name: Trojan.Noon.E
Signature status: No Signature

Known Samples

MD5: eca386ee7ef6d7585b84a3e7e8352d7f
SHA1: 0a690ab77e921d4b6191316f338c0911956f60b1
SHA256: 3A544EE360C3C495535E7AD51C96A7A07ADBC4E60CDFC6D1F45CAD2087B1FFC7
File Size: 195.76 KB, 195758 bytes

Windows Portable Executable Attributes

  • File doesn't have "Rich" header
  • File doesn't have debug information
  • File doesn't have exports table
  • File doesn't have security information
  • File is 64-bit executable
  • File is either console or GUI application
  • File is GUI application (IMAGE_SUBSYSTEM_WINDOWS_GUI)
  • File is Native application (NOT .NET application)
  • File is not packed
  • IMAGE_FILE_DLL is not set inside PE header (Executable)
Show More
  • IMAGE_FILE_EXECUTABLE_IMAGE is set inside PE header (Executable Image)

Windows PE Version Information

Name Value
Company Name Meridian Systems Inc.
File Description Meridian Task Scheduler
File Version 4.1.0.0
Internal Name mtasksvc
Legal Copyright Copyright (C) 2025 Meridian Systems Inc.
Original Filename mtasksvc.exe
Product Name Meridian Task Scheduler
Product Version 4.1.0.0

File Traits

  • x64

Block Information

Total Blocks: 684
Potentially Malicious Blocks: 165
Whitelisted Blocks: 519
Unknown Blocks: 0

Visual Map

x 0 x x 0 x x x 0 x 0 0 x 0 0 0 x 0 0 0 0 x x 0 0 0 0 0 x 0 x x x x 0 0 x 0 0 0 x x 0 0 0 0 x 0 0 0 0 0 0 0 x x x 0 x x 0 0 x 0 0 0 0 x x 0 x 0 0 x 0 0 x 0 x 0 0 x x 0 0 x 0 0 x x x x x x x x 0 0 0 0 0 0 x x x 0 x x x x x 0 0 x x x x x x 0 x x x x x x 0 0 0 x x 0 x x 0 0 0 x x 0 x 0 0 x x 0 0 x 0 x x x 0 0 0 x x 0 0 x 0 0 x x x 0 0 0 0 0 x 0 0 0 x x x 0 x x x x x x 0 0 x x 0 0 0 0 0 0 0 0 x 0 x x x x 0 x 0 x x x x x x 0 x 0 x x 0 x x x x x x 0 0 x x 0 0 0 0 0 x x x 0 x 0 0 0 x x 0 x x 0 x 0 0 x x x x x x x x x x x x x x x x x x x x x x 0 x 0 x 0 x 0 x 0 x 0 x 0 x 0 x x 0 0 x x x x x x x x 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 1 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 2 2 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0 1 0 0 0 0 0 0 0 0 0 0 0 0 0 0 0
0 - Probable Safe Block
? - Unknown Block
x - Potentially Malicious Block

Similar Families

  • Trojan.Injector.Gen.GAI

Files Modified

File Attributes
c:\users\user\appdata\roaming\microsoft\windows\start menu\programs\startup\0a690ab77e921d4b6191316f338c0911956f60b1_0000195758 Generic Read,Write Data,Write Attributes,Write extended,Append data,Delete,LEFT 262144

Registry Modifications

Key::Value Data API Name
HKLM\software\microsoft\windows nt\currentversion\notifications\data::418a073aa3bc1c75 RegNtPreCreateKey

Windows API Usage

Category API
Syscall Use
  • ntdll.dll!NtFreeVirtualMemory
  • ntdll.dll!NtProtectVirtualMemory
  • ntdll.dll!NtQuerySecurityAttributesToken
  • ntdll.dll!NtSetEvent
  • ntdll.dll!NtSetInformationWorkerFactory
  • ntdll.dll!NtTestAlert
  • ntdll.dll!NtUnmapViewOfSectionEx
  • ntdll.dll!NtWriteFile
  • UNKNOWN

Trending

Most Viewed

Loading...