{ "9cd1c3d00ae15068ddb5f9103c517768fdc9c2ed8d7f6a729cde9314c591874a": { "DOS Header": { "e_magic": "MZ", "e_cblp": 144, "e_cp": 3, "e_crlc": 0, "e_cparhdr": 4, "e_minalloc": 0, "e_maxalloc": 65535, "e_ss": 0, "e_sp": 184, "e_csum": 0, "e_ip": 0, "e_cs": 0, "e_ovno": 0, "e_oemid": 0, "e_oeminfo": 0, "e_lfanew": 248 }, "Debug Info": { "IMAGE_DEBUG_TYPE_CODEVIEW": { "Characteristics": 0, "TimeDateStamp": "2016-Jul-16 01:36:48", "Version": "0.0", "SizeofData": 36, "AddressOfRawData": 18588, "PointerToRawData": 15516, "Referenced File": "notepad.pdb" }, "IMAGE_DEBUG_TYPE_POGO": { "Characteristics": 0, "TimeDateStamp": "2016-Jul-16 01:36:48", "Version": "0.0", "SizeofData": 684, "AddressOfRawData": 18624, "PointerToRawData": 15552 } }, "Errors": "", "Hashes": { "MD5": "af79f5a331c50cc87f0a5f921ad93b0f", "SHA1": "5ad81c35812c8218ab7aae4f6263906cd6594c35", "SHA256": "9cd1c3d00ae15068ddb5f9103c517768fdc9c2ed8d7f6a729cde9314c591874a", "SHA3": "5b2e193ae9e8a3ac0f7c57e0e76cfa73a732b7cf0dae0ed3fb919f45effc6ba9", "SSDeep": "6144:1Pqs3al2lZDp0X+u848/Zjz6PFVdBIgDTpKyTPZDjbLl0CtC0lVZ6ups/C/2rSN:74aTY5GpX", "Imports Hash": "fbd35346cc6f21219b9abca469e352c0" }, "Image Optional Header": { "Magic": "PE32", "LinkerVersion": "14.0", "SizeOfCode": 107008, "SizeOfInitializedData": 132608, "SizeOfUninitializedData": 0, "AddressOfEntryPoint": "0x0001A410 (Section: .text)", "BaseOfCode": 4096, "BaseOfData": 114688, "ImageBase": 4194304, "SectionAlignment": 4096, "FileAlignment": 512, "OperatingSystemVersion": "A.0", "ImageVersion": "A.0", "SubsystemVersion": "A.0", "Win32VersionValue": 0, "SizeOfImage": 253952, "SizeOfHeaders": 1024, "Checksum": 240409, "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_GUI", "DllCharacteristics": [ "IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE", "IMAGE_DLLCHARACTERISTICS_GUARD_CF", "IMAGE_DLLCHARACTERISTICS_NX_COMPAT", "IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE" ], "SizeofStackReserve": 262144, "SizeofStackCommit": 69632, "SizeofHeapReserve": 1048576, "SizeofHeapCommit": 4096, "LoaderFlags": 0, "NumberOfRvaAndSizes": 16 }, "Imports": { "ADVAPI32.dll": [ "OpenProcessToken", "GetTokenInformation", "DuplicateEncryptionInfoFile", "RegSetValueExW", "RegQueryValueExW", "RegCreateKeyW", "RegCloseKey", "RegOpenKeyExW", "EventSetInformation", "EventRegister", "EventUnregister", "EventWriteTransfer", "IsTextUnicode" ], "KERNEL32.dll": [ "MultiByteToWideChar", "LocalReAlloc", "UnmapViewOfFile", "LocalSize", "GetStartupInfoW", "FindNLSString", "MapViewOfFile", "GlobalLock", "GlobalUnlock", "HeapSetInformation", "GetCurrentProcessId", "GetFileInformationByHandle", "GetFileAttributesExW", "GetFullPathNameW", "SetEndOfFile", "DeleteFileW", "GetACP", "GetLastError", "GetFileAttributesW", "WriteFile", "SetLastError", "WideCharToMultiByte", "GetTimeFormatW", "GetDateFormatW", "GetLocalTime", "GetUserDefaultUILanguage", "FoldStringW", "LocalUnlock", "LocalLock", "FormatMessageW", "FindClose", "FindFirstFileW", "GetCommandLineW", "GetCurrentProcess", "MulDiv", "lstrcmpW", "GlobalAlloc", "GetLocaleInfoW", "GlobalFree", "LocalAlloc", "CloseHandle", "ReadFile", "CreateFileW", "SetErrorMode", "lstrcmpiW", "LocalFree", "CreateFileMappingW", "GetStartupInfoA" ], "GDI32.dll": [ "CreateDCW", "StartPage", "StartDocW", "SetAbortProc", "DeleteDC", "EndDoc", "AbortDoc", "EndPage", "GetTextMetricsW", "SetBkMode", "LPtoDP", "SetWindowExtEx", "SetViewportExtEx", "SetMapMode", "GetTextExtentPoint32W", "TextOutW", "EnumFontsW", "GetTextFaceW", "SelectObject", "DeleteObject", "GetDeviceCaps", "CreateFontIndirectW" ], "USER32.dll": [ "TranslateMessage", "DispatchMessageW", "UnhookWinEvent", "SetWindowTextW", "GetMenuState", "OpenClipboard", "IsClipboardFormatAvailable", "CloseClipboard", "SetDlgItemTextW", "GetDlgItemTextW", "EndDialog", "SendDlgItemMessageW", "WinHelpW", "GetCursorPos", "ScreenToClient", "ChildWindowFromPoint", "GetParent", "SetScrollPos", "InvalidateRect", "TranslateAcceleratorW", "GetWindowPlacement", "SetWindowPlacement", "CharUpperW", "GetSystemMenu", "LoadAcceleratorsW", "SetWindowLongW", "RegisterWindowMessageW", "LoadCursorW", "CreateWindowExW", "LoadImageW", "RegisterClassExW", "GetWindowTextLengthW", "GetWindowLongW", "PeekMessageW", "GetWindowTextW", "EnableWindow", "CreateDialogParamW", "DrawTextExW", "SetActiveWindow", "IsDialogMessageW", "GetMessageW", "SetWinEventHook", "CharNextW", "RedrawWindow", "GetKeyboardLayout", "SetWindowPos", "GetDlgCtrlID", "GetForegroundWindow", "MessageBeep", "DestroyWindow", "IsIconic", "PostQuitMessage", "DefWindowProcW", "UpdateWindow", "LoadStringW", "SetCursor", "ReleaseDC", "GetDC", "CheckMenuItem", "MessageBoxW", "GetFocus", "LoadIconW", "DialogBoxParamW", "SetFocus", "GetSubMenu", "EnableMenuItem", "GetMenu", "PostMessageW", "SetThreadDpiAwarenessContext", "MoveWindow", "GetClientRect", "SendMessageW", "#2577", "#2704", "#2702", "#2707", "ShowWindow" ], "msvcrt.dll": [ "_lock", "_except_handler4_common", "_controlfp", "?terminate@@YAXXZ", "_acmdln", "memset", "memcpy", "_initterm", "__dllonexit", "_ismbblead", "__p__fmode", "_cexit", "_exit", "exit", "__set_app_type", "__getmainargs", "_amsg_exit", "__p__commode", "_XcptFilter", "iswctype", "wcsnlen", "_wcsicmp", "_wtol", "_onexit", "__setusermatherr", "_unlock", "_callnewh", "malloc", "_vsnwprintf", "strchr", "memcpy_s", "_purecall", "free", "__CxxFrameHandler3" ], "api-ms-win-core-com-l1-1-1.dll": [ "CoCreateGuid", "CoUninitialize", "CoInitializeEx", "CoCreateInstance", "CoTaskMemAlloc", "CoTaskMemFree", "PropVariantClear", "CoCreateFreeThreadedMarshaler", "CoWaitForMultipleHandles" ], "OLEAUT32.dll": [ "#6", "#2" ], "api-ms-win-core-synch-l1-2-0.dll": [ "CreateSemaphoreExW", "OpenSemaphoreW", "WaitForSingleObject", "WaitForSingleObjectEx", "Sleep", "CreateEventExW", "ReleaseSemaphore", "SetEvent", "CreateMutexExW", "ReleaseMutex" ], "api-ms-win-core-errorhandling-l1-1-1.dll": [ "UnhandledExceptionFilter", "SetUnhandledExceptionFilter", "RaiseException" ], "api-ms-win-core-processthreads-l1-1-2.dll": [ "TerminateProcess", "GetCurrentThreadId" ], "api-ms-win-core-libraryloader-l1-2-0.dll": [ "GetModuleFileNameW", "GetModuleHandleA", "LoadLibraryExW", "FreeLibrary", "GetModuleHandleW", "GetModuleHandleExW", "GetProcAddress", "GetModuleFileNameA" ], "api-ms-win-core-profile-l1-1-0.dll": [ "QueryPerformanceCounter" ], "api-ms-win-core-sysinfo-l1-2-1.dll": [ "GetTickCount", "GetSystemTimeAsFileTime" ], "api-ms-win-core-heap-l1-2-0.dll": [ "HeapAlloc", "HeapFree", "GetProcessHeap" ], "api-ms-win-core-winrt-string-l1-1-0.dll": [ "WindowsCreateStringReference", "WindowsDeleteString", "WindowsCreateString", "WindowsGetStringRawBuffer" ], "api-ms-win-core-winrt-error-l1-1-1.dll": [ "RoGetMatchingRestrictedErrorInfo", "SetRestrictedErrorInfo" ], "api-ms-win-core-string-l1-1-0.dll": [ "CompareStringOrdinal" ], "api-ms-win-core-winrt-l1-1-0.dll": [ "RoGetActivationFactory" ], "api-ms-win-core-debug-l1-1-1.dll": [ "OutputDebugStringW" ], "COMCTL32.dll": [ "#345", "CreateStatusWindowW" ], "COMDLG32.dll": [ "FindTextW", "ChooseFontW", "GetSaveFileNameW", "GetOpenFileNameW", "CommDlgExtendedError", "PageSetupDlgW", "ReplaceTextW", "GetFileTitleW", "PrintDlgExW" ], "FeClient.dll": [ "EfsClientDecryptFile" ], "ntdll.dll": [ "WinSqmAddToStream" ], "PROPSYS.dll": [ "PSGetPropertyDescriptionListFromString", "PropVariantToStringVectorAlloc" ], "SHELL32.dll": [ "SHCreateItemFromParsingName", "DragQueryFileW", "SHAddToRecentDocs", "DragFinish", "DragAcceptFiles", "ShellAboutW" ], "SHLWAPI.dll": [ "PathIsFileSpecW", "PathFileExistsW", "PathIsNetworkPathW", "PathFindExtensionW", "SHStrDupW" ], "WINSPOOL.DRV": [ "OpenPrinterW", "ClosePrinter", "GetPrinterDriverW" ], "urlmon.dll": [ "FindMimeFromData" ] }, "Load Configuration": { "Size": 128, "TimeDateStamp": "1970-Jan-01 00:00:00", "Version": "0.0", "GlobalFlagsClear": [], "GlobalFlagsSet": [], "CriticalSectionDefaultTimeout": 0, "DeCommitFreeBlockThreshold": 0, "DeCommitTotalFreeThreshold": 0, "LockPrefixTable": 0, "MaximumAllocationSize": 0, "VirtualMemoryThreshold": 0, "ProcessAffinityMask": 0, "ProcessHeapFlags": [], "CSDVersion": 0, "Reserved1": 0, "EditList": 0, "SecurityCookie": 4309380, "SEHandlerTable": 4211856, "SEHandlerCount": 2, "GuardCFCheckFunctionPointer": 4322484, "GuardCFDispatchFunctionPointer": 0, "GuardCFFunctionTable": 0, "GuardCFFunctionCount": 0, "GuardFlags": [], "CodeIntegrity.Flags": 0, "CodeIntegrity.Catalog": 0, "CodeIntegrity.CatalogOffset": 0, "CodeIntegrity.Reserved": 0, "GuardAddressTakenIatEntryTable": 0, "GuardAddressTakenIatEntryCount": 0, "GuardLongJumpTargetTable": 0, "GuardLongJumpTargetCount": 0 }, "PE Header": { "Signature": "PE", "Machine": "IMAGE_FILE_MACHINE_I386", "NumberofSections": 5, "TimeDateStamp": "2016-Jul-16 01:36:48", "PointerToSymbolTable": 0, "NumberOfSymbols": 0, "SizeOfOptionalHeader": 224, "Characteristics": [ "IMAGE_FILE_32BIT_MACHINE", "IMAGE_FILE_EXECUTABLE_IMAGE" ] }, "Plugins": { "imports": { "level": 3, "plugin_output": { "[!] The program may be hiding some of its imports": [ "LoadLibraryExW", "GetProcAddress" ], "Can access the registry": [ "RegSetValueExW", "RegQueryValueExW", "RegCreateKeyW", "RegCloseKey", "RegOpenKeyExW" ], "Functions related to the privilege level": [ "OpenProcessToken" ] }, "summary": "The PE contains functions mostly used by malware." }, "virustotal": { "level": 0, "plugin_output": { "info_0": "All the AVs think this file is safe." }, "summary": "VirusTotal score: 0/65 (Scanned on 2018-02-03 11:13:46)" } }, "RICH Header": { "XOR Key": 915476810, "Unmarked objects": 0, "Imports (VS2008 SP1 build 30729)": 28, "ASM objects (23917)": 3, "C objects (23917)": 21, "C++ objects (23917)": 4, "Imports (23917)": 29, "Total imports": 276, "264 (23917)": 26, "Resource objects (23917)": 1, "Linker (23917)": 1 }, "Resources": { "MICROSOFTEDPENLIGHTENEDAPPINFO": { "Type": "EDPENLIGHTENEDAPPINFOID", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 2, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 1, "MD5": "25daad3d9e60b45043a70c4ab7d3b1c6", "SHA1": "0e356ba505631fbf715758bed27d503f8b260e3a", "SHA256": "47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254", "SHA3": "47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc" }, "MICROSOFTEDPPERMISSIVEAPPINFO": { "Type": "EDPPERMISSIVEAPPINFOID", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 2, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 1, "MD5": "25daad3d9e60b45043a70c4ab7d3b1c6", "SHA1": "0e356ba505631fbf715758bed27d503f8b260e3a", "SHA256": "47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254", "SHA3": "47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc" }, "1": { "Type": "MUI", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 328, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.04007, "MD5": "a1125c9a796a5bfe16162d73c68913f8", "SHA1": "fc6bb615fce392de94ab506e8fd8ac7048c35aea", "SHA256": "73c1385b73f068c75d9e13664ca961c212057bf63d344070aabd8b9c3d04f1d7", "SHA3": "b8675efcdf2b8aff23c182220eba749a20757bc204c07cf5c76cc679a38a639d" }, "1 (#2)": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 1640, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.14638, "MD5": "5e0424a037ed1cf4b86d9caed970dff9", "SHA1": "ba25c046ab514ed9c0fe80d94b538cc14eb9873e", "SHA256": "9cfb3aa9a4d088001f7f04eca941768005a833b82c7a468758758db4851aaf7d", "SHA3": "52bb085f2b6bc4139fdd5dddf1270ac5ab0d718640a03a4553d58f9141ba1a18" }, "2": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 744, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.46342, "MD5": "e90a939e1107e27e1d95c25e2eb0f65a", "SHA1": "0803a228263f67063a0d9ceb8b83638096c61b2a", "SHA256": "b096e4dddb79ce105a0c4ed8e8e0a42012910af392b49a27223fe4a3853291a2", "SHA3": "a547598048e9e5a2f151cab7647e631768c5d1bc83ed2d1c8b337dfd4dd5e372" }, "3": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 488, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.41509, "MD5": "44b38e737f03387a86db70708b9c5c4a", "SHA1": "44e99cdff9be3d4bea4ded3ebcde372ba56baacb", "SHA256": "e6fd723d8995f3c9a271bcf3cd168d772edbae433ec92138138bd73509b70394", "SHA3": "6d6c519d41df66f6de815b571062fa1ff3ec142c4b040374c4a2e4237829acf4" }, "4": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 296, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.19139, "MD5": "4c7576e8f541bb3e4915569e56509ae1", "SHA1": "0dc868575ce6ed6b549f802c5f76b3595e754147", "SHA256": "26221463542ad738ffb44cea755f5fa9de96f60ecd60e77e916f119772b76721", "SHA3": "5031fd914a31642187c6ee518342092b19bc479212e0a1f67a7827a300b11d5f" }, "5": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 3752, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 5.33873, "MD5": "7684234aae030b0e361b77c545f619ad", "SHA1": "34f7b236d427701a82527e0c3f3b5cfad2b37373", "SHA256": "8369d3da7b57396a5ee78180ae5cc14f6b221d24f0dd7bcdea08e8fd72fe1629", "SHA3": "c06855cd1cb761ba46cfd6703ed55889c5e22e421d48fdf1396448fb0cee8f85" }, "6": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 2216, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 5.88711, "MD5": "30678f5b06bc441a5bd8ed2848236144", "SHA1": "1adf74277fe7a55c071771793d7e7a7077583f9a", "SHA256": "a2168a636b61b10eb79fc206ff59759a540b0bc50d647b12b0d9307f05a67a6d", "SHA3": "06f683a14c16a932ff56038bee77a48768f76b6b522abd76b72005977e2a7104" }, "7": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 1736, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 5.77815, "MD5": "c50e91e6d59210580879f7bc5bd36d62", "SHA1": "7c87c25593e11a38033eaae1f613feecb190cd82", "SHA256": "8b42d06bec9c3d35da35f76e0cca9f3a54a8cf20f16964b9e96723f4c8dc4561", "SHA3": "578047f04726ad769f9af3d11704858d6320710f23cb9db168ea3b1d7a0c45e6" }, "8": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 1384, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.50319, "MD5": "011bde7b9c82d9453b7222950f92b18b", "SHA1": "2293e504ce311c482fee674198ec1ac2ffbd82f6", "SHA256": "dff0eed97555ee8f8a77fcac31e6d72bb11881e26eee69d5d5b731219de3c788", "SHA3": "45b672e12f38af60a224782a1eaa6fabe4b286473b24bbbdee70a82280ecc44d" }, "9": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 72024, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 7.92667, "Detected Filetype": "PNG graphic file", "MD5": "489350e7dbc2bd241eeeaf928c84198b", "SHA1": "bc50c87a93df8fa475994e5bec8c18f826d2790e", "SHA256": "dc43f5a4d409399ac9d014a3200eb8467a1256091132d27c096116da451d0aee", "SHA3": "2ce1ce5c3caabb4d40b8659cd1927cc34d3fe078e81feee7eb029740e123e332" }, "10": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 9640, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 4.91734, "MD5": "a0873adc85c929c39f54b1e889c20411", "SHA1": "a6778fc4cd3630e32ffd09491b9817eb549df98c", "SHA256": "054ae41265916de67a1444323c375e9bc8a77d374725aa0097fcc7abc882cf84", "SHA3": "845ecb1f9b158c9be9356b7ac225906a52ebb30ee74a35c6831c1ed0508b0b6b" }, "11": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 4264, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 5.5052, "MD5": "02f5aa301d295fa4ee30646e84ccdc84", "SHA1": "0973663fb700560f73b3fa839af2cdb5cdd35a91", "SHA256": "d3f2dc2ab4931a5892c2f8fb3fed87f84145bc8457b01f73651532e187eff417", "SHA3": "373758198c6ebba8b2dc5b5919e8926470af328251eb707070d3a1b02d0fc39e" }, "12": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 2440, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 5.68535, "MD5": "619569ee7f33365f88c67e5792ed5545", "SHA1": "146f599e47c7440cabb569e219042feb53f72bad", "SHA256": "7a1ede8d87b5e96a18742ea533e91325ff4fecb917a36bab3ddf2e2003053989", "SHA3": "be4bf9fbf543b75ab22d303c83563805afab0346a0a80e384913d2ec9f6ee766" }, "13": { "Type": "RT_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 1128, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 5.42791, "MD5": "4aac2b52c5ac1670ebde434fd25a57e3", "SHA1": "05297673819212e45963685777defc78bf195ae9", "SHA256": "6e9662f0050a45633759bb21e7a6a395479673a5d6b9fcb80c34637c8d1fb45a", "SHA3": "0904557d3576c69d341c3826c0fd69e1c7f24d374fa9f56cf3ee73ff2d05458d" }, "2 (#2)": { "Type": "RT_GROUP_ICON", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 188, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.08181, "Detected Filetype": "Icon file", "MD5": "7c02d334d2fd7620f9597a31f3fc404b", "SHA1": "4ecbb36af4cd46a792d513076f4e3a287935df07", "SHA256": "ac169d9ac176c5b6a2c3e06942b958ea9c789bd82f79b2f1ac0197e37a3149d4", "SHA3": "2c2ad36d5c878c1a1648e4a115ab6c443ae3aa28802570ce06aa90a658dacf48" }, "1 (#3)": { "Type": "RT_VERSION", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 892, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 3.44357, "MD5": "7dfd5a669efc9cbc7bc6ef1ac855ad40", "SHA1": "ccfe11e4b8fa5e919665f80820f45e66197912dc", "SHA256": "f1a70647842fcba4f3d01e5b19b8ebc38b65a098aeac1f2d56accc88ba1ea643", "SHA3": "4064b6175be183ef8df053e9d23af9b6689f08695cca91d5f3ec2874671e10bb" }, "1 (#4)": { "Type": "RT_MANIFEST", "Language": "English - United States", "Codepage": "UNKNOWN", "Size": 1183, "TimeDateStamp": "1980-Jan-01 00:00:00", "Entropy": 4.96914, "MD5": "a5e39484c9cb702977a5aeb68bc4fa6d", "SHA1": "c6d5658756ac67aaeaecab07ce0e0fee29fcb267", "SHA256": "b2942ed2517b654beab00d48a6c97244f5ca5175fc433fb3644d8235aa16ed8a", "SHA3": "ab5f856778dd61c93596559262b690b56dcdd25bcabd5a379d9248f50bee85dd" } }, "Sections": { ".text": { "MD5": "4126b5c750b795e6a77fa73030fbd9da", "SHA1": "05a29849be4a024b5a232f05fe736c02444b448c", "SHA256": "7b1987235e4f9c7127c334ecb70c49573ddc6a3de7aeb3434521d29193c78d26", "SHA3": "89f1d8d135ec1dc0a5bc16b4d90b72a042985faefb47c4f89d7f5b882a18ab5f", "VirtualSize": 106660, "VirtualAddress": 4096, "SizeOfRawData": 107008, "PointerToRawData": 1024, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_CODE", "IMAGE_SCN_MEM_EXECUTE", "IMAGE_SCN_MEM_READ" ], "Entropy": 6.59261 }, ".data": { "MD5": "efde5fbfa2ff580351478ddfc8d2270c", "SHA1": "866c94b8b07e3f9c8833e508d9fdb6aa23842508", "SHA256": "f461d0c6f5b5a0bf14bdc71047446710cb99a8a2542b69acc39b806592a06b43", "SHA3": "cb2c3c402ea40c02cdc5eef662e1c944a020c24ab9d04e14968089151318f875", "VirtualSize": 9892, "VirtualAddress": 114688, "SizeOfRawData": 2048, "PointerToRawData": 108032, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ", "IMAGE_SCN_MEM_WRITE" ], "Entropy": 2.22827 }, ".idata": { "MD5": "8645fdbef5cbb75c0dff973668823ed7", "SHA1": "14d68ea353e9e9083e59d33c39d14613027b5f3c", "SHA256": "7ab9553bfbc80f4c4d3312daeb0b6c50260ad339a590be86e06f2e01d18354a8", "SHA3": "311932ae18be7c3a6340a4211afe54a97d53a5e5e40d364511aff65e19c93550", "VirtualSize": 8276, "VirtualAddress": 126976, "SizeOfRawData": 8704, "PointerToRawData": 110080, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 5.36007 }, ".rsrc": { "MD5": "b15c6135e7536ba68c755811ffd1849a", "SHA1": "39fa23fc60c52dd595c11993e928d3a29281199d", "SHA256": "065b788861d9778172983d551df5cef674d335499dc53a28dd5ccb1018634e51", "SHA3": "bf0e20b67402ad8991692026609a5a2f4483b7b7e4a40f2781882b505def5427", "VirtualSize": 105696, "VirtualAddress": 139264, "SizeOfRawData": 105984, "PointerToRawData": 118784, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_READ" ], "Entropy": 7.35916 }, ".reloc": { "MD5": "bb69057ee4a00d79797e57f6c352606e", "SHA1": "e0c1f88dd6823883205a35cbd031e6181cad7e55", "SHA256": "0e4bb59e2db8f67bd5d1910b2e4bc5b0624d4840ccff940d62d8ad5c99c3d6d3", "SHA3": "496eb942177369bf3db23ef2073ad15d7f972a561b7f8aea3c0cc3c6a1d9f1e7", "VirtualSize": 7248, "VirtualAddress": 245760, "SizeOfRawData": 7680, "PointerToRawData": 224768, "PointerToRelocations": 0, "PointerToLineNumbers": 0, "NumberOfLineNumbers": 0, "NumberOfRelocations": 0, "Characteristics": [ "IMAGE_SCN_CNT_INITIALIZED_DATA", "IMAGE_SCN_MEM_DISCARDABLE", "IMAGE_SCN_MEM_READ" ], "Entropy": 6.64698 } }, "Summary": { "Architecture": "IMAGE_FILE_MACHINE_I386", "Subsystem": "IMAGE_SUBSYSTEM_WINDOWS_GUI", "Compilation Date": "2016-Jul-16 01:36:48", "Detected languages": [ "English - United States" ], "Debug artifacts": [ "notepad.pdb" ], "CompanyName": "Microsoft Corporation", "FileDescription": "Notepad", "FileVersion": "10.0.14393.0 (rs1_release.160715-1616)", "InternalName": "Notepad", "LegalCopyright": "\u00a9 Microsoft Corporation. All rights reserved.", "OriginalFilename": "NOTEPAD.EXE", "ProductName": "Microsoft\u00ae Windows\u00ae Operating System", "ProductVersion": "10.0.14393.0" }, "Version Info": { "Resource LangID": "English - United States", "VS_VERSION_INFO": { "Signature": 4277077181, "StructVersion": 65536, "FileVersion": "10.0.14393.0", "ProductVersion": "10.0.14393.0", "FileFlags": [], "FileOs": [ "VOS_DOS_WINDOWS32", "VOS_NT", "VOS_NT_WINDOWS32", "VOS_WINCE", "VOS__WINDOWS32" ], "FileType": "VFT_APP", "Language": "English - United States", "CompanyName": "Microsoft Corporation", "FileDescription": "Notepad", "FileVersion (#2)": "10.0.14393.0 (rs1_release.160715-1616)", "InternalName": "Notepad", "LegalCopyright": "\u00a9 Microsoft Corporation. All rights reserved.", "OriginalFilename": "NOTEPAD.EXE", "ProductName": "Microsoft\u00ae Windows\u00ae Operating System", "ProductVersion (#2)": "10.0.14393.0" } } } }