Manalyze report for 000cbb278e4f0194e7c693160d7975bb

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2012-Apr-01 15:42:02
Detected languages	English - United States
CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion	`5.00.2140.1`
InternalName	Notepad
LegalCopyright	Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename	NOTEPAD.EXE
ProductName	Microsoft(R) Windows (R) 2000 Operating System
ProductVersion	`5.00.2140.1`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)`
Suspicious	The PE is possibly packed.	`Unusual section name found: .g7` `Unusual section name found: .g6` `Unusual section name found: .g5` `Unusual section name found: .g4` `Unusual section name found: .g3` `Unusual section name found: .g2`
Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: LoadLibraryA GetProcAddress LoadLibraryExA` `Can access the registry: RegisterHotKey RegOpenKeyExW` `Uses functions commonly found in keyloggers: AttachThreadInput MapVirtualKeyW GetForegroundWindow MapVirtualKeyA` `Enumerates local disk drives: GetLogicalDriveStringsA` `Manipulates other processes: ReadProcessMemory WriteProcessMemory`
Suspicious	The file contains overlay data.	`2 bytes of data starting at offset 0x25227.`
Info	The PE is digitally signed.	`Signer: UBLZtyA7ZCIkZc8` `Issuer: UBLZtyA7ZCIkZc8`
Malicious	VirusTotal score: 59/70 (Scanned on 2019-11-19 18:54:37)	`DrWeb: Trojan.PWS.Multi.471` `MicroWorld-eScan: Gen:Variant.Razy.164359` `FireEye: Generic.mg.000cbb278e4f0194` `CAT-QuickHeal: TrojanPWS.Zbot.Gen` `McAfee: PWS-Zbot.gen.beu` `Zillya: Trojan.Kryptik.Win32.926876` `K7AntiVirus: Spyware ( 003919791 )` `Alibaba: Packed:Win32/Krap.5a25a3ec` `K7GW: Spyware ( 003919791 )` `CrowdStrike: win/malicious_confidence_100% (W)` `TrendMicro: TROJ_FAKEAV.SMFW` `BitDefenderTheta: Gen:NN.ZexaF.32251.jO1@a0FBIddi` `F-Prot: W32/Zbot.DQ.gen!Eldorado` `Symantec: Packed.Generic.406` `ESET-NOD32: a variant of Win32/Kryptik.ADLV` `TrendMicro-HouseCall: TROJ_FAKEAV.SMFW` `TotalDefense: Win32/Fareit.A!generic` `Avast: Win32:Karagany` `Kaspersky: Packed.Win32.Krap.iu` `BitDefender: Gen:Variant.Razy.164359` `NANO-Antivirus: Trojan.Win32.Multi.uyhgc` `Paloalto: generic.ml` `AegisLab: Hacktool.Win32.Krap.lKMc` `Endgame: malicious (high confidence)` `Sophos: Troj/Zbot-DHN` `Comodo: TrojWare.Win32.Kryptik.ADKA@4nqnb0` `F-Secure: Trojan.TR/Spy.Zbot.dpttnma` `Baidu: Win32.Adware.Kryptik.b` `VIPRE: Trojan.Win32.Reveton.ca (v)` `Invincea: heuristic` `McAfee-GW-Edition: PWS-Zbot.gen.beu` `Fortinet: W32/ZBOT.HL!tr` `Trapmine: malicious.high.ml.score` `Emsisoft: Gen:Variant.Razy.164359 (B)` `Ikarus: Trojan.Win32.Yakes` `Cyren: W32/Zbot.DQ.gen!Eldorado` `Jiangmin: Trojan/Generic.zblu` `Webroot: W32.Infostealer.Zeus` `Avira: TR/Spy.Zbot.dpttnma` `MAX: malware (ai score=100)` `Antiy-AVL: Trojan[Packed]/Win32.Krap` `Arcabit: Trojan.Razy.D28207` `ZoneAlarm: Packed.Win32.Krap.iu` `Microsoft: PWS:Win32/Fareit` `AhnLab-V3: Dropper/Win32.Injector.R23007` `Acronis: suspicious` `VBA32: BScope.Malware-Cryptor.SB.01798` `ALYac: Gen:Variant.Razy.164359` `Ad-Aware: Gen:Variant.Razy.164359` `Cylance: Unsafe` `APEX: Malicious` `Rising: Spyware.Zbot!8.16B (TFE:1:O1uYTXJ9E5O)` `Yandex: TrojanSpy.ZBot.Gen!Pac.29` `SentinelOne: DFI - Malicious PE` `GData: Gen:Variant.Razy.164359` `AVG: Win32:Karagany` `Cybereason: malicious.78e4f0` `Panda: Trj/Genetic.gen` `Qihoo-360: Win32/Trojan.cfa`

Hashes

MD5	`000cbb278e4f0194e7c693160d7975bb`
SHA1	`37816b3dd863e3b706c72cd783107ac795332647`
SHA256	`3f8e6cbdb5b689a149346ad692ff53e92520497b61c1737fc721fc86b95a5e09`
SHA3	`5f1028c10a453ae90b5353e9198bea0d8b9078dd87faab0dc70c714c748db7c8`
SSDeep	`3072:BDE1UYk4Vz9QXoiTmKnxoTFnWQyuTFslBgpuT/PTN6:9skoimKGnWQyucfk`
Imports Hash	`4d55512cc189cfed2943eabfa87a73d2`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`10`
TimeDateStamp	2012-Apr-01 15:42:02
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`2.0`
SizeOfCode	`0x18600`
SizeOfInitializedData	`0xc600`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00001400 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x1a000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0x2c000`
SizeOfHeaders	`0x400`
Checksum	`0x2b01f`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`1d254b4122e13b65246e9ad59ff67379`
SHA1	`a6e583184aec76d948709b578aff8992a9cc895f`
SHA256	`36899e4cbe5dadb0f49ba2a3426692c2316a03b030f78440708ea20bbc424048`
SHA3	`185b9bee1ca0833ce704ec8ed798491aba90f0e2f19b12676711c2baa92e5ae4`
VirtualSize	`0x1859a`
VirtualAddress	`0x1000`
SizeOfRawData	`0x18600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`7.52002`

.data

MD5	`795a837aae07aa5c2857d751cc8f1f11`
SHA1	`2c7eb63bf0eb2b352eb2024c60168a95520a5cef`
SHA256	`c5049985ef7fb615c173f65c217f2a832b30801686be1736bbb5903e466e7347`
SHA3	`9bc4526c87ba2381e54a4916fb0a76936cf4fc79449797c7ebc1db8f7eb48893`
VirtualSize	`0x4a40`
VirtualAddress	`0x1a000`
SizeOfRawData	`0x4a00`
PointerToRawData	`0x18a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`5.64004`

.g7

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3e8`
VirtualAddress	`0x1f000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1d400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.g6

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3e8`
VirtualAddress	`0x20000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1d800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.g5

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3e8`
VirtualAddress	`0x21000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1dc00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.g4

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3e8`
VirtualAddress	`0x22000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1e000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.g3

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3e8`
VirtualAddress	`0x23000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1e400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.g2

MD5	`0f343b0931126a20f133d67c2b018a3b`
SHA1	`60cacbf3d72e1e7834203da608037b1bf83b40e8`
SHA256	`5f70bf18a086007016e948b04aed3b82103a36bea41755b6cddfaf10ace3c6ef`
SHA3	`6841b2c10aa6e5f7a384143e4de58fbc9aa28a4b742e9ad4ed14ba148a723a43`
VirtualSize	`0x3e8`
VirtualAddress	`0x24000`
SizeOfRawData	`0x400`
PointerToRawData	`0x1e800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0`

.rsrc

MD5	`5c90aad41c682b87c749d6e48f2101de`
SHA1	`84ee41bf57212ec6af2618749a924240eb172b3c`
SHA256	`90eb2d18f89370e75078e88c05c351a3940b5d058dc9ddb50f650fa181c7c69f`
SHA3	`7c7aae7aadc4b4d8dd968fc275e727e1815019e37f70b3f81b4fae4138e28b08`
VirtualSize	`0x5058`
VirtualAddress	`0x25000`
SizeOfRawData	`0x5200`
PointerToRawData	`0x1ec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.23962`

.reloc

MD5	`cc6bc2b0f5c6b3230a8cfa57de4f5538`
SHA1	`f5b08f370a657722233c6153399387e29db39180`
SHA256	`54aa2561994c755dcf75e651f4ea07ef611b923625102c058436202d7dcdf90f`
SHA3	`2f9d5d85812b22a43bbf74d9ccfd5e68d0b5fe53b7a17a136e3143bd5b2018ef`
VirtualSize	`0xff4`
VirtualAddress	`0x2b000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x23e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`6.55084`

Imports

KERNEL32.dll	`VirtualAlloc` `CreateFileA` `GetWindowsDirectoryA` `LoadLibraryA` `GetProcAddress` `lstrcatA` `SetStdHandle` `CommConfigDialogA` `LeaveCriticalSection` `_lopen` `GetAtomNameW` `CompareFileTime` `ReadConsoleA` `GetCurrentThread` `FindResourceExA` `lstrcmpA` `GlobalAddAtomW` `GlobalFix` `DisconnectNamedPipe` `CancelDeviceWakeupRequest` `FreeConsole` `GlobalFree` `OpenEventA` `IsBadHugeReadPtr` `SetConsoleCP` `FindAtomW` `ScrollConsoleScreenBufferA` `LocalUnlock` `SetFileApisToOEM` `FoldStringA` `GetCommConfig` `SystemTimeToTzSpecificLocalTime` `FindVolumeMountPointClose` `GetThreadPriorityBoost` `RtlFillMemory` `GetConsoleAliasExesA` `EnumSystemCodePagesW` `CancelIo` `FindFirstVolumeMountPointW` `DeleteFileA` `DosDateTimeToFileTime` `EnumCalendarInfoA` `RtlMoveMemory` `FindResourceW` `GetCurrentDirectoryW` `FindNextVolumeMountPointW` `CreateSemaphoreA` `FindFirstFileExA` `SetVolumeMountPointA` `AllocConsole` `ReadConsoleOutputW` `GetCalendarInfoA` `GetWindowsDirectoryW` `ResetWriteWatch` `LoadLibraryExA` `ReadConsoleInputA` `Thread32First` `ReadConsoleOutputA` `GetPrivateProfileSectionNamesW` `GetThreadContext` `SetProcessAffinityMask` `GetDiskFreeSpaceExW` `CreateWaitableTimerW` `GetVolumePathNameA` `QueueUserAPC` `WriteConsoleInputW` `GetDiskFreeSpaceW` `PrepareTape` `SetConsoleCtrlHandler` `GetFileSizeEx` `lstrcpyn` `GetLocaleInfoW` `GetDateFormatW` `SuspendThread` `GetPrivateProfileStringW` `SetThreadIdealProcessor` `GetBinaryType` `InterlockedExchangeAdd` `GetShortPathNameA` `GetConsoleAliasExesW` `FindFirstVolumeA` `AddAtomA` `MultiByteToWideChar` `GetCalendarInfoW` `Beep` `WriteConsoleOutputW` `_llseek` `ReplaceFileW` `_hwrite` `EnumSystemLanguageGroupsW` `GetTapePosition` `WriteProfileStringW` `GetPriorityClass` `GetStartupInfoW` `EnumTimeFormatsA` `MoveFileWithProgressW` `GetComputerNameW` `LocalFileTimeToFileTime` `AddAtomW` `WaitNamedPipeW` `SetTapePosition` `GetNamedPipeHandleStateA` `SetComputerNameExA` `ReadProcessMemory` `FormatMessageW` `EraseTape` `ExpandEnvironmentStringsW` `GetCompressedFileSizeW` `GlobalDeleteAtom` `BackupRead` `lstrcpy` `BackupWrite` `GetLogicalDriveStringsA` `GetSystemWindowsDirectoryW` `GetCurrentConsoleFont` `BuildCommDCBW` `SetCalendarInfoA` `SetProcessShutdownParameters` `GetTimeFormatA` `WriteProcessMemory` `VerifyVersionInfoA` `SwitchToFiber` `FreeEnvironmentStringsW` `CopyFileExW` `SetDefaultCommConfigW` `EnumSystemLocalesW` `GetProfileStringA` `lstrcpynA` `WriteFileEx` `LockResource` `GetComputerNameExW` `RemoveDirectoryW` `CreateHardLinkA` `SetEvent` `HeapAlloc` `GetLocalTime` `FillConsoleOutputCharacterW` `GetVersionExA` `CreateFileW` `SetWaitableTimer` `MapUserPhysicalPagesScatter` `GetFileAttributesW` `CreateFileMappingA` `GetPrivateProfileStructW` `HeapDestroy` `DeleteTimerQueue` `GetSystemWindowsDirectoryA` `FindFirstVolumeMountPointA` `ProcessIdToSessionId` `SetThreadPriority` `GetThreadPriority` `FindNextFileA` `IsProcessorFeaturePresent` `IsBadReadPtr` `GlobalFindAtomA` `GetFileTime` `GetSystemDefaultLCID` `SetEndOfFile` `IsBadStringPtrA` `VerLanguageNameW` `EnumDateFormatsW` `QueryInformationJobObject` `MapViewOfFile` `GetSystemPowerStatus` `GetPrivateProfileStringA` `SetCommTimeouts` `DefineDosDeviceW` `DisableThreadLibraryCalls` `GetSystemInfo` `GetLongPathNameW` `GetModuleHandleA` `FillConsoleOutputCharacterA` `GetVolumeNameForVolumeMountPointW` `SetFileApisToANSI` `FlushInstructionCache` `GetSystemTime` `WaitForDebugEvent`
USER32.dll	`BeginPaint` `GetClientRect` `EndPaint` `PostQuitMessage` `DefWindowProcA` `LoadIconA` `LoadCursorA` `CreateWindowExA` `RegisterClassExA` `LoadAcceleratorsA` `GetScrollRange` `DragDetect` `GetWindowModuleFileNameW` `DestroyIcon` `DefFrameProcW` `EnumThreadWindows` `DdeDisconnect` `GetMenuItemCount` `GetMessageA` `EnumPropsW` `ClipCursor` `DdeEnableCallback` `SetWindowTextW` `SetScrollRange` `AttachThreadInput` `DispatchMessageA` `GetOpenClipboardWindow` `TrackMouseEvent` `SwapMouseButton` `InsertMenuW` `DrawTextExW` `DlgDirListW` `GetDialogBaseUnits` `IsDlgButtonChecked` `SetSystemCursor` `CharUpperA` `SetCursor` `TranslateAcceleratorA` `SendMessageCallbackW` `EnableMenuItem` `CloseClipboard` `DdeFreeDataHandle` `SetParent` `GetKeyNameTextW` `PostThreadMessageA` `TileChildWindows` `RedrawWindow` `MessageBeep` `DrawAnimatedRects` `GetClassInfoA` `DrawCaption` `EnumDisplayMonitors` `EnumDisplayDevicesW` `EndDeferWindowPos` `LoadCursorFromFileA` `GetUpdateRect` `DdeConnect` `MapVirtualKeyW` `GetKeyNameTextA` `ValidateRect` `RemovePropW` `DdeQueryStringW` `DrawStateA` `SetWindowPlacement` `SendNotifyMessageW` `LockSetForegroundWindow` `CharUpperW` `GetKeyboardType` `GetUserObjectSecurity` `GetDlgItem` `CopyImage` `GetDlgItemInt` `WindowFromPoint` `CharToOemW` `GetDoubleClickTime` `OemToCharW` `WINNLSGetEnableStatus` `DdePostAdvise` `GetNextDlgGroupItem` `RegisterHotKey` `GetDlgCtrlID` `IsCharLowerW` `GetGUIThreadInfo` `CascadeChildWindows` `GetMenu` `SetUserObjectInformationA` `GetNextDlgTabItem` `OemKeyScan` `DdeNameService` `CopyIcon` `CharPrevA` `IsDialogMessageW` `GetAltTabInfoW` `PaintDesktop` `DialogBoxIndirectParamA` `BlockInput` `LoadBitmapW` `IsWindowUnicode` `IMPGetIMEA` `IsMenu` `EnumClipboardFormats` `EnumPropsExW` `GetForegroundWindow` `OpenDesktopA` `SystemParametersInfoW` `GetWindowPlacement` `GetWindowContextHelpId` `EndDialog` `SetMenuItemInfoA` `ChangeDisplaySettingsA` `BroadcastSystemMessage` `GetLastActivePopup` `VkKeyScanExW` `IsCharUpperW` `BringWindowToTop` `DrawIconEx` `GetActiveWindow` `DdeImpersonateClient` `InternalGetWindowText` `SendMessageTimeoutW` `UserHandleGrantAccess` `CopyRect` `SetClipboardViewer` `GetWindowTextLengthW` `UpdateLayeredWindow` `CallWindowProcA` `GetKeyboardLayoutNameW` `CharLowerA` `GetGuiResources` `RegisterDeviceNotificationW` `IsWindowEnabled` `AppendMenuW` `PeekMessageW` `SetLayeredWindowAttributes` `SetPropW` `IsCharAlphaNumericW` `SystemParametersInfoA` `UnhookWinEvent` `SetMenu` `CreatePopupMenu` `ShowScrollBar` `GetDlgItemTextA` `HiliteMenuItem` `GetMenuItemInfoW` `SwitchDesktop` `mouse_event` `IsWindowVisible` `SetMenuInfo` `RegisterWindowMessageA` `ToUnicode` `DefFrameProcA` `SetThreadDesktop` `GetMouseMovePointsEx` `DestroyAcceleratorTable` `PostThreadMessageW` `EnumWindows` `GetInputDesktop` `DlgDirListComboBoxW` `wvsprintfA` `SetTimer` `LookupIconIdFromDirectory` `MapVirtualKeyA` `DestroyCaret` `IsHungAppWindow` `CreateDialogIndirectParamA` `GetWindowWord` `SendInput` `UnregisterClassA` `GetCaretBlinkTime` `DlgDirSelectComboBoxExA`
GDI32.dll	`CreateEnhMetaFileA` `Rectangle` `MoveToEx` `LineTo` `CloseEnhMetaFile` `PlayEnhMetaFile` `DeleteEnhMetaFile` `GetStockObject`
msvcrt.dll	`memcpy`
COMDLG32.dll	`ReplaceTextA` `ChooseColorW` `GetFileTitleW` `PageSetupDlgA` `CommDlgExtendedError` `PrintDlgExA` `PageSetupDlgW` `ChooseColorA` `GetFileTitleA` `ChooseFontW` `GetSaveFileNameW` `GetOpenFileNameA` `GetSaveFileNameA` `ChooseFontA` `FindTextA` `ReplaceTextW` `FindTextW` `PrintDlgW` `GetOpenFileNameW` `PrintDlgExW` `PrintDlgA`
ADVAPI32.dll	`RegOpenKeyExW`
ole32.dll	`STGMEDIUM_UserMarshal` `CoGetInterfaceAndReleaseStream` `CreateItemMoniker` `OleLoad` `OleCreateDefaultHandler` `SetDocumentBitStg` `OleBuildVersion` `OleConvertIStorageToOLESTREAMEx` `OleConvertIStorageToOLESTREAM` `CoDeactivateObject` `GetConvertStg` `RevokeDragDrop` `CoRegisterChannelHook` `CoQueryProxyBlanket` `GetClassFile` `CoGetObjectContext` `DllDebugObjectRPCHook` `OleLoadFromStream` `IsEqualGUID` `HICON_UserFree` `OleSetMenuDescriptor` `WdtpInterfacePointer_UserFree` `OleCreateMenuDescriptor` `CoGetInstanceFromIStorage` `HPALETTE_UserUnmarshal` `SNB_UserFree` `CoDosDateTimeToFileTime` `CoGetCallerTID` `CoDisconnectObject` `OleGetAutoConvert` `OleCreateStaticFromData` `CoTreatAsClass` `CoRegisterMallocSpy` `StgCreateDocfileOnILockBytes` `CoTestCancel` `CoTaskMemRealloc` `OleTranslateAccelerator` `CoInitializeWOW` `PropVariantClear` `OleQueryLinkFromData` `CreateClassMoniker` `CoGetObject` `PropStgNameToFmtId` `OleUninitialize` `CoIsHandlerConnected` `HBRUSH_UserUnmarshal` `CoFreeUnusedLibraries` `CLIPFORMAT_UserSize` `OleNoteObjectVisible` `OleDoAutoConvert` `CoMarshalHresult` `ReadStringStream` `CreateDataCache` `GetHGlobalFromStream` `HMETAFILE_UserUnmarshal` `HPALETTE_UserMarshal` `OleCreateLinkFromData` `CoCancelCall` `OleRegGetMiscStatus` `StringFromIID` `CoGetPSClsid` `HBITMAP_UserUnmarshal` `DllGetClassObjectWOW` `StgConvertVariantToProperty` `HACCEL_UserUnmarshal` `WriteOleStg` `OleRun` `CoEnableCallCancellation` `UtConvertDvtd32toDvtd16` `CoRegisterSurrogateEx` `CoAddRefServerProcess` `CoReleaseMarshalData` `CoCreateGuid` `HDC_UserFree` `WriteClassStg` `WdtpInterfacePointer_UserMarshal` `HBRUSH_UserFree` `CoSuspendClassObjects` `HACCEL_UserSize` `CoCopyProxy` `OleDestroyMenuDescriptor` `CoFreeAllLibraries` `CoRegisterPSClsid` `CLIPFORMAT_UserMarshal` `OleRegEnumFormatEtc` `CoCreateInstanceEx` `CoGetStandardMarshal` `CoFileTimeToDosDateTime` `OleCreateFromData` `CLSIDFromProgID` `StringFromCLSID` `StgOpenPropStg` `HMENU_UserUnmarshal` `CoQueryReleaseObject` `OleCreate` `GetRunningObjectTable` `CoFileTimeNow` `CoReleaseServerProcess` `WriteClassStm` `CoSwitchCallContext` `SNB_UserUnmarshal` `CoGetCurrentProcess` `CoInstall` `StgConvertPropertyToVariant` `HMETAFILE_UserMarshal` `OleCreateLinkFromDataEx` `CoLoadLibrary` `OleGetClipboard` `CoGetMalloc` `HGLOBAL_UserMarshal` `HBITMAP_UserFree` `OleInitialize` `CreateBindCtx` `CoInitialize` `HWND_UserSize` `CoRegisterMessageFilter` `CreateObjrefMoniker` `OpenOrCreateStream` `StgCreateStorageEx` `CLIPFORMAT_UserFree` `HPALETTE_UserFree` `HDC_UserSize` `PropVariantCopy` `OleIsRunning` `HMETAFILE_UserSize` `CoInitializeEx` `GetHookInterface` `ReadOleStg` `OleGetIconOfClass` `HGLOBAL_UserUnmarshal` `CoGetApartmentID` `CreatePointerMoniker` `StgOpenStorageOnILockBytes` `MonikerRelativePathTo` `UtGetDvtd16Info` `HBITMAP_UserMarshal` `CoGetCallContext`
OLEAUT32.dll	`#259` `#43` `#226` `#117` `#196` `#100` `#244` `#71` `#18` `#198` `#47` `#291` `#213` `#293` `#281` `#222` `#30` `#155` `#128` `#133` `#163` `#42` `#208` `#237` `#131` `#48` `#283` `#172` `#285` `#221` `#81` `#307` `#304` `#136` `#211` `#51` `#108` `#230` `#23` `#94` `#159` `#422` `#306` `#224` `#288` `#284` `#219` `#57` `#402` `#61` `#210` `#13` `#26` `#315` `#200` `#134` `#215` `#290` `#31` `#318` `#187` `#147` `#280` `#188` `#8` `#278` `#87` `#171` `#246` `#254` `#308` `#45` `#99` `#6` `#10` `#267` `#240` `#277` `#58` `#9` `#35` `#109` `#270` `#303` `#33` `#174` `#272` `#413` `#297` `#412` `#143` `#241` `#298` `#92` `#264` `#218` `#127` `#190` `#424` `#299` `#286` `#235` `#313` `#103` `#106` `#273` `#205` `#414` `#83` `#85` `#239` `#120` `#330` `#193` `#66` `#140` `#135` `#93` `#253` `#74` `#247` `#250` `#88` `#238` `#266` `#332` `#331` `#217` `#36` `#138` `#114` `#421` `#123` `#53` `#276` `#258` `#310` `#223` `#234` `#199` `#256` `#169` `#212` `#292` `#173` `#411` `#137` `#5` `#91` `#101` `#251` `#260`
COMCTL32.dll	`#16` `ImageList_GetIconSize` `GetMUILanguage` `FlatSB_GetScrollProp` `_TrackMouseEvent` `ImageList_Draw` `ImageList_Remove` `DestroyPropertySheetPage` `FlatSB_GetScrollPos` `ImageList_SetDragCursorImage` `FlatSB_SetScrollRange` `FlatSB_ShowScrollBar` `CreateToolbarEx` `#6` `#2` `ImageList_Duplicate` `ImageList_SetBkColor` `ImageList_Read` `FlatSB_GetScrollInfo` `ImageList_Replace` `#5` `ImageList_SetOverlayImage` `CreatePropertySheetPageA` `FlatSB_SetScrollProp` `ImageList_Copy` `CreatePropertySheetPageW` `UninitializeFlatSB` `ImageList_DrawEx` `ImageList_GetDragImage` `CreateStatusWindowW` `DrawStatusTextW` `#7` `ImageList_GetBkColor` `FlatSB_SetScrollPos` `ImageList_DrawIndirect` `FlatSB_EnableScrollBar` `ImageList_SetImageCount` `PropertySheetA` `ImageList_DragMove` `#3` `InitializeFlatSB` `ImageList_DragLeave` `CreateStatusWindow` `ImageList_AddIcon` `ImageList_LoadImageA` `#15` `ImageList_Merge` `ImageList_DragShowNolock` `ImageList_EndDrag` `PropertySheet` `#14` `ImageList_DragEnter` `CreatePropertySheetPage` `FlatSB_SetScrollInfo` `ImageList_LoadImageW` `ImageList_GetImageRect` `InitMUILanguage` `PropertySheetW` `#4` `ImageList_ReplaceIcon` `#13` `ImageList_AddMasked` `ImageList_Write` `ImageList_SetFilter` `ImageList_SetIconSize` `ImageList_BeginDrag` `InitCommonControlsEx` `ImageList_Create` `ImageList_GetIcon` `ImageList_GetImageInfo`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`2.86788`
MD5	`908ea6344601da2b3227eab37e5f3174`
SHA1	`ae79fd8df175ad27393f8fe359f840da1a19fdc6`
SHA256	`ae2ec5f9285f2be7c6a3ee0a09a7961fa24b3bd9ea080d61607521a547902fec`
SHA3	`c53255cecc3775be972360ed6bb6765378a6f64c35a072529be3dc97f91bb620`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.25536`
MD5	`e1ca6096ea5bfe7af7332774a034868b`
SHA1	`d26b077807c82752b8581c005b5a26ae63d356a1`
SHA256	`4317d649cfa1c14f05ac0ba6328a804f94e2f941a5457cee557881d545db3518`
SHA3	`4bfc5cd1863808b1f10623d86a785bea73ae30673b784f2eb9d97e55ed84b8b2`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.08003`
MD5	`ab7ae8e7f252309a450acb799c6c4c5b`
SHA1	`f42776b9c1ca70f7711362f34b20a2be5796a560`
SHA256	`688d823ed0aa41ee21c7bedb06d5cae332eca1a78192e369e3debb1bad1e0504`
SHA3	`a888118e50070ea74d003b3fa54b55610bf59ddbc96d9bf6d51e1079e97e7822`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.7483`
MD5	`001f79bbf6970fc4f66ccf88cc63f9f2`
SHA1	`a8c49bc7cdda27b22a10c64c2dafb3d167626ef9`
SHA256	`767bc0566bdfcfd4aedd73ed56575f79d73d2c7f305e90d5fcb51d406cb3c9c1`
SHA3	`2f8483d58aae6d7a68bc6c3a3f416bb16d6229f71994db7be82255f1416cadb1`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.37015`
MD5	`dfcd8370e0fe8f109f90d640960d87dc`
SHA1	`1bed3b565a67e326745a8e014ee6ca3cfa45aad5`
SHA256	`03590ab29bf55e6a09ba87b00c7e0a0770d971f28d2b63814269307988735ff1`
SHA3	`0ba86e072b523c7c0e1c3c35dbf59971c39f4faca81bc05475d3f28301a41c2d`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.98001`
MD5	`d940e159a49202a2e851f7fe1da8bae7`
SHA1	`ea21b79ed373c8f8b81cd214f4477aa0c38a3cea`
SHA256	`f4f1ac00d45802ee429242bd9b0a3070d91b7752fe8b29b349810c439381dc59`
SHA3	`85a4b35ba59e4a5a8f88332bf826ad451d0b2a779bdb23729a32a9c59ea1c8bf`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.11423`
MD5	`02f8f45a755690616fa535ec3ed7395d`
SHA1	`94741b2d2d58496be42528f878f731ead9f66985`
SHA256	`78cf2b4b637f80b6235c95dc7e553dbd1b27b8cfc669d89c40f18c68c9ceeab6`
SHA3	`351e2fc59ae17dfc89f46f38d1883c27098a19a1107ab5e3609e8884f2bdd133`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.97351`
MD5	`7177f7cfecb0039828eb419ee97e3504`
SHA1	`80251c71fe33f4ced727258cc54a91bb991dcd64`
SHA256	`47c293863c50cc3ca5a674dc9a6a4523053497f219d6c7451fcd9f144cf47d16`
SHA3	`740cb05bf4eb4315b2e156d57298ad9054f4d4de04a0f2273b9bf12d51e6b363`

1 (#2)

Type	`RT_MENU`
Language	English - United States
Codepage	UNKNOWN
Size	`0x318`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.1986`
MD5	`16879b0c85d1c4e8458fe7a128cf5cac`
SHA1	`7e07b60bd9ae705bae8ef24f02944632076f740a`
SHA256	`9ddf765de671c1133965593353db26b6922606d4c6430ba399bfe00dbc98520f`
SHA3	`49178bbddeb530525b33f90e6ef2b017a1ac2687f51bef8eda68a3a6a9a86b9c`

NPSAVEDIALOG

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x7e`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`2.99139`
MD5	`328364a55c2d01b826345c96bb58f4e0`
SHA1	`e6d0ef5aa46a056ee48aa329f6f3d897fdce96d0`
SHA256	`adf24a8045c4426776c5e06e0cc9ecb7c296a270aeb039d3a98f85e6b959fd97`
SHA3	`7a85925f5f33dfef3d98c311763a6b97c8a10ae68c6f8af7292763dd4fcdafc1`

11

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xba`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.08054`
MD5	`469ba591253dfe02bd88c3dd48a8b8af`
SHA1	`c0ce7204a6f237c56fa89eafd9d9b882da0aef88`
SHA256	`8b1bb2e67844310be7ccf43826c6ac1253742707bf41cb5522dfa3b9b35ad159`
SHA3	`813be9f1f0b87adf755931608e76e9f57c90a4c40a81859890c6a933a3111c68`

12

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x43e`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.46026`
MD5	`6c85b82126244f7771d22812df0ca83d`
SHA1	`c4f32d75795e2696730f820558918b245617d9c7`
SHA256	`8f1ce0c64f333104a5b80b606a5c54df4de26bccca4bef5d98938266daf5c336`
SHA3	`de7ede490872843880de9737ac3a9eba0d26ea601d2312c11fabb619da272541`

14

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0xaa`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.00128`
MD5	`0d1c9f36a59fe7d9b3fce5c153b9f440`
SHA1	`ee22b9ec048f30e763e2aece146a4a7acd0f76f3`
SHA256	`a84ac53565f1267c2e658a79e6d5fdb09fce9f5b62c2989c5469bdc0f52cedab`
SHA3	`a205b245b022b53c0bcba2482067489c316c7e15c9d79e494e77aa18d63fff23`

1 (#3)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x250`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.16465`
MD5	`ef045946e8313f715bf15d91c2d5941c`
SHA1	`d6451e7cbe51d4c7e961a13e74268f25d08d2125`
SHA256	`b216feb0c2b532ecfb1e170d1c37e740a111c8ff52d5b4d723c010def8d0fac2`
SHA3	`6cc4962e7026b46e5613859262966ebae993637a67c4d66804a6831c5f0e7807`

2 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x646`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.18545`
MD5	`21586d5dcd8c3b51d6f34e3256fa1926`
SHA1	`7ceed9348c0099461de077179458fad30b20ea64`
SHA256	`56eb77f7adc92b9dc7b77b3bdca100176c5b5273a00e09a90daba7a770cba07f`
SHA3	`7943bda7177629d200d18e8f2662c89d563feaf93196740bec6e7002cac496ad`

3 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x402`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.28791`
MD5	`7bb58ca3ab655716b3b23abfd3cabc78`
SHA1	`06157b7a151683daadfc93ce47e52b063d50ffce`
SHA256	`76cf33b396ffd1ab369e11de539f4a3fc2bd087b47b7928cb62854cf97ac76e7`
SHA3	`3e9f0a67616ba8beb00778f47db8f114e52859d320501826bd70485f99cc41f0`

4 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5ca`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.21788`
MD5	`3620cc73cb3344b8c240bb4dbccf0034`
SHA1	`aad25551830142810d963eb94bbf27efe8c8e69a`
SHA256	`a6bb9f1c12d62efc438d3ddb71a806c4ea5e2d6627da2c42b7e8274095de7077`
SHA3	`4137d087a7c864a94f6562c707a3ead3cb643a1b2653eb346a55a4b7dbebe032`

5 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x76`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`2.4972`
MD5	`053de49df2dacba20d629b1b733f43b8`
SHA1	`736a98cf5aa52224acf52a8c88a78de21bbb3f07`
SHA256	`aadc1de0090d7af4e871240ffce4268cca8016a12a4fc9046a6a86555d1fa6fd`
SHA3	`71af61f5fc695b8a0ce68088625ba22ffe7c34c3c5455620c8bfed0434452e62`

6 (#2)

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x64`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`2.58961`
MD5	`992bf3a02a99da08f7b1e35b3dc895fd`
SHA1	`2e60a5034c4cd8e77cb78df8f9eec50fb94f3b94`
SHA256	`dcffeee7fa24ce0659fff18256cbd0dd08bfe332bbdda1c29aef4520a5acf71e`
SHA3	`7832f25a15c6829e0d06a05b13564ce6c9e9825d616580d21273444bfc5d12a9`

1 (#4)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`2.22208`
Detected Filetype	Icon file
MD5	`efce932c08b6928812b3eaba73bb20ba`
SHA1	`e62298daab207bc26edeac2ab72a878cc549d7f9`
SHA256	`e523d62cb7b381744d272253bd6b4e9c665cdce665e1a910f1099acad093dc22`
SHA3	`4517d529a0605da754dc6a0647091e1e325a4dc434e080a775ee2ca5de263bdb`

2 (#3)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x5a`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`2.79798`
Detected Filetype	Icon file
MD5	`8171114ae7be4ca1c4fc4db61d906f2d`
SHA1	`a23baac90c13fe6fce2c1ab592706e8f359a02cd`
SHA256	`ad16fe85fce61744c4d915fe04126a4be8134f3c4635f0aed02a76315ff90c01`
SHA3	`6dfbd0d624880197d7bfa0d5e91456e9b8a37d5ef54c217e619f0484e17f87f9`

1 (#5)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x338`
TimeDateStamp	2012-Apr-01 15:42:02
Entropy	`3.5046`
MD5	`2fcbb9381758700117368e10db44126a`
SHA1	`0561840bbf988568b4c977b5aecd974a7345ac55`
SHA256	`b512d0c82c70bafa2e433b5b33f670fc1ad10e06566a422e282350c3f1cfdcdf`
SHA3	`5a90b9bb466fa4ce6f554e2559e85a31b3e52e1350df1a3260b591b41eeb4c5c`

String Table contents

Cannot open the %% file.

Make sure a disk is in the drive you specified.
Cannot find the %% file.

Do you want to create a new file\?
The %% file already exists.

Do you want to overwrite it\?
The text in the %% file has changed.

Do you want to save the changes\?
Untitled
- Notepad
Cannot find "%%"
Not enough memory available to complete this operation. Quit one or more applications to increase available memory, and then try again.
The %% file is too large for Notepad.

Use another editor to edit the file.
Notepad
Failed to Initialize File Dialogs. Change the Filename and try again.
Failed to Initialize Print Dialogs. Make sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly.
Cannot print the %% file. Be sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly.
Not a valid file name.
Cannot create the %% file.

Make sure that the path and filename are correct.
Cannot carry out the Word Wrap command because there is too much text in the file.
%%
\*.txt
notepad.hlp
The Margin values are not correct. Either they are not numeric characters or they don\'t fit the dimensions of the page. Try either entering a number or decreasing the margins.
&f
Page &p
fFpPtTdDcCrRlL
Cannot open the %% file.

Cannot print the file because it can\'t be found or is currently being used by another application. Be sure that the path and filename are correct, or wait until the application is finished, and then try again
Text Documents (*.txt)
All Files
Open
Save As
You cannot quit Windows because the Save As dialog
box in Notepad is open. Switch to Notepad, close this
dialog box, and then try quitting Windows again.
Cannot access your printer.
Be sure that your printer is connected properly and use Control Panel to verify that the printer is configured properly.
%%
You do not have permission to open this file. See the owner of the file or an administrator to obtain permission.
%%
This file contains characters in Unicode format which will be lost if you save this file as a text document. To keep the Unicode information, select the Unicode encoding in the Save As dialog box. Continue\?

Page too small to print one line.
Try printing using smaller font.
Common Dialog error (0x%04x)
Notepad - Goto Line
Line number out of range
ANSI
Unicode
Unicode big endian
UTF-8

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.0.2140.1
ProductVersion	5.0.2140.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion (#2)	5.00.2140.1
InternalName	Notepad
LegalCopyright	Copyright (C) Microsoft Corp. 1981-1999
OriginalFilename	NOTEPAD.EXE
ProductName	Microsoft(R) Windows (R) 2000 Operating System
ProductVersion (#2)	5.00.2140.1

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Could not read a WIN_CERTIFICATE's header.