Manalyze report for 0e61079d3283687d2e279272966ae99d

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1996-Nov-26 04:52:33
Detected languages	English - United States
Debug artifacts	notepad.pdb
CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion	`10.0.17763.475 (WinBuild.160101.0800)`
InternalName	Notepad
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	NOTEPAD.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.17763.475`

Plugin Output

Malicious	The PE contains functions mostly used by malware.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Can access the registry: RegSetValueExW RegQueryValueExW RegCreateKeyW RegCloseKey RegOpenKeyExW` `Possibly launches other programs: ShellExecuteW` `Functions related to the privilege level: OpenProcessToken`
Safe	VirusTotal score: 0/68 (Scanned on 2019-11-26 04:59:36)	`All the AVs think this file is safe.`

Hashes

MD5	`0e61079d3283687d2e279272966ae99d`
SHA1	`b6d237154f2e528f0b503b58b025862d66b02b73`
SHA256	`a92056d772260b39a876d01552496b2f8b4610a0b1e084952fe1176784e2ce77`
SHA3	`24aa32589c9d6c68f532c3adbfb49ebcc7e2e748b0c9405fd2d34e7037c60832`
SSDeep	`3072:ClYcXcm6M8Poo69k7t+eJ3h4x7rDpljMceSJvkwEpNSLyhYsJLgf7nDVF6PUp1Y:ClumDoz7PDO7pljMsfd455gfzDVlVXg`
Imports Hash	`669c85a22c980ac6055804fcddf796bd`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	1996-Nov-26 04:52:33
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1ac00`
SizeOfInitializedData	`0x25400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000001AC50 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0x43000`
SizeOfHeaders	`0x400`
Checksum	`0x4d615`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x11000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`c2affadc249300e9a0ef238ef4572e50`
SHA1	`b14c3208e9df4614ad0b52b4ebebff9f84525906`
SHA256	`698dc2e88b5311202b35542017338ae6494bfc42664c366d1ec7e166acf0a1da`
SHA3	`dd6ab91eee2f10b74aecdcf50b19c2e27ecf7768dc9dbe89648fe65bc5a515a4`
VirtualSize	`0x1aa35`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1ac00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.33866`

.rdata

MD5	`e5a8469220173d718299daea613550cc`
SHA1	`d5361604ae600429171ac8229a8069799cc110e6`
SHA256	`29ae7b3b7c4780069ba5914d0ecc2900af75ed8ba26d5fa610498112a25330ca`
SHA3	`a525d5f7d7b910e329407aa8fa0e86cf9b3d29fecd81fc7aa4574b8f69bbecc3`
VirtualSize	`0x797a`
VirtualAddress	`0x1c000`
SizeOfRawData	`0x7a00`
PointerToRawData	`0x1b000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`6.07791`

.data

MD5	`68acee2ee5b2e990ba91ef947c7860e2`
SHA1	`bca036c57fd96a8a42a1b32269314fb3b37569c9`
SHA256	`0ca8029f460e74dd7fb6e27a5719298a36dd0513b2e15beb5530d9f364b6059f`
SHA3	`0e3d0b57bc099ebe70f2f3d90722575f53624c8af2cc61d98287fe97bc4be1b6`
VirtualSize	`0x2dd4`
VirtualAddress	`0x24000`
SizeOfRawData	`0xc00`
PointerToRawData	`0x22a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`1.82726`

.pdata

MD5	`7e85d5749c13b5efa2506c28e40d3d4f`
SHA1	`3c15c3b6b791d269b66d44fd311b578fc7d768c4`
SHA256	`d2ce662d22d186bd737b3452639fa21660cd69cae28ea0688c78e4d4ccf6618c`
SHA3	`bc6970ed506b8e3049719fa4c270ad23f3eb6521db5dec001ac149b93fdf82ac`
VirtualSize	`0x990`
VirtualAddress	`0x27000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x23600`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.03746`

.rsrc

MD5	`58a26725129dc6d4efb19724607bc45c`
SHA1	`88f4f2b0f73c7c0b3198994253388f183ce2ee56`
SHA256	`45d6bd4567890a4dbe98c883acd83c2b6ab270577d05732e626f005f9f01a7d5`
SHA3	`a67306a1edba8ecf559673b7d1005410710d2288f772f821bcd4adb9f3d5f22e`
VirtualSize	`0x19ce0`
VirtualAddress	`0x28000`
SizeOfRawData	`0x19e00`
PointerToRawData	`0x24000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`7.35956`

.reloc

MD5	`9e82e2911a21e9a928d86007eb4708d9`
SHA1	`67d2f93b05d509791e1d9d745771d3f80ffca23d`
SHA256	`eaec4359075ec16b10f82a75f8624c3c55b98bf65554428c9dacdb50f6d16b6f`
SHA3	`359156af5710fc33c837c59ba0fc54425201bc48d79b221aec2dc82f85501594`
VirtualSize	`0x230`
VirtualAddress	`0x42000`
SizeOfRawData	`0x400`
PointerToRawData	`0x3de00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`3.45654`

Imports

ADVAPI32.dll	`OpenProcessToken` `GetTokenInformation` `DuplicateEncryptionInfoFile` `RegSetValueExW` `RegQueryValueExW` `RegCreateKeyW` `RegCloseKey` `RegOpenKeyExW` `EventSetInformation` `EventRegister` `EventUnregister` `EventWriteTransfer` `IsTextUnicode` `DecryptFileW`
KERNEL32.dll	`GetACP` `LocalUnlock` `DeleteFileW` `SetEndOfFile` `GetFullPathNameW` `GetFileAttributesExW` `GetFileInformationByHandle` `CreateFileMappingW` `MapViewOfFile` `MultiByteToWideChar` `LocalReAlloc` `UnmapViewOfFile` `LocalSize` `GetStartupInfoW` `FindNLSString` `LocalLock` `GlobalUnlock` `GlobalAlloc` `GetModuleFileNameA` `CreateSemaphoreExW` `ReleaseSemaphore` `GetModuleHandleExW` `WaitForSingleObject` `GetCurrentThreadId` `ReleaseMutex` `OutputDebugStringW` `WaitForSingleObjectEx` `OpenSemaphoreW` `CreateMutexExW` `DebugBreak` `IsDebuggerPresent` `GetLastError` `GetFileAttributesW` `WriteFile` `SetLastError` `WideCharToMultiByte` `GetTimeFormatW` `GetDateFormatW` `GetLocalTime` `GetUserDefaultUILanguage` `FoldStringW` `FormatMessageW` `FindClose` `FindFirstFileW` `lstrcmpW` `FreeLibrary` `GetCurrentProcessId` `HeapSetInformation` `GetCommandLineW` `GetCurrentProcess` `MulDiv` `GetLocaleInfoW` `GlobalFree` `HeapAlloc` `GetProcessHeap` `HeapFree` `GetProcAddress` `GetModuleHandleW` `LocalAlloc` `LocalFree` `CloseHandle` `ReadFile` `CreateFileW` `SetErrorMode` `lstrcmpiW` `GlobalLock`
GDI32.dll	`StartPage` `StartDocW` `SetAbortProc` `DeleteDC` `CreateDCW` `AbortDoc` `EndPage` `GetTextMetricsW` `SetBkMode` `LPtoDP` `SetWindowExtEx` `SetViewportExtEx` `SetMapMode` `GetTextExtentPoint32W` `TextOutW` `EnumFontsW` `GetTextFaceW` `SelectObject` `DeleteObject` `CreateFontIndirectW` `GetDeviceCaps` `EndDoc`
USER32.dll	`SetWinEventHook` `GetMessageW` `TranslateAcceleratorW` `IsDialogMessageW` `TranslateMessage` `DispatchMessageW` `UnhookWinEvent` `SetWindowTextW` `OpenClipboard` `IsClipboardFormatAvailable` `CloseClipboard` `SetDlgItemTextW` `GetDlgItemTextW` `EndDialog` `SendDlgItemMessageW` `WinHelpW` `GetCursorPos` `ScreenToClient` `GetKeyboardLayout` `GetParent` `SetScrollPos` `InvalidateRect` `UpdateWindow` `GetWindowPlacement` `SetWindowPlacement` `CharUpperW` `GetSystemMenu` `LoadAcceleratorsW` `SetWindowLongW` `CreateWindowExW` `RegisterWindowMessageW` `LoadCursorW` `RegisterClassExW` `GetWindowTextLengthW` `GetWindowLongW` `PeekMessageW` `GetWindowTextW` `EnableWindow` `CreateDialogParamW` `DrawTextExW` `CharNextW` `RedrawWindow` `SetWindowPos` `GetDlgCtrlID` `GetForegroundWindow` `DestroyWindow` `MessageBeep` `PostQuitMessage` `SetFocus` `IsIconic` `DefWindowProcW` `LoadStringW` `SetActiveWindow` `SetCursor` `GetDpiForWindow` `ReleaseDC` `ChildWindowFromPoint` `ShowWindow` `EnableMenuItem` `GetSubMenu` `CheckMenuItem` `GetMenu` `MessageBoxW` `DialogBoxParamW` `PostMessageW` `SetThreadDpiAwarenessContext` `MoveWindow` `GetClientRect` `SendMessageW` `GetDC` `GetFocus` `LoadIconW` `LoadImageW`
msvcrt.dll	`_lock` `_commode` `_fmode` `_acmdln` `__dllonexit` `__setusermatherr` `_onexit` `memcpy` `_cexit` `_exit` `exit` `__set_app_type` `__getmainargs` `_amsg_exit` `_XcptFilter` `free` `memcpy_s` `iswctype` `wcsnlen` `_wcsicmp` `__C_specific_handler` `_wtol` `swprintf_s` `_vsnwprintf` `?terminate@@YAXXZ` `memset` `_unlock` `_ismbblead` `_initterm` `_callnewh` `malloc` `_purecall` `__CxxFrameHandler3` `wcscmp`
api-ms-win-core-com-l1-1-0.dll	`CoCreateGuid` `CoTaskMemFree` `CoTaskMemAlloc` `CoCreateInstance` `CoInitializeEx` `CoUninitialize` `CoCreateFreeThreadedMarshaler` `CoWaitForMultipleHandles` `PropVariantClear`
api-ms-win-core-synch-l1-2-0.dll	`WakeAllConditionVariable` `SleepConditionVariableSRW` `Sleep`
api-ms-win-core-rtlsupport-l1-1-0.dll	`RtlLookupFunctionEntry` `RtlVirtualUnwind` `RtlCaptureContext`
api-ms-win-core-errorhandling-l1-1-0.dll	`UnhandledExceptionFilter` `RaiseException` `SetUnhandledExceptionFilter`
api-ms-win-core-processthreads-l1-1-0.dll	`TerminateProcess`
api-ms-win-core-synch-l1-1-0.dll	`AcquireSRWLockExclusive` `CreateEventExW` `ReleaseSRWLockExclusive` `SetEvent`
api-ms-win-core-profile-l1-1-0.dll	`QueryPerformanceCounter`
api-ms-win-core-sysinfo-l1-1-0.dll	`GetSystemTimeAsFileTime` `GetTickCount`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleFileNameW` `LoadLibraryExW`
api-ms-win-core-processthreads-l1-1-1.dll	`GetProcessMitigationPolicy`
api-ms-win-core-winrt-string-l1-1-0.dll	`WindowsCreateString` `WindowsGetStringRawBuffer` `WindowsDeleteString` `WindowsCreateStringReference`
api-ms-win-core-winrt-error-l1-1-0.dll	`SetRestrictedErrorInfo`
api-ms-win-core-string-l1-1-0.dll	`CompareStringOrdinal`
api-ms-win-core-winrt-l1-1-0.dll	`RoInitialize` `RoGetActivationFactory` `RoUninitialize`
api-ms-win-core-winrt-error-l1-1-1.dll	`RoGetMatchingRestrictedErrorInfo`
COMCTL32.dll	`CreateStatusWindowW` `#345`
COMDLG32.dll	`FindTextW` `PageSetupDlgW` `GetSaveFileNameW` `GetOpenFileNameW` `CommDlgExtendedError` `GetFileTitleW` `ChooseFontW` `PrintDlgExW` `ReplaceTextW`
ntdll.dll	`WinSqmAddToStream`
PROPSYS.dll	`PropVariantToStringVectorAlloc` `PSGetPropertyDescriptionListFromString`
SHELL32.dll	`ShellAboutW` `DragQueryFileW` `SHAddToRecentDocs` `DragFinish` `DragAcceptFiles` `ShellExecuteW` `SHCreateItemFromParsingName`
SHLWAPI.dll	`SHStrDupW` `PathFileExistsW` `PathIsNetworkPathW` `PathFindExtensionW` `PathIsFileSpecW`
WINSPOOL.DRV	`ClosePrinter` `GetPrinterDriverW` `OpenPrinterW`
urlmon.dll	`FindMimeFromData`

Delayed Imports

MICROSOFTEDPENLIGHTENEDAPPINFO

Type	`EDPENLIGHTENEDAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

MICROSOFTEDPPERMISSIVEAPPINFO

Type	`EDPPERMISSIVEAPPINFOID`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1`
MD5	`25daad3d9e60b45043a70c4ab7d3b1c6`
SHA1	`0e356ba505631fbf715758bed27d503f8b260e3a`
SHA256	`47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254`
SHA3	`47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc`

1

Type	`MUI`
Language	English - United States
Codepage	UNKNOWN
Size	`0x148`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.03448`
MD5	`187e4d61c6c62e29b8b3f9acd5462af2`
SHA1	`9d10e69d4c8c55c4e6f13b403c4960284151579a`
SHA256	`7df02fad6a5ed1920e301ecd374a40f39d5b908a72ff8e1406a1efe4127325bd`
SHA3	`f8e75771675c368677787f373c4b6f5f5f05ee17e78ea1c48bfe69ce46105b38`

1 (#2)

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x668`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.14638`
MD5	`5e0424a037ed1cf4b86d9caed970dff9`
SHA1	`ba25c046ab514ed9c0fe80d94b538cc14eb9873e`
SHA256	`9cfb3aa9a4d088001f7f04eca941768005a833b82c7a468758758db4851aaf7d`
SHA3	`52bb085f2b6bc4139fdd5dddf1270ac5ab0d718640a03a4553d58f9141ba1a18`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.46342`
MD5	`e90a939e1107e27e1d95c25e2eb0f65a`
SHA1	`0803a228263f67063a0d9ceb8b83638096c61b2a`
SHA256	`b096e4dddb79ce105a0c4ed8e8e0a42012910af392b49a27223fe4a3853291a2`
SHA3	`a547598048e9e5a2f151cab7647e631768c5d1bc83ed2d1c8b337dfd4dd5e372`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x1e8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.41509`
MD5	`44b38e737f03387a86db70708b9c5c4a`
SHA1	`44e99cdff9be3d4bea4ded3ebcde372ba56baacb`
SHA256	`e6fd723d8995f3c9a271bcf3cd168d772edbae433ec92138138bd73509b70394`
SHA3	`6d6c519d41df66f6de815b571062fa1ff3ec142c4b040374c4a2e4237829acf4`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.19139`
MD5	`4c7576e8f541bb3e4915569e56509ae1`
SHA1	`0dc868575ce6ed6b549f802c5f76b3595e754147`
SHA256	`26221463542ad738ffb44cea755f5fa9de96f60ecd60e77e916f119772b76721`
SHA3	`5031fd914a31642187c6ee518342092b19bc479212e0a1f67a7827a300b11d5f`

5

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xea8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.33873`
MD5	`7684234aae030b0e361b77c545f619ad`
SHA1	`34f7b236d427701a82527e0c3f3b5cfad2b37373`
SHA256	`8369d3da7b57396a5ee78180ae5cc14f6b221d24f0dd7bcdea08e8fd72fe1629`
SHA3	`c06855cd1cb761ba46cfd6703ed55889c5e22e421d48fdf1396448fb0cee8f85`

6

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.88711`
MD5	`30678f5b06bc441a5bd8ed2848236144`
SHA1	`1adf74277fe7a55c071771793d7e7a7077583f9a`
SHA256	`a2168a636b61b10eb79fc206ff59759a540b0bc50d647b12b0d9307f05a67a6d`
SHA3	`06f683a14c16a932ff56038bee77a48768f76b6b522abd76b72005977e2a7104`

7

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.77815`
MD5	`c50e91e6d59210580879f7bc5bd36d62`
SHA1	`7c87c25593e11a38033eaae1f613feecb190cd82`
SHA256	`8b42d06bec9c3d35da35f76e0cca9f3a54a8cf20f16964b9e96723f4c8dc4561`
SHA3	`578047f04726ad769f9af3d11704858d6320710f23cb9db168ea3b1d7a0c45e6`

8

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x568`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50319`
MD5	`011bde7b9c82d9453b7222950f92b18b`
SHA1	`2293e504ce311c482fee674198ec1ac2ffbd82f6`
SHA256	`dff0eed97555ee8f8a77fcac31e6d72bb11881e26eee69d5d5b731219de3c788`
SHA3	`45b672e12f38af60a224782a1eaa6fabe4b286473b24bbbdee70a82280ecc44d`

9

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x11958`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`7.92667`
Detected Filetype	PNG graphic file
MD5	`489350e7dbc2bd241eeeaf928c84198b`
SHA1	`bc50c87a93df8fa475994e5bec8c18f826d2790e`
SHA256	`dc43f5a4d409399ac9d014a3200eb8467a1256091132d27c096116da451d0aee`
SHA3	`2ce1ce5c3caabb4d40b8659cd1927cc34d3fe078e81feee7eb029740e123e332`

10

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.91734`
MD5	`a0873adc85c929c39f54b1e889c20411`
SHA1	`a6778fc4cd3630e32ffd09491b9817eb549df98c`
SHA256	`054ae41265916de67a1444323c375e9bc8a77d374725aa0097fcc7abc882cf84`
SHA3	`845ecb1f9b158c9be9356b7ac225906a52ebb30ee74a35c6831c1ed0508b0b6b`

11

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.5052`
MD5	`02f5aa301d295fa4ee30646e84ccdc84`
SHA1	`0973663fb700560f73b3fa839af2cdb5cdd35a91`
SHA256	`d3f2dc2ab4931a5892c2f8fb3fed87f84145bc8457b01f73651532e187eff417`
SHA3	`373758198c6ebba8b2dc5b5919e8926470af328251eb707070d3a1b02d0fc39e`

12

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x988`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.68535`
MD5	`619569ee7f33365f88c67e5792ed5545`
SHA1	`146f599e47c7440cabb569e219042feb53f72bad`
SHA256	`7a1ede8d87b5e96a18742ea533e91325ff4fecb917a36bab3ddf2e2003053989`
SHA3	`be4bf9fbf543b75ab22d303c83563805afab0346a0a80e384913d2ec9f6ee766`

13

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.42791`
MD5	`4aac2b52c5ac1670ebde434fd25a57e3`
SHA1	`05297673819212e45963685777defc78bf195ae9`
SHA256	`6e9662f0050a45633759bb21e7a6a395479673a5d6b9fcb80c34637c8d1fb45a`
SHA3	`0904557d3576c69d341c3826c0fd69e1c7f24d374fa9f56cf3ee73ff2d05458d`

2 (#2)

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0xbc`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.08181`
Detected Filetype	Icon file
MD5	`7c02d334d2fd7620f9597a31f3fc404b`
SHA1	`4ecbb36af4cd46a792d513076f4e3a287935df07`
SHA256	`ac169d9ac176c5b6a2c3e06942b958ea9c789bd82f79b2f1ac0197e37a3149d4`
SHA3	`2c2ad36d5c878c1a1648e4a115ab6c443ae3aa28802570ce06aa90a658dacf48`

1 (#3)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x374`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.50895`
MD5	`9b38cea8d9318ae5c0a7dbfb1ac107d5`
SHA1	`72f0f34565485837bf6bc7c6268f45ace954d173`
SHA256	`2b85e5b1d85e3ff2c4a812e90fa8e19087427ce1c004937675360664e47c5e94`
SHA3	`b882454205ebbffa4679f51347cf07237a37e5d97aa6368a85c41e5201345c92`

1 (#4)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a3`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.97375`
MD5	`02310c025c424b278b0dad3a589c621a`
SHA1	`9f21a816bbb1f48da1cfd560b9bb8ccdf577cc28`
SHA256	`dbfe9d7b2c5803a1d042947111bcbb84f35ec54e2b174df0c6ada5375ed2daa9`
SHA3	`08ab0ba898239379b89751a0876cba6bd7fe131e5369a3cd5417cab9969eb322`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.17763.475
ProductVersion	10.0.17763.475
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion (#2)	10.0.17763.475 (WinBuild.160101.0800)
InternalName	Notepad
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	NOTEPAD.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.17763.475

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	1996-Nov-26 04:52:33
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x209fc`
PointerToRawData	`0x1f9fc`
Referenced File	notepad.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	1996-Nov-26 04:52:33
Version	`0.0`
SizeofData	`820`
AddressOfRawData	`0x20a20`
PointerToRawData	`0x1fa20`

UNKNOWN

Characteristics	`0`
TimeDateStamp	1996-Nov-26 04:52:33
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x140020d54`
EndAddressOfRawData	`0x140020d5c`
AddressOfIndex	`0x140025060`
AddressOfCallbacks	`0x14001d0b0`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x108`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140024318`
GuardCFCheckFunctionPointer	`5368827968`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0x36fa2951`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`30`
ASM objects (26213)	`3`
C objects (26213)	`24`
C++ objects (26213)	`6`
Imports (26213)	`27`
Total imports	`287`
264 (26213)	`26`
Resource objects (26213)	`1`
Linker (26213)	`1`

0e61079d3283687d2e279272966ae99d

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

MICROSOFTEDPENLIGHTENEDAPPINFO

MICROSOFTEDPPERMISSIVEAPPINFO

1

1 (#2)

2

3

4

5

6

7

8

9

10

11

12

13

2 (#2)

1 (#3)

1 (#4)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors