15750221bbffa36c055d656c46899460

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2055-Jun-22 04:48:43
Detected languages English - United States
Debug artifacts notepad.pdb
CompanyName Microsoft Corporation
FileDescription Notepad
FileVersion 10.0.16299.15 (WinBuild.160101.0800)
InternalName Notepad
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename NOTEPAD.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.16299.15

Plugin Output

Malicious The PE contains functions mostly used by malware. [!] The program may be hiding some of its imports:
  • GetProcAddress
  • LoadLibraryExW
Can access the registry:
  • RegSetValueExW
  • RegQueryValueExW
  • RegCreateKeyW
  • RegCloseKey
  • RegOpenKeyExW
Possibly launches other programs:
  • ShellExecuteW
Functions related to the privilege level:
  • OpenProcessToken
Safe VirusTotal score: 0/68 (Scanned on 2018-02-17 00:04:42) All the AVs think this file is safe.

Hashes

MD5 15750221bbffa36c055d656c46899460
SHA1 a49551faceade1185844fc386c8dd3054907234d
SHA256 e9f2fbe8e1bc49d107df36ef09f6d0aeb8901516980d3fe08ee73ab7b4a2325f
SHA3 3638081a698fd9517d4a3e2b8a3efecd34bcd528e73f4b8ebf0e439a22e0f239
SSDeep 3072:ibgNOfmei01jjtoVFxqBwau5Xvk9wxSH4QsJLgf7nDVF6PUp1Yo3ICgh:Lcmei019YFZO5YQs5gfzDVlVXg
Imports Hash c009ab43f5f9265fa99c9878edb6641a

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xf8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2055-Jun-22 04:48:43
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x19000
SizeOfInitializedData 0x25200
SizeOfUninitializedData 0
AddressOfEntryPoint 0x00000000000193E0 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0x41000
SizeOfHeaders 0x400
Checksum 0x4ac7b
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x80000
SizeofStackCommit 0x11000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 0d787db06ed35daf785d1a8553690872
SHA1 9968da43563098593cd58d2aec532842d34ff35d
SHA256 d2cbe637fbf58ffa35913bb327d6f99d07adefd35aac4d73eec7cc3e23ec041b
SHA3 60ac76e00274eb0309a4b3ecd8e0d30b63e406ef53c3f7a0e32929773cebb232
VirtualSize 0x18fce
VirtualAddress 0x1000
SizeOfRawData 0x19000
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.35396

.rdata

MD5 8e6fb51fb42a71f5943b88bf2969f5d1
SHA1 c13375138a31e79bf2595e0253ae29500131f318
SHA256 5d6acc9be7d301b40271cec64f52e374e190af33c29ac3e4bd53f185a2af3a0c
SHA3 dc0d5830272c9c80f01fe30c28eb9feb8eb5a94ff2ece5b4c5e5624c93edb1f2
VirtualSize 0x7602
VirtualAddress 0x1a000
SizeOfRawData 0x7800
PointerToRawData 0x19400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 6.04382

.data

MD5 119867be7f065fc9e2c1bb7473b77658
SHA1 f63fb7dcbddf761848deb46f894ae4e91d4c2f59
SHA256 e21a26d555ccbeabcc4e4021c87a19b23a9d05a98efdafd903b995760e02100e
SHA3 9377a4ece08a73d752226b60d1aabb24f986b8c284da8b59036996eb4c7e262a
VirtualSize 0x2d14
VirtualAddress 0x22000
SizeOfRawData 0xc00
PointerToRawData 0x20c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 1.8053

.pdata

MD5 82383b30624e13024a369ee71e495200
SHA1 735ea33f6a3efde3207a89a58d61a3bd41ac4e9b
SHA256 873aa2f20b314adfa42748b1d3b1ca7436df65382128334ad63afe34a95ac1ea
SHA3 443e8c9c99b4cc0e9f6069c08c3f17a8fbf4671d51b8eed09a46e6d0147bcf26
VirtualSize 0x8dc
VirtualAddress 0x25000
SizeOfRawData 0xa00
PointerToRawData 0x21800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.60023

.rsrc

MD5 aed3eef37cdb26bb70b8a3edbe7247b2
SHA1 d204f55b4913c3fe1eb22cee93abc4588da784d4
SHA256 cd82a77d8437825d5f9c3c7b815550e12192fbf4b930906f89aac30f56a4d7e7
SHA3 65b07655bea226ae5c649d998455643d4d83ad795c0ef08c421810e6ab9901df
VirtualSize 0x19ce0
VirtualAddress 0x26000
SizeOfRawData 0x19e00
PointerToRawData 0x22200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.35939

.reloc

MD5 b65dc0d8038a7442234711b99e698a0b
SHA1 ea9675d2f1940a2475feaf42a70dbc5671b6d47a
SHA256 d8373ccc3e774eab14679540896d418cef8c96093b5f2b15ca7adf22d1fe0d71
SHA3 6e5ba2e9a935810c2d2330ff3d0d7334b86506d1d538b07c3c4d93178745fe04
VirtualSize 0x21c
VirtualAddress 0x40000
SizeOfRawData 0x400
PointerToRawData 0x3c000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 3.36281

Imports

ADVAPI32.dll OpenProcessToken
GetTokenInformation
DuplicateEncryptionInfoFile
RegSetValueExW
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyExW
EventSetInformation
EventRegister
EventUnregister
EventWriteTransfer
IsTextUnicode
DecryptFileW
KERNEL32.dll CreateFileMappingW
MapViewOfFile
MultiByteToWideChar
LocalReAlloc
UnmapViewOfFile
LocalSize
GetStartupInfoW
FindNLSString
GlobalLock
GlobalUnlock
GlobalAlloc
GetModuleFileNameA
CreateSemaphoreExW
HeapFree
GetFileInformationByHandle
GetCurrentProcessId
WaitForSingleObject
GetCurrentThreadId
ReleaseMutex
OutputDebugStringW
WaitForSingleObjectEx
OpenSemaphoreW
HeapAlloc
GetProcAddress
CreateMutexExW
GetProcessHeap
GetModuleHandleW
DebugBreak
IsDebuggerPresent
GetFileAttributesExW
GetFullPathNameW
SetEndOfFile
DeleteFileW
LocalUnlock
GetACP
LocalLock
GetLastError
GetFileAttributesW
WriteFile
SetLastError
WideCharToMultiByte
GetTimeFormatW
GetDateFormatW
GetLocalTime
GetUserDefaultUILanguage
FoldStringW
FormatMessageW
FindClose
FindFirstFileW
lstrcmpW
ReleaseSemaphore
FreeLibrary
LocalFree
HeapSetInformation
GetCommandLineW
GetCurrentProcess
MulDiv
GetLocaleInfoW
GlobalFree
lstrcmpiW
LocalAlloc
CloseHandle
ReadFile
CreateFileW
SetErrorMode
GetModuleHandleExW
GDI32.dll StartPage
StartDocW
SetAbortProc
DeleteDC
EndDoc
AbortDoc
EndPage
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetTextExtentPoint32W
TextOutW
EnumFontsW
GetTextFaceW
SelectObject
DeleteObject
CreateFontIndirectW
GetDeviceCaps
CreateDCW
USER32.dll SetWinEventHook
GetMessageW
IsDialogMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
UnhookWinEvent
SetWindowTextW
GetMenuState
OpenClipboard
IsClipboardFormatAvailable
CloseClipboard
SetDlgItemTextW
GetDlgItemTextW
EndDialog
SendDlgItemMessageW
WinHelpW
GetCursorPos
ScreenToClient
ChildWindowFromPoint
CharNextW
SetScrollPos
InvalidateRect
UpdateWindow
GetWindowPlacement
SetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
CreateWindowExW
RegisterWindowMessageW
LoadCursorW
RegisterClassExW
GetWindowTextLengthW
GetWindowLongW
PeekMessageW
GetWindowTextW
EnableWindow
CreateDialogParamW
DrawTextExW
GetKeyboardLayout
RedrawWindow
SetWindowPos
GetDlgCtrlID
MessageBeep
GetForegroundWindow
DestroyWindow
PostQuitMessage
IsIconic
DefWindowProcW
LoadStringW
SetActiveWindow
SetCursor
GetDpiForWindow
ReleaseDC
GetParent
GetDC
ShowWindow
CheckMenuItem
MessageBoxW
GetFocus
DialogBoxParamW
SetFocus
EnableMenuItem
GetMenu
PostMessageW
SetThreadDpiAwarenessContext
MoveWindow
GetClientRect
GetSubMenu
SendMessageW
LoadIconW
LoadImageW
msvcrt.dll _unlock
_lock
__dllonexit
_fmode
_acmdln
_initterm
memset
_onexit
__setusermatherr
_ismbblead
_cexit
?terminate@@YAXXZ
exit
__set_app_type
__getmainargs
_amsg_exit
_XcptFilter
free
memcpy_s
iswctype
wcsnlen
_wcsicmp
__C_specific_handler
_wtol
_vsnwprintf
_exit
wcscmp
_commode
memcpy
_callnewh
strchr
_purecall
__CxxFrameHandler3
malloc
api-ms-win-core-com-l1-1-0.dll CoTaskMemAlloc
CoCreateFreeThreadedMarshaler
CoCreateInstance
CoInitializeEx
CoWaitForMultipleHandles
CoTaskMemFree
CoCreateGuid
PropVariantClear
CoUninitialize
api-ms-win-core-synch-l1-2-0.dll Sleep
api-ms-win-core-rtlsupport-l1-1-0.dll RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
api-ms-win-core-errorhandling-l1-1-0.dll UnhandledExceptionFilter
RaiseException
SetUnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0.dll TerminateProcess
api-ms-win-core-profile-l1-1-0.dll QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll GetSystemTimeAsFileTime
GetTickCount
api-ms-win-core-libraryloader-l1-2-0.dll GetModuleFileNameW
LoadLibraryExW
api-ms-win-core-processthreads-l1-1-1.dll GetProcessMitigationPolicy
api-ms-win-core-winrt-string-l1-1-0.dll WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
api-ms-win-core-synch-l1-1-0.dll CreateEventExW
SetEvent
api-ms-win-core-winrt-error-l1-1-0.dll SetRestrictedErrorInfo
api-ms-win-core-string-l1-1-0.dll CompareStringOrdinal
api-ms-win-core-winrt-l1-1-0.dll RoGetActivationFactory
RoUninitialize
RoInitialize
api-ms-win-core-winrt-error-l1-1-1.dll RoGetMatchingRestrictedErrorInfo
COMCTL32.dll #345
CreateStatusWindowW
COMDLG32.dll ChooseFontW
GetFileTitleW
FindTextW
PageSetupDlgW
GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError
PrintDlgExW
ReplaceTextW
ntdll.dll WinSqmAddToStream
PROPSYS.dll PSGetPropertyDescriptionListFromString
PropVariantToStringVectorAlloc
SHELL32.dll SHCreateItemFromParsingName
DragQueryFileW
SHAddToRecentDocs
DragFinish
DragAcceptFiles
ShellExecuteW
ShellAboutW
SHLWAPI.dll PathIsFileSpecW
PathFileExistsW
PathIsNetworkPathW
PathFindExtensionW
SHStrDupW
WINSPOOL.DRV OpenPrinterW
ClosePrinter
GetPrinterDriverW
urlmon.dll FindMimeFromData

Delayed Imports

MICROSOFTEDPENLIGHTENEDAPPINFO

Type EDPENLIGHTENEDAPPINFOID
Language English - United States
Codepage UNKNOWN
Size 0x2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1
MD5 25daad3d9e60b45043a70c4ab7d3b1c6
SHA1 0e356ba505631fbf715758bed27d503f8b260e3a
SHA256 47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254
SHA3 47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc

MICROSOFTEDPPERMISSIVEAPPINFO

Type EDPPERMISSIVEAPPINFOID
Language English - United States
Codepage UNKNOWN
Size 0x2
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1
MD5 25daad3d9e60b45043a70c4ab7d3b1c6
SHA1 0e356ba505631fbf715758bed27d503f8b260e3a
SHA256 47dc540c94ceb704a23875c11273e16bb0b8a87aed84de911f2133568115f254
SHA3 47b7fb6f259cfa242dc8e381efb31dad613f8bfe5a8a92f524d1a0a7058c56dc

1

Type MUI
Language English - United States
Codepage UNKNOWN
Size 0x148
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.03628
MD5 b3ce1001df6e612a4564fded9560af1c
SHA1 68b91f33a0bfb3f73bb33546dfe3eb1f9138a03d
SHA256 ac956134c35528c83f61e8e0ee83bdaae83513a9dd8cbe5c55159df78c68a074
SHA3 a12e1b114ef097e41ec121938ce62390e65e7fc97a2846668f193f7551afd1a1

1 (#2)

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.14638
MD5 5e0424a037ed1cf4b86d9caed970dff9
SHA1 ba25c046ab514ed9c0fe80d94b538cc14eb9873e
SHA256 9cfb3aa9a4d088001f7f04eca941768005a833b82c7a468758758db4851aaf7d
SHA3 52bb085f2b6bc4139fdd5dddf1270ac5ab0d718640a03a4553d58f9141ba1a18

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.46342
MD5 e90a939e1107e27e1d95c25e2eb0f65a
SHA1 0803a228263f67063a0d9ceb8b83638096c61b2a
SHA256 b096e4dddb79ce105a0c4ed8e8e0a42012910af392b49a27223fe4a3853291a2
SHA3 a547598048e9e5a2f151cab7647e631768c5d1bc83ed2d1c8b337dfd4dd5e372

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41509
MD5 44b38e737f03387a86db70708b9c5c4a
SHA1 44e99cdff9be3d4bea4ded3ebcde372ba56baacb
SHA256 e6fd723d8995f3c9a271bcf3cd168d772edbae433ec92138138bd73509b70394
SHA3 6d6c519d41df66f6de815b571062fa1ff3ec142c4b040374c4a2e4237829acf4

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.19139
MD5 4c7576e8f541bb3e4915569e56509ae1
SHA1 0dc868575ce6ed6b549f802c5f76b3595e754147
SHA256 26221463542ad738ffb44cea755f5fa9de96f60ecd60e77e916f119772b76721
SHA3 5031fd914a31642187c6ee518342092b19bc479212e0a1f67a7827a300b11d5f

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.33873
MD5 7684234aae030b0e361b77c545f619ad
SHA1 34f7b236d427701a82527e0c3f3b5cfad2b37373
SHA256 8369d3da7b57396a5ee78180ae5cc14f6b221d24f0dd7bcdea08e8fd72fe1629
SHA3 c06855cd1cb761ba46cfd6703ed55889c5e22e421d48fdf1396448fb0cee8f85

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.88711
MD5 30678f5b06bc441a5bd8ed2848236144
SHA1 1adf74277fe7a55c071771793d7e7a7077583f9a
SHA256 a2168a636b61b10eb79fc206ff59759a540b0bc50d647b12b0d9307f05a67a6d
SHA3 06f683a14c16a932ff56038bee77a48768f76b6b522abd76b72005977e2a7104

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.77815
MD5 c50e91e6d59210580879f7bc5bd36d62
SHA1 7c87c25593e11a38033eaae1f613feecb190cd82
SHA256 8b42d06bec9c3d35da35f76e0cca9f3a54a8cf20f16964b9e96723f4c8dc4561
SHA3 578047f04726ad769f9af3d11704858d6320710f23cb9db168ea3b1d7a0c45e6

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.50319
MD5 011bde7b9c82d9453b7222950f92b18b
SHA1 2293e504ce311c482fee674198ec1ac2ffbd82f6
SHA256 dff0eed97555ee8f8a77fcac31e6d72bb11881e26eee69d5d5b731219de3c788
SHA3 45b672e12f38af60a224782a1eaa6fabe4b286473b24bbbdee70a82280ecc44d

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x11958
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.92667
Detected Filetype PNG graphic file
MD5 489350e7dbc2bd241eeeaf928c84198b
SHA1 bc50c87a93df8fa475994e5bec8c18f826d2790e
SHA256 dc43f5a4d409399ac9d014a3200eb8467a1256091132d27c096116da451d0aee
SHA3 2ce1ce5c3caabb4d40b8659cd1927cc34d3fe078e81feee7eb029740e123e332

10

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91734
MD5 a0873adc85c929c39f54b1e889c20411
SHA1 a6778fc4cd3630e32ffd09491b9817eb549df98c
SHA256 054ae41265916de67a1444323c375e9bc8a77d374725aa0097fcc7abc882cf84
SHA3 845ecb1f9b158c9be9356b7ac225906a52ebb30ee74a35c6831c1ed0508b0b6b

11

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.5052
MD5 02f5aa301d295fa4ee30646e84ccdc84
SHA1 0973663fb700560f73b3fa839af2cdb5cdd35a91
SHA256 d3f2dc2ab4931a5892c2f8fb3fed87f84145bc8457b01f73651532e187eff417
SHA3 373758198c6ebba8b2dc5b5919e8926470af328251eb707070d3a1b02d0fc39e

12

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.68535
MD5 619569ee7f33365f88c67e5792ed5545
SHA1 146f599e47c7440cabb569e219042feb53f72bad
SHA256 7a1ede8d87b5e96a18742ea533e91325ff4fecb917a36bab3ddf2e2003053989
SHA3 be4bf9fbf543b75ab22d303c83563805afab0346a0a80e384913d2ec9f6ee766

13

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.42791
MD5 4aac2b52c5ac1670ebde434fd25a57e3
SHA1 05297673819212e45963685777defc78bf195ae9
SHA256 6e9662f0050a45633759bb21e7a6a395479673a5d6b9fcb80c34637c8d1fb45a
SHA3 0904557d3576c69d341c3826c0fd69e1c7f24d374fa9f56cf3ee73ff2d05458d

2 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0xbc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08181
Detected Filetype Icon file
MD5 7c02d334d2fd7620f9597a31f3fc404b
SHA1 4ecbb36af4cd46a792d513076f4e3a287935df07
SHA256 ac169d9ac176c5b6a2c3e06942b958ea9c789bd82f79b2f1ac0197e37a3149d4
SHA3 2c2ad36d5c878c1a1648e4a115ab6c443ae3aa28802570ce06aa90a658dacf48

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x374
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.49136
MD5 11acb3a2f60583659ba2b908577190c9
SHA1 333f2de5ad3861c7d9c55d24a448f34d34d4816d
SHA256 3f002b071fb6c39c50389a0a134818df384fe24d214b7ab82d62fa5f4cee752b
SHA3 6731ab7197fc633ca60ac6b5d611749251d8bb8514b4f356df10423ca9761072

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x4a3
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.97375
MD5 02310c025c424b278b0dad3a589c621a
SHA1 9f21a816bbb1f48da1cfd560b9bb8ccdf577cc28
SHA256 dbfe9d7b2c5803a1d042947111bcbb84f35ec54e2b174df0c6ada5375ed2daa9
SHA3 08ab0ba898239379b89751a0876cba6bd7fe131e5369a3cd5417cab9969eb322

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.16299.15
ProductVersion 10.0.16299.15
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Notepad
FileVersion (#2) 10.0.16299.15 (WinBuild.160101.0800)
InternalName Notepad
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename NOTEPAD.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.16299.15
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2055-Jun-22 04:48:43
Version 0.0
SizeofData 36
AddressOfRawData 0x1e7cc
PointerToRawData 0x1dbcc
Referenced File notepad.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2055-Jun-22 04:48:43
Version 0.0
SizeofData 704
AddressOfRawData 0x1e7f0
PointerToRawData 0x1dbf0

UNKNOWN

Characteristics 0
TimeDateStamp 2055-Jun-22 04:48:43
Version 0.0
SizeofData 0
AddressOfRawData 0
PointerToRawData 0

TLS Callbacks

Load Configuration

Size 0x100
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x1400222e8
GuardCFCheckFunctionPointer 5368819656
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0xf0a9f67b
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 30
ASM objects (VS2017 v15.?.? build 25203) 3
C objects (VS2017 v15.?.? build 25203) 19
C++ objects (VS2017 v15.?.? build 25203) 4
Imports (VS2017 v15.?.? build 25203) 27
Total imports 278
264 (VS2017 v15.?.? build 25203) 29
Resource objects (VS2017 v15.?.? build 25203) 1
Linker (VS2017 v15.?.? build 25203) 1

Errors

<-- -->