Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2055-Jun-22 04:48:43 |
Detected languages |
English - United States
|
Debug artifacts |
notepad.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Notepad |
FileVersion | 10.0.16299.15 (WinBuild.160101.0800) |
InternalName | Notepad |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | NOTEPAD.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 10.0.16299.15 |
Malicious | The PE contains functions mostly used by malware. |
[!] The program may be hiding some of its imports:
|
Safe | VirusTotal score: 0/68 (Scanned on 2018-02-17 00:04:42) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xf8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2055-Jun-22 04:48:43 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 14.0 |
SizeOfCode | 0x19000 |
SizeOfInitializedData | 0x25200 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x00000000000193E0 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x140000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | A.0 |
ImageVersion | A.0 |
SubsystemVersion | A.0 |
Win32VersionValue | 0 |
SizeOfImage | 0x41000 |
SizeOfHeaders | 0x400 |
Checksum | 0x4ac7b |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x80000 |
SizeofStackCommit | 0x11000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
OpenProcessToken
GetTokenInformation DuplicateEncryptionInfoFile RegSetValueExW RegQueryValueExW RegCreateKeyW RegCloseKey RegOpenKeyExW EventSetInformation EventRegister EventUnregister EventWriteTransfer IsTextUnicode DecryptFileW |
---|---|
KERNEL32.dll |
CreateFileMappingW
MapViewOfFile MultiByteToWideChar LocalReAlloc UnmapViewOfFile LocalSize GetStartupInfoW FindNLSString GlobalLock GlobalUnlock GlobalAlloc GetModuleFileNameA CreateSemaphoreExW HeapFree GetFileInformationByHandle GetCurrentProcessId WaitForSingleObject GetCurrentThreadId ReleaseMutex OutputDebugStringW WaitForSingleObjectEx OpenSemaphoreW HeapAlloc GetProcAddress CreateMutexExW GetProcessHeap GetModuleHandleW DebugBreak IsDebuggerPresent GetFileAttributesExW GetFullPathNameW SetEndOfFile DeleteFileW LocalUnlock GetACP LocalLock GetLastError GetFileAttributesW WriteFile SetLastError WideCharToMultiByte GetTimeFormatW GetDateFormatW GetLocalTime GetUserDefaultUILanguage FoldStringW FormatMessageW FindClose FindFirstFileW lstrcmpW ReleaseSemaphore FreeLibrary LocalFree HeapSetInformation GetCommandLineW GetCurrentProcess MulDiv GetLocaleInfoW GlobalFree lstrcmpiW LocalAlloc CloseHandle ReadFile CreateFileW SetErrorMode GetModuleHandleExW |
GDI32.dll |
StartPage
StartDocW SetAbortProc DeleteDC EndDoc AbortDoc EndPage GetTextMetricsW SetBkMode LPtoDP SetWindowExtEx SetViewportExtEx SetMapMode GetTextExtentPoint32W TextOutW EnumFontsW GetTextFaceW SelectObject DeleteObject CreateFontIndirectW GetDeviceCaps CreateDCW |
USER32.dll |
SetWinEventHook
GetMessageW IsDialogMessageW TranslateAcceleratorW TranslateMessage DispatchMessageW UnhookWinEvent SetWindowTextW GetMenuState OpenClipboard IsClipboardFormatAvailable CloseClipboard SetDlgItemTextW GetDlgItemTextW EndDialog SendDlgItemMessageW WinHelpW GetCursorPos ScreenToClient ChildWindowFromPoint CharNextW SetScrollPos InvalidateRect UpdateWindow GetWindowPlacement SetWindowPlacement CharUpperW GetSystemMenu LoadAcceleratorsW SetWindowLongW CreateWindowExW RegisterWindowMessageW LoadCursorW RegisterClassExW GetWindowTextLengthW GetWindowLongW PeekMessageW GetWindowTextW EnableWindow CreateDialogParamW DrawTextExW GetKeyboardLayout RedrawWindow SetWindowPos GetDlgCtrlID MessageBeep GetForegroundWindow DestroyWindow PostQuitMessage IsIconic DefWindowProcW LoadStringW SetActiveWindow SetCursor GetDpiForWindow ReleaseDC GetParent GetDC ShowWindow CheckMenuItem MessageBoxW GetFocus DialogBoxParamW SetFocus EnableMenuItem GetMenu PostMessageW SetThreadDpiAwarenessContext MoveWindow GetClientRect GetSubMenu SendMessageW LoadIconW LoadImageW |
msvcrt.dll |
_unlock
_lock __dllonexit _fmode _acmdln _initterm memset _onexit __setusermatherr _ismbblead _cexit ?terminate@@YAXXZ exit __set_app_type __getmainargs _amsg_exit _XcptFilter free memcpy_s iswctype wcsnlen _wcsicmp __C_specific_handler _wtol _vsnwprintf _exit wcscmp _commode memcpy _callnewh strchr _purecall __CxxFrameHandler3 malloc |
api-ms-win-core-com-l1-1-0.dll |
CoTaskMemAlloc
CoCreateFreeThreadedMarshaler CoCreateInstance CoInitializeEx CoWaitForMultipleHandles CoTaskMemFree CoCreateGuid PropVariantClear CoUninitialize |
api-ms-win-core-synch-l1-2-0.dll |
Sleep
|
api-ms-win-core-rtlsupport-l1-1-0.dll |
RtlVirtualUnwind
RtlLookupFunctionEntry RtlCaptureContext |
api-ms-win-core-errorhandling-l1-1-0.dll |
UnhandledExceptionFilter
RaiseException SetUnhandledExceptionFilter |
api-ms-win-core-processthreads-l1-1-0.dll |
TerminateProcess
|
api-ms-win-core-profile-l1-1-0.dll |
QueryPerformanceCounter
|
api-ms-win-core-sysinfo-l1-1-0.dll |
GetSystemTimeAsFileTime
GetTickCount |
api-ms-win-core-libraryloader-l1-2-0.dll |
GetModuleFileNameW
LoadLibraryExW |
api-ms-win-core-processthreads-l1-1-1.dll |
GetProcessMitigationPolicy
|
api-ms-win-core-winrt-string-l1-1-0.dll |
WindowsDeleteString
WindowsCreateString WindowsCreateStringReference WindowsGetStringRawBuffer |
api-ms-win-core-synch-l1-1-0.dll |
CreateEventExW
SetEvent |
api-ms-win-core-winrt-error-l1-1-0.dll |
SetRestrictedErrorInfo
|
api-ms-win-core-string-l1-1-0.dll |
CompareStringOrdinal
|
api-ms-win-core-winrt-l1-1-0.dll |
RoGetActivationFactory
RoUninitialize RoInitialize |
api-ms-win-core-winrt-error-l1-1-1.dll |
RoGetMatchingRestrictedErrorInfo
|
COMCTL32.dll |
#345
CreateStatusWindowW |
COMDLG32.dll |
ChooseFontW
GetFileTitleW FindTextW PageSetupDlgW GetSaveFileNameW GetOpenFileNameW CommDlgExtendedError PrintDlgExW ReplaceTextW |
ntdll.dll |
WinSqmAddToStream
|
PROPSYS.dll |
PSGetPropertyDescriptionListFromString
PropVariantToStringVectorAlloc |
SHELL32.dll |
SHCreateItemFromParsingName
DragQueryFileW SHAddToRecentDocs DragFinish DragAcceptFiles ShellExecuteW ShellAboutW |
SHLWAPI.dll |
PathIsFileSpecW
PathFileExistsW PathIsNetworkPathW PathFindExtensionW SHStrDupW |
WINSPOOL.DRV |
OpenPrinterW
ClosePrinter GetPrinterDriverW |
urlmon.dll |
FindMimeFromData
|
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 10.0.16299.15 |
ProductVersion | 10.0.16299.15 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Notepad |
FileVersion (#2) | 10.0.16299.15 (WinBuild.160101.0800) |
InternalName | Notepad |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | NOTEPAD.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 10.0.16299.15 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2055-Jun-22 04:48:43 |
Version | 0.0 |
SizeofData | 36 |
AddressOfRawData | 0x1e7cc |
PointerToRawData | 0x1dbcc |
Referenced File | notepad.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2055-Jun-22 04:48:43 |
Version | 0.0 |
SizeofData | 704 |
AddressOfRawData | 0x1e7f0 |
PointerToRawData | 0x1dbf0 |
Characteristics |
0
|
---|---|
TimeDateStamp | 2055-Jun-22 04:48:43 |
Version | 0.0 |
SizeofData | 0 |
AddressOfRawData | 0 |
PointerToRawData | 0 |
Size | 0x100 |
---|---|
TimeDateStamp | 1970-Jan-01 00:00:00 |
Version | 0.0 |
GlobalFlagsClear | (EMPTY) |
GlobalFlagsSet | (EMPTY) |
CriticalSectionDefaultTimeout | 0 |
DeCommitFreeBlockThreshold | 0 |
DeCommitTotalFreeThreshold | 0 |
LockPrefixTable | 0 |
MaximumAllocationSize | 0 |
VirtualMemoryThreshold | 0 |
ProcessAffinityMask | 0 |
ProcessHeapFlags | (EMPTY) |
CSDVersion | 0 |
Reserved1 | 0 |
EditList | 0 |
SecurityCookie | 0x1400222e8 |
GuardCFCheckFunctionPointer | 5368819656 |
GuardCFDispatchFunctionPointer | 0 |
GuardCFFunctionTable | 0 |
GuardCFFunctionCount | 0 |
GuardFlags | (EMPTY) |
CodeIntegrity.Flags | 0 |
CodeIntegrity.Catalog | 0 |
CodeIntegrity.CatalogOffset | 0 |
CodeIntegrity.Reserved | 0 |
GuardAddressTakenIatEntryTable | 0 |
GuardAddressTakenIatEntryCount | 0 |
GuardLongJumpTargetTable | 0 |
GuardLongJumpTargetCount | 0 |
XOR Key | 0xf0a9f67b |
---|---|
Unmarked objects | 0 |
Imports (VS2008 SP1 build 30729) | 30 |
ASM objects (VS2017 v15.?.? build 25203) | 3 |
C objects (VS2017 v15.?.? build 25203) | 19 |
C++ objects (VS2017 v15.?.? build 25203) | 4 |
Imports (VS2017 v15.?.? build 25203) | 27 |
Total imports | 278 |
264 (VS2017 v15.?.? build 25203) | 29 |
Resource objects (VS2017 v15.?.? build 25203) | 1 |
Linker (VS2017 v15.?.? build 25203) | 1 |