Manalyze report for 4205d2cc3f3153517b97e98595df351546d2fa7ccbb503f6e6297cc97a058a70

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2023-Aug-15 12:30:24
Detected languages	English - United States
CompanyName	Don HO don.h@free.fr
FileDescription	WinGup for Notepad++
FileVersion	`5.26`
InternalName	gup.exe
LegalCopyright	Copyright 2018 by Don HO
OriginalFilename	gup.exe
ProductName	WinGup for Notepad++
ProductVersion	`5.26`

Plugin Output

Suspicious	Strings found in the binary may indicate undesirable behavior:	`May have dropper capabilities: %TEMP%` `Contains domain names: https://notepad-plus-plus.org https://npp-user-manual.org manual.org notepad-plus-plus.org npp-user-manual.org plus-plus.org user-manual.org`
Info	Cryptographic algorithms detected in the binary:	`Uses constants related to CRC32` `Uses constants related to SHA256` `Uses known Mersenne Twister constants`
Info	The PE contains common functions which appear in legitimate applications.	`[!] The program may be hiding some of its imports: GetProcAddress LoadLibraryExW` `Possibly launches other programs: ShellExecuteW`
Info	The PE is digitally signed.	`Signer: Notepad\+\+` `Issuer: DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1`
Safe	VirusTotal score: 0/72 (Scanned on 2026-04-09 06:29:19)	`All the AVs think this file is safe.`

Hashes

MD5	`dbd70a5f2e8210eda561e53b575ccc46`
SHA1	`498b7c983a3ac2f742f28c28690a4b5f5098f24b`
SHA256	`4205d2cc3f3153517b97e98595df351546d2fa7ccbb503f6e6297cc97a058a70`
SHA3	`9a5e0e6e511353ef3d020b1323d37c8e6ef03e1529f61a37c355a85cdd91c3aa`
SSDeep	`12288:ZUBd5kroRASCwPgMAaWUV67R6ggjz5UksxGtC2UJCUhKDnH7xPcRC1Xfon9Twm64:mxmfJonH7FMC5feTwm`
Imports Hash	`2b01d1e6f097308c51e2174a892534f3`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x120`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`7`
TimeDateStamp	2023-Aug-15 12:30:24
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x99600`
SizeOfInitializedData	`0x32400`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x000000000003F2E0 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`6.0`
ImageVersion	`0.0`
SubsystemVersion	`6.0`
Win32VersionValue	`0`
SizeOfImage	`0xd1000`
SizeOfHeaders	`0x400`
Checksum	`0xcf525`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`50b7aec648c4b3b07c055e9adabd9d4f`
SHA1	`e27f6f362f208e363f11763d04c55f851872ca2c`
SHA256	`aa84bc23c8ecc2f414b6add9a04caa9fa625a34df770fc8c04a147e156587415`
SHA3	`84b3c3ea73cfbc89d23594248577d33bebc5e2690ab65280f66196a94e55574d`
VirtualSize	`0x99404`
VirtualAddress	`0x1000`
SizeOfRawData	`0x99600`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.47884`

.rdata

MD5	`b90f05e97de09493a46d690515b6dfe1`
SHA1	`4b5632ab4ae96b1928db3845f39a64160a41b84e`
SHA256	`99236a2caecd7158b75dc049b4fb3fb3f1a7f4e6903eef3a1c6cc73fe6740bd9`
SHA3	`db3740360028d04fd56f38a1c1f3636ab319909fb66eaa32dac9eaf78fe4cb1d`
VirtualSize	`0x2509e`
VirtualAddress	`0x9b000`
SizeOfRawData	`0x25200`
PointerToRawData	`0x99a00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.34312`

.data

MD5	`53378107df9bd4b8d05a93c2d16dfb8e`
SHA1	`307bff3eff3803109d632668c8943c8a3b412fc1`
SHA256	`5a343355065a95b1f1fba87c6bdbc78ed2caf72e06d50ce1c37e266780f3f6f3`
SHA3	`d52aaceb7446e9ebc0647309ff64f1a464a6a7286143f8bec5f5b444b7f3d379`
VirtualSize	`0x5034`
VirtualAddress	`0xc1000`
SizeOfRawData	`0x3400`
PointerToRawData	`0xbec00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.97094`

.pdata

MD5	`49c30710ef884c4bd539d16fee64fb62`
SHA1	`2cf6426d4e4099f6b366dfa45656885df09189ab`
SHA256	`07a5e1983e2bb449f63dc33bbf8b0811aaf11e0ab40cf190a801e108023d77fa`
SHA3	`1a47c554584dec1d3dcb8ab0e13c065d4d5a7965ba0be50f41aa3f47c3fc61f3`
VirtualSize	`0x5b8c`
VirtualAddress	`0xc7000`
SizeOfRawData	`0x5c00`
PointerToRawData	`0xc2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`5.874`

_RDATA

MD5	`2f44bca0f2eeb42b25cadf131c71cdfc`
SHA1	`26b3faa3e6df4a0bf462584de1bc85660dabe1c6`
SHA256	`a47b97c53a43f5f780d82acc26c24cdad0ee44874feba908bbc3d9c57df23b50`
SHA3	`ebb42a696af7fd62a2131f25ab8da3f9a4ac40cfa7e3eb1c1433f8d529e3251d`
VirtualSize	`0x15c`
VirtualAddress	`0xcd000`
SizeOfRawData	`0x200`
PointerToRawData	`0xc7c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.34351`

.rsrc

MD5	`2d05bc0dccfcaa7eb4cf715c8d2c9bef`
SHA1	`901491c81388d39cda83b752f5cbff713514a5b6`
SHA256	`43aaec3f536f724eb21d3eb088689eed5ed209b0019f89b41d5b16ec1c4e02a0`
SHA3	`8f67a3ff41c78a896258a544cb6a4fc854681a16a07e4859977ec53e9baab8e0`
VirtualSize	`0xe80`
VirtualAddress	`0xce000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xc7e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`4.10805`

.reloc

MD5	`7f0968ac30c4d8f1c1e0aab387cac58a`
SHA1	`ede2f2c8380b316aa4aacec05922d0593e5bb7f2`
SHA256	`7dbc560cc8f01b3f579ba9e22058f7aa2b2e16c1827fac8a290458a1a27509e5`
SHA3	`9401a5215df90d96865788ce22070216ea4e063e3d4834f61902bfd3b3b29ec4`
VirtualSize	`0x11d8`
VirtualAddress	`0xcf000`
SizeOfRawData	`0x1200`
PointerToRawData	`0xc8e00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`5.42764`

Imports

libcurl.dll	`curl_easy_setopt` `curl_easy_cleanup` `curl_easy_init` `curl_easy_perform`
COMCTL32.dll	`InitCommonControlsEx`
SHLWAPI.dll	`PathFileExistsA` `PathFindExtensionW` `PathIsDirectoryW` `PathFileExistsW` `PathFindFileNameW` `PathRemoveFileSpecW`
KERNEL32.dll	`HeapReAlloc` `CreateFileW` `HeapSize` `SetStdHandle` `GetProcessHeap` `SetEnvironmentVariableW` `FreeEnvironmentStringsW` `GetEnvironmentStringsW` `GetCommandLineW` `CreateDirectoryW` `lstrlenW` `GetCurrentThreadId` `Sleep` `OutputDebugStringW` `DeleteFileW` `CreateThread` `lstrcpyW` `lstrcmpW` `MulDiv` `MoveFileW` `EnterCriticalSection` `LeaveCriticalSection` `DeleteCriticalSection` `ReleaseSemaphore` `InitializeCriticalSection` `SetEndOfFile` `CreateEventW` `GetLastError` `SetEvent` `CloseHandle` `ResetEvent` `CreateSemaphoreW` `GetCommandLineA` `GetOEMCP` `GetACP` `IsValidCodePage` `FindNextFileW` `FindFirstFileExW` `FindClose` `GetTimeZoneInformation` `EnumSystemLocalesW` `GetUserDefaultLCID` `IsValidLocale` `GetLocaleInfoW` `LCMapStringW` `CompareStringW` `GetTimeFormatW` `GetDateFormatW` `GetConsoleOutputCP` `FlushFileBuffers` `GetFileSizeEx` `HeapAlloc` `HeapFree` `GetFileType` `WaitForSingleObject` `ReadConsoleW` `GetConsoleMode` `SetFilePointerEx` `InitializeCriticalSectionAndSpinCount` `WaitForSingleObjectEx` `GetModuleHandleW` `GetProcAddress` `RtlCaptureContext` `RtlLookupFunctionEntry` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `IsProcessorFeaturePresent` `IsDebuggerPresent` `GetStartupInfoW` `QueryPerformanceCounter` `GetCurrentProcessId` `GetSystemTimeAsFileTime` `InitializeSListHead` `MultiByteToWideChar` `WideCharToMultiByte` `InitializeConditionVariable` `WakeConditionVariable` `WakeAllConditionVariable` `SleepConditionVariableSRW` `InitializeSRWLock` `ReleaseSRWLockExclusive` `AcquireSRWLockExclusive` `TryAcquireSRWLockExclusive` `GetExitCodeThread` `WriteConsoleW` `InitializeCriticalSectionEx` `EncodePointer` `DecodePointer` `GetLocaleInfoEx` `LCMapStringEx` `FlsAlloc` `FlsGetValue` `FlsSetValue` `FlsFree` `GetStringTypeW` `CompareStringEx` `GetCPInfo` `RtlUnwindEx` `RtlPcToFileHeader` `RaiseException` `SetLastError` `TlsAlloc` `TlsGetValue` `TlsSetValue` `TlsFree` `FreeLibrary` `LoadLibraryExW` `RtlUnwind` `ReadFile` `ExitThread` `FreeLibraryAndExitThread` `GetModuleHandleExW` `ExitProcess` `GetModuleFileNameW` `GetStdHandle` `WriteFile`
USER32.dll	`CallNextHookEx` `EndDialog` `SetWindowTextW` `SetDlgItemTextW` `CreateWindowExW` `MessageBoxA` `UnhookWindowsHookEx` `SetWindowsHookExW` `GetDlgItemInt` `SystemParametersInfoW` `SetDlgItemInt` `DialogBoxParamW` `LoadImageW` `ReleaseDC` `MessageBoxW` `SendMessageW` `SetWindowPos` `GetDC` `GetWindowRect` `FindWindowExW` `GetDlgItemTextW`
GDI32.dll	`GetDeviceCaps`
SHELL32.dll	`SHGetFolderPathW` `ShellExecuteW` `SHFileOperationW`

Delayed Imports

1001

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x6c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.59232`
MD5	`c7ea04ce09d05af652f29c783793638f`
SHA1	`c2137351cc49f6efbb78f83ced3ac6c4ae873a0c`
SHA256	`ee4eb2a53e7fce74b5233026de7ad85728521d58742d023d2d034565c3e898b7`
SHA3	`7bec6fc596f66e7e9a0b6c5a04fcc162f2b8410cfe2f076edec1c1c94b2d8841`

1002

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x15c`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.01171`
MD5	`3c69eb457b5f0d69d5ac34f35de57c5f`
SHA1	`bf6a961f1cce7576b55d6aab8fa3ac773f56c965`
SHA256	`9c8618b7b438f08a11c73947858d4e4aca1b1c01f30af331e259c0fa74aa70cf`
SHA3	`8fba93694130b5fd0d3f2d1d78d4afc38806f420d6f0d0346f9cf1779afd2cf9`

1007

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x16e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.11733`
MD5	`d28986122bf0001499a7a6c69837b10c`
SHA1	`0e045dad00ddb0fb90b5c01a2b61889b7c27354d`
SHA256	`b65009e57996b16e6cb951c59b309c24c3f06337e63e0ce71b6ab2c53b898a53`
SHA3	`4da5e44df1354ae72ab559e1fe1409b2173f92253a3087c74b4e1c290a2d3169`

1009

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x22e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.33168`
MD5	`fc451b18c788cfd755fbc65fe7f2c3ff`
SHA1	`6e9384d1680d10ef61617180626e29625e2cd723`
SHA256	`cf5c55276ba5872a8788b0eb701e4a5b31fdf93bd1d9f91f4d17f620778fd000`
SHA3	`9b9a4d1baf8ef738d481a4c1e9ec4600d1db8dfc8b2bd2c34b0017b61d995aaa`

1

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2e2`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.42121`
MD5	`a8a0ab397b0d5aec6a66fec8f38f9b05`
SHA1	`de2771faac46a129262f27d2621fcdf22eee6ecb`
SHA256	`4e37264fe902272aa0b81614b867bde1ef8b5e0f2962510773016db8cafd5156`
SHA3	`1bdb8045ca258f3eeb79602776c0d43cd9dc56e581ba7c4e4e8c56a49427c058`

1 (#2)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x4a7`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`5.14964`
MD5	`516e332b49688d1b729a40600ecd7aa7`
SHA1	`88fce0ff6bd5bbe6838946b6e5fdb7f4b5312a92`
SHA256	`2c4c02e82156647d4f95b4e97342674be6498a0041226b998d9bb951638a9680`
SHA3	`3a2092e00953d9448175d2525424443f6f99512ef7a71d367d2a943520d0daac`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	5.2.6.0
ProductVersion	5.2.6.0
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Don HO don.h@free.fr
FileDescription	WinGup for Notepad++
FileVersion (#2)	5.26
InternalName	gup.exe
LegalCopyright	Copyright 2018 by Don HO
OriginalFilename	gup.exe
ProductName	WinGup for Notepad++
ProductVersion (#2)	5.26

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2023-Aug-15 12:30:24
Version	`0.0`
SizeofData	`1008`
AddressOfRawData	`0xb7114`
PointerToRawData	`0xb5b14`

IMAGE_DEBUG_TYPE_ILTCG

Characteristics	`0`
TimeDateStamp	2023-Aug-15 12:30:24
Version	`0.0`
SizeofData	`0`
AddressOfRawData	`0`
PointerToRawData	`0`

TLS Callbacks

StartAddressOfRawData	`0x1400b7528`
EndAddressOfRawData	`0x1400b7530`
AddressOfIndex	`0x1400c48a0`
AddressOfCallbacks	`0x14009b630`
SizeOfZeroFill	`0`
Characteristics	`IMAGE_SCN_ALIGN_4BYTES`
Callbacks	`(EMPTY)`

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x1400c1010`

RICH Header

XOR Key	`0x6f5b14ab`
Unmarked objects	`0`
ASM objects (30795)	`10`
C++ objects (30795)	`190`
C objects (30795)	`18`
253 (VS2022 Update 4 (17.4.2) compiler 31935)	`1`
C++ objects (VS2022 Update 4 (17.4.2) compiler 31935)	`89`
C objects (VS2022 Update 4 (17.4.2) compiler 31935)	`16`
ASM objects (VS2022 Update 4 (17.4.2) compiler 31935)	`10`
Imports (30795)	`12`
Imports (VS2019 Update 10 (16.10.0-1) compiler 30037)	`3`
Total imports	`188`
C++ objects (LTCG) (VS2022 Update 5 (17.5.4) compiler 32217)	`35`
Resource objects (VS2022 Update 5 (17.5.4) compiler 32217)	`1`
151	`1`
Linker (VS2022 Update 5 (17.5.4) compiler 32217)	`1`

Errors

Leave a comment

No comments yet.