Architecture |
IMAGE_FILE_MACHINE_AMD64
|
---|---|
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
Compilation Date | 2009-Jul-13 23:56:35 |
Detected languages |
English - United States
|
Debug artifacts |
notepad.pdb
|
CompanyName | Microsoft Corporation |
FileDescription | Notepad |
FileVersion | 6.1.7600.16385 (win7_rtm.090713-1255) |
InternalName | Notepad |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | NOTEPAD.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion | 6.1.7600.16385 |
Malicious | The PE contains functions mostly used by malware. |
Functions which can be used for anti-debugging purposes:
|
Safe | VirusTotal score: 0/72 (Scanned on 2019-01-09 06:59:34) | All the AVs think this file is safe. |
e_magic | MZ |
---|---|
e_cblp | 0x90 |
e_cp | 0x3 |
e_crlc | 0 |
e_cparhdr | 0x4 |
e_minalloc | 0 |
e_maxalloc | 0xffff |
e_ss | 0 |
e_sp | 0xb8 |
e_csum | 0 |
e_ip | 0 |
e_cs | 0 |
e_ovno | 0 |
e_oemid | 0 |
e_oeminfo | 0 |
e_lfanew | 0xe8 |
Signature | PE |
---|---|
Machine |
IMAGE_FILE_MACHINE_AMD64
|
NumberofSections | 6 |
TimeDateStamp | 2009-Jul-13 23:56:35 |
PointerToSymbolTable | 0 |
NumberOfSymbols | 0 |
SizeOfOptionalHeader | 0xf0 |
Characteristics |
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
|
Magic | PE32+ |
---|---|
LinkerVersion | 9.1 |
SizeOfCode | 0xa800 |
SizeOfInitializedData | 0x25800 |
SizeOfUninitializedData | 0 |
AddressOfEntryPoint | 0x0000000000003570 (Section: .text) |
BaseOfCode | 0x1000 |
ImageBase | 0x100000000 |
SectionAlignment | 0x1000 |
FileAlignment | 0x200 |
OperatingSystemVersion | 6.1 |
ImageVersion | 6.1 |
SubsystemVersion | 6.1 |
Win32VersionValue | 0 |
SizeOfImage | 0x35000 |
SizeOfHeaders | 0x600 |
Checksum | 0x3e749 |
Subsystem |
IMAGE_SUBSYSTEM_WINDOWS_GUI
|
DllCharacteristics |
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
|
SizeofStackReserve | 0x80000 |
SizeofStackCommit | 0x11000 |
SizeofHeapReserve | 0x100000 |
SizeofHeapCommit | 0x1000 |
LoaderFlags | 0 |
NumberOfRvaAndSizes | 16 |
ADVAPI32.dll |
RegSetValueExW
RegQueryValueExW RegCreateKeyW RegCloseKey RegOpenKeyExW IsTextUnicode CloseServiceHandle OpenSCManagerW OpenServiceW QueryServiceConfigW |
---|---|
KERNEL32.dll |
GetLocalTime
GetDateFormatW GetTimeFormatW GlobalLock GlobalUnlock GetUserDefaultUILanguage HeapAlloc GetCurrentProcess HeapFree GlobalAlloc LoadLibraryW Wow64DisableWow64FsRedirection lstrcmpW Wow64RevertWow64FsRedirection GetFileAttributesW GetModuleFileNameW FreeLibraryAndExitThread IsWow64Process CreateThread FindNLSString UnmapViewOfFile LocalReAlloc MultiByteToWideChar MapViewOfFile CreateFileMappingW GetFileInformationByHandle SetEndOfFile DeleteFileW GetACP WriteFile SetLastError WideCharToMultiByte GetLastError LocalSize GetFullPathNameW FoldStringW LocalUnlock LocalLock FormatMessageW FindClose ReadFile FindFirstFileW TerminateProcess GetSystemTimeAsFileTime GetCurrentThreadId GetTickCount GetCurrentProcessId HeapSetInformation GetCommandLineW lstrlenW MulDiv GetLocaleInfoW GlobalFree LocalAlloc QueryPerformanceCounter GetVersionExW CloseHandle GetModuleHandleW SetUnhandledExceptionFilter GetStartupInfoW Sleep CreateFileW SetErrorMode lstrcmpiW LocalFree GetProcessHeap UnhandledExceptionFilter |
GDI32.dll |
StartPage
StartDocW SetAbortProc DeleteDC EndDoc AbortDoc EndPage GetTextMetricsW SetBkMode LPtoDP SetWindowExtEx SetViewportExtEx SetMapMode GetTextExtentPoint32W TextOutW EnumFontsW GetTextFaceW SelectObject DeleteObject CreateFontIndirectW GetDeviceCaps CreateDCW |
USER32.dll |
GetDlgItemTextW
EndDialog SendDlgItemMessageW GetDlgCtrlID WinHelpW GetCursorPos ScreenToClient ChildWindowFromPoint GetParent GetWindowPlacement CharUpperW GetSystemMenu LoadAcceleratorsW SetWindowLongW RegisterWindowMessageW LoadCursorW CreateWindowExW SetWindowPlacement LoadImageW RegisterClassExW SetScrollPos InvalidateRect UpdateWindow GetWindowTextLengthW GetWindowLongW PeekMessageW SetDlgItemTextW EnableWindow CreateDialogParamW DrawTextExW GetSystemMetrics SetWindowPos GetAncestor FindWindowW SetForegroundWindow OpenClipboard GetMenuState SetWindowTextW UnhookWinEvent DispatchMessageW TranslateMessage TranslateAcceleratorW IsDialogMessageW GetMessageW SetWinEventHook CharNextW GetKeyboardLayout GetForegroundWindow MessageBeep DestroyWindow PostQuitMessage IsIconic DefWindowProcW CloseClipboard GetWindowTextW IsClipboardFormatAvailable LoadStringW SetActiveWindow SetCursor ReleaseDC GetDC ShowWindow CheckMenuItem MessageBoxW GetFocus LoadIconW DialogBoxParamW SetFocus GetSubMenu EnableMenuItem GetMenu PostMessageW MoveWindow SendMessageW GetClientRect |
msvcrt.dll |
memset
_vsnwprintf _wtol iswctype wcsrchr wcsncmp __getmainargs __set_app_type _fmode _commode __setusermatherr _amsg_exit _initterm _acmdln exit _cexit __C_specific_handler _XcptFilter _exit _ismbblead ?terminate@@YAXXZ memcpy |
COMDLG32.dll |
CommDlgExtendedError
GetSaveFileNameW ReplaceTextW FindTextW PageSetupDlgW ChooseFontW GetFileTitleW PrintDlgExW GetOpenFileNameW |
SHELL32.dll |
SHGetFolderPathW
ShellExecuteExW DragFinish SHCreateItemFromParsingName ShellAboutW DragQueryFileW SHAddToRecentDocs DragAcceptFiles |
WINSPOOL.DRV |
GetPrinterDriverW
ClosePrinter OpenPrinterW |
ole32.dll |
CoUninitialize
CoInitializeEx CoCreateInstance CoTaskMemAlloc CoTaskMemFree CoInitialize |
SHLWAPI.dll |
PathIsFileSpecW
SHStrDupW |
COMCTL32.dll |
CreatePropertySheetPageW
PropertySheetW CreateStatusWindowW #345 |
OLEAUT32.dll |
#6
#2 |
ntdll.dll |
RtlCaptureContext
RtlLookupFunctionEntry RtlVirtualUnwind RtlInitUnicodeString NtQueryLicenseValue WinSqmIncrementDWORD WinSqmAddToStream |
VERSION.dll |
VerQueryValueW
GetFileVersionInfoExW GetFileVersionInfoSizeExW |
Signature | 0xfeef04bd |
---|---|
StructVersion | 0x10000 |
FileVersion | 6.1.7600.16385 |
ProductVersion | 6.1.7600.16385 |
FileFlags | (EMPTY) |
FileOs |
VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
|
FileType |
VFT_APP
|
Language | English - United States |
CompanyName | Microsoft Corporation |
FileDescription | Notepad |
FileVersion (#2) | 6.1.7600.16385 (win7_rtm.090713-1255) |
InternalName | Notepad |
LegalCopyright | © Microsoft Corporation. All rights reserved. |
OriginalFilename | NOTEPAD.EXE |
ProductName | Microsoft® Windows® Operating System |
ProductVersion (#2) | 6.1.7600.16385 |
Resource LangID | English - United States |
---|
Characteristics |
0
|
---|---|
TimeDateStamp | 2009-Jul-13 23:56:35 |
Version | 0.0 |
SizeofData | 36 |
AddressOfRawData | 0xb74c |
PointerToRawData | 0xad4c |
Referenced File | notepad.pdb |
Characteristics |
0
|
---|---|
TimeDateStamp | 2009-Jul-13 23:56:35 |
Version | 565.6526 |
SizeofData | 4 |
AddressOfRawData | 0xb748 |
PointerToRawData | 0xad48 |
XOR Key | 0x7a5ca3c7 |
---|---|
Unmarked objects | 0 |
C++ objects (VS2008 SP1 build 30729) | 1 |
ASM objects (VS2008 SP1 build 30729) | 2 |
Imports (VS2008 SP1 build 30729) | 29 |
Total imports | 244 |
C objects (VS2008 SP1 build 30729) | 20 |
137 (VS2008 SP1 build 30729) | 11 |
Linker (VS2008 SP1 build 30729) | 1 |
Resource objects (VS2008 SP1 build 30729) | 1 |