f2c7bb8acc97f92e987a2d4087d021b1

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2009-Jul-13 23:56:35
Detected languages English - United States
Debug artifacts notepad.pdb
CompanyName Microsoft Corporation
FileDescription Notepad
FileVersion 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName Notepad
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename NOTEPAD.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7600.16385

Plugin Output

Malicious The PE contains functions mostly used by malware. Functions which can be used for anti-debugging purposes:
  • FindWindowW
Code injection capabilities (PowerLoader):
  • GetWindowLongW
  • FindWindowW
Can access the registry:
  • RegSetValueExW
  • RegQueryValueExW
  • RegCreateKeyW
  • RegCloseKey
  • RegOpenKeyExW
Interacts with services:
  • OpenSCManagerW
  • OpenServiceW
  • QueryServiceConfigW
Can take screenshots:
  • FindWindowW
  • GetDC
Safe VirusTotal score: 0/72 (Scanned on 2019-01-09 06:59:34) All the AVs think this file is safe.

Hashes

MD5 f2c7bb8acc97f92e987a2d4087d021b1
SHA1 7eb0139d2175739b3ccb0d1110067820be6abd29
SHA256 142e1d688ef0568370c37187fd9f2351d7ddeda574f8bfa9b0fa4ef42db85aa2
SHA3 0701f0d5e565627a0c89b15d786c90b524242a076aa28e2b87c53ff9202f5f04
SSDeep 3072:QOrerAgXWMI6vKoTN6p0frxJLgf7nDVF6PUp1Yo3ICgx:QWDcRgNpex5gfzDVlVXg
Imports Hash a72bc21b2a79a5c7bd660c2ba6725561

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0xe8

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 6
TimeDateStamp 2009-Jul-13 23:56:35
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 9.1
SizeOfCode 0xa800
SizeOfInitializedData 0x25800
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000003570 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x100000000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 6.1
ImageVersion 6.1
SubsystemVersion 6.1
Win32VersionValue 0
SizeOfImage 0x35000
SizeOfHeaders 0x600
Checksum 0x3e749
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x80000
SizeofStackCommit 0x11000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 153e4c8ab093861a7e21df467e3c526b
SHA1 7edab29902e30fcb1810ecde3d797bbce34aab58
SHA256 32ed3e93247fc8b880c7670ada0caf96fdb65b2097f142088d27260dad57f184
SHA3 63afce73a1d330cede20470070a341f5df2d6366b3128e75e3613c4ba0eefd20
VirtualSize 0xa770
VirtualAddress 0x1000
SizeOfRawData 0xa800
PointerToRawData 0x600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.12082

.rdata

MD5 829355a9608ab8185f6615b4f22af0bc
SHA1 26266bb33ca553eeb37dbc3a8a3b846c2e27e6aa
SHA256 2b556545ee6cb0fc4476f02e256fb1f2e519eda77c7a88ff2bd8e3abc48cefa0
SHA3 c6599bce8bec785f9b6fedfa035b93ffb74c0760d4b9e40c9c3caacc930d5188
VirtualSize 0x3160
VirtualAddress 0xc000
SizeOfRawData 0x3200
PointerToRawData 0xae00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.01169

.data

MD5 c16fbb0be40f07e6bfbd42dc0b60a4c8
SHA1 1ea17f6e13442919657dad56f362825aec1ca69e
SHA256 ad0283e72a30dfa86b9fdacc5fa2eb232b8562663f39207d416990ab2c968164
SHA3 f27792761d0433b7ecb733bee4da57ff0f79127d20d6d2f6611d22daa8143e31
VirtualSize 0x2844
VirtualAddress 0x10000
SizeOfRawData 0x1800
PointerToRawData 0xe000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.589444

.pdata

MD5 030e7ee475426d9789f617f6a1741725
SHA1 3ae51e87310abdcf20d929a419ccc0f3e04157ef
SHA256 f194ed35aa4c079e08ed662d42f8ac8ae7e08c94680eaa5de7b3682a34c4d7fa
SHA3 913eab8dffc9611094585c17ede5492f7b70c6358ce5391f4dee7e3f1ef2a48b
VirtualSize 0x6b4
VirtualAddress 0x13000
SizeOfRawData 0x800
PointerToRawData 0xf800
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.06555

.rsrc

MD5 fcdc6078cc648659d71630238e59fd4b
SHA1 b95407722035e61a506e966e347a6914ae74ffa3
SHA256 e80c358ecca35e6c177f9e1222e1fba4381d1e596870ba53d6d0c291d33e3865
SHA3 e4eaedde57ca82b8731995ad728f3834fab88c3c49eeacf9635f5df99723fed3
VirtualSize 0x1f160
VirtualAddress 0x14000
SizeOfRawData 0x1f200
PointerToRawData 0x10000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 7.36544

.reloc

MD5 ddbbe3bc79f8b4c4a6aafd3a93231def
SHA1 743f2be9086d8ae761bb9960d1c8c58d4b7e51d9
SHA256 88f1bebc269f0d9a1895a47ddbedf61d30caa562d5716ec4b67bf0a3579b8890
SHA3 9648c237ddd56a9740e24dfa140b9cbd4df8759f811a79e6876133d29a3d1c21
VirtualSize 0xb8
VirtualAddress 0x34000
SizeOfRawData 0x200
PointerToRawData 0x2f200
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 2.32529

Imports

ADVAPI32.dll RegSetValueExW
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegOpenKeyExW
IsTextUnicode
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
KERNEL32.dll GetLocalTime
GetDateFormatW
GetTimeFormatW
GlobalLock
GlobalUnlock
GetUserDefaultUILanguage
HeapAlloc
GetCurrentProcess
HeapFree
GlobalAlloc
LoadLibraryW
Wow64DisableWow64FsRedirection
lstrcmpW
Wow64RevertWow64FsRedirection
GetFileAttributesW
GetModuleFileNameW
FreeLibraryAndExitThread
IsWow64Process
CreateThread
FindNLSString
UnmapViewOfFile
LocalReAlloc
MultiByteToWideChar
MapViewOfFile
CreateFileMappingW
GetFileInformationByHandle
SetEndOfFile
DeleteFileW
GetACP
WriteFile
SetLastError
WideCharToMultiByte
GetLastError
LocalSize
GetFullPathNameW
FoldStringW
LocalUnlock
LocalLock
FormatMessageW
FindClose
ReadFile
FindFirstFileW
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
GetCurrentProcessId
HeapSetInformation
GetCommandLineW
lstrlenW
MulDiv
GetLocaleInfoW
GlobalFree
LocalAlloc
QueryPerformanceCounter
GetVersionExW
CloseHandle
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
Sleep
CreateFileW
SetErrorMode
lstrcmpiW
LocalFree
GetProcessHeap
UnhandledExceptionFilter
GDI32.dll StartPage
StartDocW
SetAbortProc
DeleteDC
EndDoc
AbortDoc
EndPage
GetTextMetricsW
SetBkMode
LPtoDP
SetWindowExtEx
SetViewportExtEx
SetMapMode
GetTextExtentPoint32W
TextOutW
EnumFontsW
GetTextFaceW
SelectObject
DeleteObject
CreateFontIndirectW
GetDeviceCaps
CreateDCW
USER32.dll GetDlgItemTextW
EndDialog
SendDlgItemMessageW
GetDlgCtrlID
WinHelpW
GetCursorPos
ScreenToClient
ChildWindowFromPoint
GetParent
GetWindowPlacement
CharUpperW
GetSystemMenu
LoadAcceleratorsW
SetWindowLongW
RegisterWindowMessageW
LoadCursorW
CreateWindowExW
SetWindowPlacement
LoadImageW
RegisterClassExW
SetScrollPos
InvalidateRect
UpdateWindow
GetWindowTextLengthW
GetWindowLongW
PeekMessageW
SetDlgItemTextW
EnableWindow
CreateDialogParamW
DrawTextExW
GetSystemMetrics
SetWindowPos
GetAncestor
FindWindowW
SetForegroundWindow
OpenClipboard
GetMenuState
SetWindowTextW
UnhookWinEvent
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
IsDialogMessageW
GetMessageW
SetWinEventHook
CharNextW
GetKeyboardLayout
GetForegroundWindow
MessageBeep
DestroyWindow
PostQuitMessage
IsIconic
DefWindowProcW
CloseClipboard
GetWindowTextW
IsClipboardFormatAvailable
LoadStringW
SetActiveWindow
SetCursor
ReleaseDC
GetDC
ShowWindow
CheckMenuItem
MessageBoxW
GetFocus
LoadIconW
DialogBoxParamW
SetFocus
GetSubMenu
EnableMenuItem
GetMenu
PostMessageW
MoveWindow
SendMessageW
GetClientRect
msvcrt.dll memset
_vsnwprintf
_wtol
iswctype
wcsrchr
wcsncmp
__getmainargs
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_acmdln
exit
_cexit
__C_specific_handler
_XcptFilter
_exit
_ismbblead
?terminate@@YAXXZ
memcpy
COMDLG32.dll CommDlgExtendedError
GetSaveFileNameW
ReplaceTextW
FindTextW
PageSetupDlgW
ChooseFontW
GetFileTitleW
PrintDlgExW
GetOpenFileNameW
SHELL32.dll SHGetFolderPathW
ShellExecuteExW
DragFinish
SHCreateItemFromParsingName
ShellAboutW
DragQueryFileW
SHAddToRecentDocs
DragAcceptFiles
WINSPOOL.DRV GetPrinterDriverW
ClosePrinter
OpenPrinterW
ole32.dll CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
SHLWAPI.dll PathIsFileSpecW
SHStrDupW
COMCTL32.dll CreatePropertySheetPageW
PropertySheetW
CreateStatusWindowW
#345
OLEAUT32.dll #6
#2
ntdll.dll RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString
NtQueryLicenseValue
WinSqmIncrementDWORD
WinSqmAddToStream
VERSION.dll VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

Delayed Imports

1

Type MUI
Language English - United States
Codepage UNKNOWN
Size 0xf0
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.62139
MD5 fc5665075982ecfc83a649d7297c55ef
SHA1 9d4f3d0d0992e810e9d52109f21c46f73f531c5c
SHA256 ce002a75093d1a772c05ea81cc941f859da9a5bb21d1c767e2fc2a192aefffb4
SHA3 20d8c91232b8722c7883b1c334d50be739594cec4ffd4eb5d0bb6138c8010881

51209

Type RT_BITMAP
Language English - United States
Codepage UNKNOWN
Size 0x561a
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 6.60979
MD5 8c41ea4a8f0abcc24d58e9989c66cdbc
SHA1 bfda2c943954d3d30f54017d3e62cf088750e9c1
SHA256 7d27a665610b7389487909c3fc5593f4b45e4e91b15c277cd586cf290ec35561
SHA3 481b9c72dcaabfa6152a1644a7e2de14972d9670fdf41d7815b79394e75066bf
Preview

1 (#2)

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x668
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.14638
MD5 5e0424a037ed1cf4b86d9caed970dff9
SHA1 ba25c046ab514ed9c0fe80d94b538cc14eb9873e
SHA256 9cfb3aa9a4d088001f7f04eca941768005a833b82c7a468758758db4851aaf7d
SHA3 52bb085f2b6bc4139fdd5dddf1270ac5ab0d718640a03a4553d58f9141ba1a18

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x2e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.46342
MD5 e90a939e1107e27e1d95c25e2eb0f65a
SHA1 0803a228263f67063a0d9ceb8b83638096c61b2a
SHA256 b096e4dddb79ce105a0c4ed8e8e0a42012910af392b49a27223fe4a3853291a2
SHA3 a547598048e9e5a2f151cab7647e631768c5d1bc83ed2d1c8b337dfd4dd5e372

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x1e8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.41509
MD5 44b38e737f03387a86db70708b9c5c4a
SHA1 44e99cdff9be3d4bea4ded3ebcde372ba56baacb
SHA256 e6fd723d8995f3c9a271bcf3cd168d772edbae433ec92138138bd73509b70394
SHA3 6d6c519d41df66f6de815b571062fa1ff3ec142c4b040374c4a2e4237829acf4

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x128
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.19139
MD5 4c7576e8f541bb3e4915569e56509ae1
SHA1 0dc868575ce6ed6b549f802c5f76b3595e754147
SHA256 26221463542ad738ffb44cea755f5fa9de96f60ecd60e77e916f119772b76721
SHA3 5031fd914a31642187c6ee518342092b19bc479212e0a1f67a7827a300b11d5f

5

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0xea8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.33873
MD5 7684234aae030b0e361b77c545f619ad
SHA1 34f7b236d427701a82527e0c3f3b5cfad2b37373
SHA256 8369d3da7b57396a5ee78180ae5cc14f6b221d24f0dd7bcdea08e8fd72fe1629
SHA3 c06855cd1cb761ba46cfd6703ed55889c5e22e421d48fdf1396448fb0cee8f85

6

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x8a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.88711
MD5 30678f5b06bc441a5bd8ed2848236144
SHA1 1adf74277fe7a55c071771793d7e7a7077583f9a
SHA256 a2168a636b61b10eb79fc206ff59759a540b0bc50d647b12b0d9307f05a67a6d
SHA3 06f683a14c16a932ff56038bee77a48768f76b6b522abd76b72005977e2a7104

7

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x6c8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.77815
MD5 c50e91e6d59210580879f7bc5bd36d62
SHA1 7c87c25593e11a38033eaae1f613feecb190cd82
SHA256 8b42d06bec9c3d35da35f76e0cca9f3a54a8cf20f16964b9e96723f4c8dc4561
SHA3 578047f04726ad769f9af3d11704858d6320710f23cb9db168ea3b1d7a0c45e6

8

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x568
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.50319
MD5 011bde7b9c82d9453b7222950f92b18b
SHA1 2293e504ce311c482fee674198ec1ac2ffbd82f6
SHA256 dff0eed97555ee8f8a77fcac31e6d72bb11881e26eee69d5d5b731219de3c788
SHA3 45b672e12f38af60a224782a1eaa6fabe4b286473b24bbbdee70a82280ecc44d

9

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x11958
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 7.92667
Detected Filetype PNG graphic file
MD5 489350e7dbc2bd241eeeaf928c84198b
SHA1 bc50c87a93df8fa475994e5bec8c18f826d2790e
SHA256 dc43f5a4d409399ac9d014a3200eb8467a1256091132d27c096116da451d0aee
SHA3 2ce1ce5c3caabb4d40b8659cd1927cc34d3fe078e81feee7eb029740e123e332

10

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.91734
MD5 a0873adc85c929c39f54b1e889c20411
SHA1 a6778fc4cd3630e32ffd09491b9817eb549df98c
SHA256 054ae41265916de67a1444323c375e9bc8a77d374725aa0097fcc7abc882cf84
SHA3 845ecb1f9b158c9be9356b7ac225906a52ebb30ee74a35c6831c1ed0508b0b6b

11

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.5052
MD5 02f5aa301d295fa4ee30646e84ccdc84
SHA1 0973663fb700560f73b3fa839af2cdb5cdd35a91
SHA256 d3f2dc2ab4931a5892c2f8fb3fed87f84145bc8457b01f73651532e187eff417
SHA3 373758198c6ebba8b2dc5b5919e8926470af328251eb707070d3a1b02d0fc39e

12

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x988
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.68535
MD5 619569ee7f33365f88c67e5792ed5545
SHA1 146f599e47c7440cabb569e219042feb53f72bad
SHA256 7a1ede8d87b5e96a18742ea533e91325ff4fecb917a36bab3ddf2e2003053989
SHA3 be4bf9fbf543b75ab22d303c83563805afab0346a0a80e384913d2ec9f6ee766

13

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 5.42791
MD5 4aac2b52c5ac1670ebde434fd25a57e3
SHA1 05297673819212e45963685777defc78bf195ae9
SHA256 6e9662f0050a45633759bb21e7a6a395479673a5d6b9fcb80c34637c8d1fb45a
SHA3 0904557d3576c69d341c3826c0fd69e1c7f24d374fa9f56cf3ee73ff2d05458d

2 (#2)

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0xbc
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.08181
Detected Filetype Icon file
MD5 7c02d334d2fd7620f9597a31f3fc404b
SHA1 4ecbb36af4cd46a792d513076f4e3a287935df07
SHA256 ac169d9ac176c5b6a2c3e06942b958ea9c789bd82f79b2f1ac0197e37a3149d4
SHA3 2c2ad36d5c878c1a1648e4a115ab6c443ae3aa28802570ce06aa90a658dacf48

1 (#3)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x36c
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.57085
MD5 419ed3e42aaba5a9854604d28112d1d8
SHA1 1c125a04314774feff7bccd3380eb5d4efc2414b
SHA256 11c9e2db5094fdc4ece0accb54c85601a8ba1759f1df1386f1475c788b9cf245
SHA3 dc74269beb16a34f952289868c10727695d7637584415541dca73f22029272a4

1 (#4)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x494
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.9677
MD5 571eb5e04519fc6b9c45b375500b00d5
SHA1 4b3065754945efe6cb67dec33d0f874637290c30
SHA256 aeb89604edeba1a1abc67bf206d1d3207df1e02ce63e3862348cf748b474b6f8
SHA3 88c96b1c183814145b58b56d5bdb1e3c30022bb046577295745ec3b53a1d51e9

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 6.1.7600.16385
ProductVersion 6.1.7600.16385
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Notepad
FileVersion (#2) 6.1.7600.16385 (win7_rtm.090713-1255)
InternalName Notepad
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename NOTEPAD.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 6.1.7600.16385
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2009-Jul-13 23:56:35
Version 0.0
SizeofData 36
AddressOfRawData 0xb74c
PointerToRawData 0xad4c
Referenced File notepad.pdb

IMAGE_DEBUG_TYPE_RESERVED

Characteristics 0
TimeDateStamp 2009-Jul-13 23:56:35
Version 565.6526
SizeofData 4
AddressOfRawData 0xb748
PointerToRawData 0xad48

TLS Callbacks

Load Configuration

RICH Header

XOR Key 0x7a5ca3c7
Unmarked objects 0
C++ objects (VS2008 SP1 build 30729) 1
ASM objects (VS2008 SP1 build 30729) 2
Imports (VS2008 SP1 build 30729) 29
Total imports 244
C objects (VS2008 SP1 build 30729) 20
137 (VS2008 SP1 build 30729) 11
Linker (VS2008 SP1 build 30729) 1
Resource objects (VS2008 SP1 build 30729) 1

Errors

<-- -->