nppshell[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

nppshell.exe
Size

2.1MB
MD5

14babf2e06fda6c120cbe98c0746a984
SHA1

57ccbb753fa2a6ea8e6f45c1ced3326404969b04
SHA256

202a9c874e794f55e31ef038652d20e16672372539c71394ddeda724deb3a3ab
SHA512

20917024c4ae78de051457d65a7f4d192542bea4aab39dc289c71e92a578fc353e396d95c6a3a5001c6480c040ce735b2d4550820a8b1fa092afdbf0c45a1e57
SSDEEP

49152:0Dv5ESHLhxCaOAJpMG5uozbf1T8zhNjox1l5fr3Wyx2:++CL7TOAJ2G5uoNT5x1bfr3nQ

Score

N/A

Malware Config

Signatures

Files

nppshell.exe
.exe windows x86

8556c522621bf551eddbfefc45061d4e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapAlloc
GetCurrentProcess
QueryPerformanceCounter
GetEnvironmentStringsW
GetProcessHeap
IsBadReadPtr
GetUserDefaultLangID
GetCommandLineA
FormatMessageW
HeapDestroy
HeapCreate
GetFileAttributesW
GetACP
lstrlenW
RaiseException
LCMapStringA
GetLastError
SetLastError
IsValidCodePage
GetLargePageMinimum
GetOEMCP
TlsGetValue
IsDebuggerPresent
QueryPerformanceFrequency
DeleteFileW
GetCurrentProcessId
LocalFree
LCMapStringW
WideCharToMultiByte
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetCommandLineW
lstrlenA
SetConsoleTitleW
GetSystemDefaultLangID
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
GetStartupInfoW
RtlUnwind
HeapFree
GetModuleHandleW
GetProcAddress
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
Sleep
HeapSize
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
VirtualFree
GetTickCount
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetModuleHandleA

user32

OpenIcon
GetTopWindow
IsZoomed
GetLastActivePopup
GetParent
GetWindowTextLengthA
wsprintfW
GetDesktopWindow
IsWindow
IsWow64Message
MessageBoxW
IsWindowVisible
GetDlgCtrlID
GetDialogBaseUnits
GetMessageTime
GetShellWindow

gdi32

GetMetaFileW

Sections

T0y6l@q;
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

5.y9..u1
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

BG5EEDAX
Size: 5KB - Virtual size: 2.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BDdt.FNP
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

GU=gq7VX
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

\oB<-YKe
Size: 281KB - Virtual size: 280KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.vlizer
Size: 582KB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Sharing

General

Malware Config

Signatures

Files

8556c522621bf551eddbfefc45061d4e

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Sections

T0y6l@q; Size: 1.2MB - Virtual size: 1.2MB

5.y9..u1 Size: 14KB - Virtual size: 14KB

BG5EEDAX Size: 5KB - Virtual size: 2.1MB

BDdt.FNP Size: 2KB - Virtual size: 2KB

GU=gq7VX Size: - Virtual size: 10KB

\oB<-YKe Size: 281KB - Virtual size: 280KB

.vlizer Size: 582KB - Virtual size: 2.3MB

T0y6l@q;
Size: 1.2MB - Virtual size: 1.2MB

5.y9..u1
Size: 14KB - Virtual size: 14KB

BG5EEDAX
Size: 5KB - Virtual size: 2.1MB

BDdt.FNP
Size: 2KB - Virtual size: 2KB

GU=gq7VX
Size: - Virtual size: 10KB

\oB<-YKe
Size: 281KB - Virtual size: 280KB

.vlizer
Size: 582KB - Virtual size: 2.3MB