a4a5495c62f1447331cf4e313ddabf7b244b003860bab4a614b8ea4b91e84f44

Sharing

Copy URL Twitter E-mail

General

Target

a4a5495c62f1447331cf4e313ddabf7b244b003860bab4a614b8ea4b91e84f44
Size

3.9MB
MD5

152852818d17bca982a352667af3c808
SHA1

f96cc785b1b6de05190c8d85f52a8d60b5b71f8c
SHA256

a4a5495c62f1447331cf4e313ddabf7b244b003860bab4a614b8ea4b91e84f44
SHA512

9ffa02d6ec966b024d9a9c6e67f8e8f06b099a3b989c6b284d057f400c5eef41144c8c760a416835a3a1bc900ee7896ca1f1af264c10b80571b4e873fb54a1ad
SSDEEP

98304:5nhsAIWX4tjhMmrhA/1up6POU26iF4hAH22T1SW/J7RmC:5hsyX4tjuAhA/8pixRiKhg15/BRmC

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/敏感信息泄露列表-待确认/Notepad++/plugins/mimeTools/mimeTools.dll
unpack001/敏感信息泄露列表-待确认/Notepad++/uninstall.exe

Files

a4a5495c62f1447331cf4e313ddabf7b244b003860bab4a614b8ea4b91e84f44
.zip
敏感信息泄露列表-待确认/Notepad++/LICENSE
敏感信息泄露列表-待确认/Notepad++/NppShell_06.dll
.dll regsvr32 windows:5 windows x64 arch:x64

5c0edb7e35310ff8f3aabe7a6043f076

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:d7:83:88:82:c2:c2:77:d6:d1:26:77:c8:05:bc:b0:d0:d9:dc:ae
Signer

Actual PE Digest

d2:d7:83:88:82:c2:c2:77:d6:d1:26:77:c8:05:bc:b0:d0:d9:dc:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteW
DragQueryFileW

shlwapi

StrRChrW
PathFindExtensionW

msimg32

AlphaBlend

kernel32

GetLastError
lstrcatW
lstrlenW
GetModuleFileNameW
lstrcpynW
GetVersionExW
CreateProcessW
lstrcpynA
FindFirstFileW
GetProcAddress
LoadLibraryW
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
FindClose

user32

DestroyIcon
ReleaseDC
SetRect
GetDC
GetIconInfo
DrawIconEx
SetMenuItemInfoW
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
MessageBoxW
InsertMenuW
SetMenuInfo
EndDialog
GetDlgItem
CreateIconIndirect
wsprintfW
DialogBoxParamW
DrawTextW
CharUpperBuffW
LoadImageW
PostMessageW

gdi32

CreateSolidBrush
RoundRect
CreatePen
DeleteDC
SetBkColor
CreateFontIndirectW
SetTextColor
GetTextExtentPoint32W
GetDIBits
DeleteObject
SelectObject
SetBkMode
CreateDIBSection
CreateCompatibleDC

advapi32

RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx

msvcr90

_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
__C_specific_handler
_amsg_exit
_onexit
_encoded_null
free
memset
_initterm
_malloc_crt
_encode_pointer
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
memcmp
??_U@YAPEAX_K@Z
_decode_pointer
_initterm_e

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/Notepad++/autoCompletion/BaanC.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/actionscript.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/autoit.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/batch.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/c.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/cmake.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/cobol.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/coffee.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/cpp.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/cs.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/css.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/html.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/java.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/javascript.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/lisp.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/lua.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/nsis.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/perl.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/php.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/python.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/rc.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/sql.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/tex.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/vb.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/vhdl.xml
.xml
敏感信息泄露列表-待确认/Notepad++/autoCompletion/xml.xml
.xml
敏感信息泄露列表-待确认/Notepad++/change.log
敏感信息泄露列表-待确认/Notepad++/contextMenu.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/ada.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/asm.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/autoit.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/baanc.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/bash.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/batch.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/c.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/cobol-free.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/cobol.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/cpp.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/cs.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/fortran.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/fortran77.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/haskell.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/ini.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/inno.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/java.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/javascript.js.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/krl.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/nsis.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/overrideMap.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/perl.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/php.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/powershell.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/python.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/ruby.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/rust.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/sinumerik.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/sql.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/universe_basic.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/vhdl.xml
.xml
敏感信息泄露列表-待确认/Notepad++/functionList/xml.xml
.xml
敏感信息泄露列表-待确认/Notepad++/langs.model.xml
.xml .js polyglot
敏感信息泄露列表-待确认/Notepad++/localization/chineseSimplified.xml
.xml
敏感信息泄露列表-待确认/Notepad++/localization/english.xml
.xml
敏感信息泄露列表-待确认/Notepad++/notepad++.exe
.exe windows:5 windows x64 arch:x64

a651d074cf27b2954131bb4baf8b5e8c

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:8b:11:7f:81:5a:ff:74:ec:28:a9:39:73:c7:31:04:51:9c:6a:9b
Signer

Actual PE Digest

2a:8b:11:7f:81:5a:ff:74:ec:28:a9:39:73:c7:31:04:51:9c:6a:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_BeginDrag
ImageList_EndDrag
ImageList_SetIconSize
ImageList_DragMove
ImageList_DragShowNolock
ord17
ImageList_AddMasked
ImageList_GetImageCount
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
ImageList_Create
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_Draw
ord413
ord412
ImageList_DragEnter
ord410

shlwapi

PathIsRelativeW
ColorRGBToHLS
PathStripPathW
PathAppendW
PathAddExtensionW
PathRemoveExtensionW
PathIsDirectoryW
PathCombineW
AssocQueryStringW
PathMatchSpecW
PathFindFileNameW
PathGetDriveNumberW
PathCompactPathExW
PathFindExtensionW
PathFileExistsW
PathRemoveFileSpecW
ColorHLSToRGB

shell32

SHFileOperationW
SHCreateItemFromParsingName
DragQueryPoint
DragFinish
ShellExecuteW
ord165
SHGetFolderPathW
DragQueryFileW
Shell_NotifyIconW

dbghelp

ImageNtHeader

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

crypt32

CryptQueryObject
CertGetNameStringW
CertNameToStrW
CertGetCertificateContextProperty
CertFindCertificateInStore
CertCloseStore
CryptMsgGetParam
CryptMsgClose

wintrust

WinVerifyTrust

sensapi

IsDestinationReachableW
IsNetworkAlive

wininet

InternetCrackUrlW

imm32

ImmSetCompositionStringW
ImmEscapeW
ImmGetCompositionStringW
ImmSetCompositionWindow
ImmSetCompositionFontW
ImmReleaseContext
ImmGetContext
ImmNotifyIME
ImmSetCandidateWindow

msimg32

AlphaBlend

kernel32

GlobalLock
GetCurrentDirectoryW
GlobalAlloc
FormatMessageW
LCMapStringW
ExpandEnvironmentStringsW
SetCurrentDirectoryW
FreeLibrary
LoadResource
LockResource
SizeofResource
FindResourceW
GetCurrentThreadId
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
CopyFileW
CreateFileW
GetCurrentProcess
GetCurrentProcessId
LoadLibraryW
ReleaseMutex
CreateMutexW
Sleep
GlobalSize
lstrcpynW
WaitForMultipleObjects
CopyFileExW
GetSystemInfo
GetVersionExW
DeleteFileW
MapViewOfFile
UnmapViewOfFile
GetLocalTime
GetTempPathW
SetLastError
CancelIo
SleepEx
WaitForSingleObjectEx
QueueUserAPC
ReadDirectoryChangesW
GetLocaleInfoA
GetTickCount
LoadLibraryA
GetStringTypeExW
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
DuplicateHandle
VirtualFree
VirtualAlloc
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetTimeFormatW
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetLocaleInfoW
CompareStringW
GetCPInfo
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
QueryPerformanceFrequency
QueryPerformanceCounter
RaiseException
DecodePointer
EncodePointer
RtlPcToFileHeader
GetStringTypeW
DeleteCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateDirectoryW
CompareFileTime
lstrlenW
lstrcmpW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetACP
GlobalFree
GetModuleFileNameW
GetVersion
MulDiv
LocalFree
LocalAlloc
GetDateFormatW
GetLastError
OutputDebugStringW
lstrcmpiW
LoadLibraryExW
GetProcAddress
GetModuleHandleW
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList
GlobalUnlock
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
MoveFileExW
lstrcpyW
SetFileAttributesW
GetLongPathNameW
GetFullPathNameW
GetProcessAffinityMask
GetFileAttributesExW
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
RtlUnwindEx
ReadFile
ExitProcess
GetModuleHandleExW
ExitThread
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetFileType
GetConsoleMode
ReadConsoleW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
FlushFileBuffers
GetConsoleCP
SetFilePointerEx
GetFileSizeEx
IsValidCodePage
GetOEMCP
HeapReAlloc
FindFirstFileExW
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwind
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle
HeapSize
SetEndOfFile
WriteConsoleW
CreateFileMappingW

user32

GetCapture
SetRectEmpty
AppendMenuW
RegisterWindowMessageW
CreateCursor
DestroyCursor
ScrollWindow
GetPropW
RemovePropW
SetScrollInfo
LoadStringW
InsertMenuItemW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
KillTimer
GetCaretBlinkTime
AppendMenuA
GetMessageTime
GetKeyboardLayout
ValidateRect
SetTimer
MsgWaitForMultipleObjects
GetScrollInfo
NotifyWinEvent
GetUpdateRgn
SystemParametersInfoA
GetDoubleClickTime
DrawTextA
CopyImage
MonitorFromPoint
LoadStringA
MonitorFromRect
GetComboBoxInfo
DestroyIcon
GetSysColorBrush
MessageBoxA
AdjustWindowRectEx
GetWindowTextLengthW
TrackPopupMenu
FlashWindowEx
UnregisterClassW
PostQuitMessage
DispatchMessageW
TranslateMessage
GetMessageW
MapWindowPoints
BringWindowToTop
ReleaseCapture
SetCapture
GetActiveWindow
GetDlgCtrlID
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
RedrawWindow
IsChild
FindWindowExW
GetAsyncKeyState
SetMenuItemInfoW
InsertMenuW
GetMenuItemCount
EnableMenuItem
CheckMenuItem
DestroyMenu
CreatePopupMenu
CreateMenu
GetMenuState
EmptyClipboard
SetClipboardData
IsWindow
GetDlgItemInt
FrameRect
CreateDialogParamW
InflateRect
GetSysColor
ClientToScreen
IsWindowVisible
ShowWindow
SetForegroundWindow
RegisterClipboardFormatW
GetClipboardData
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
OpenClipboard
LoadCursorW
GetParent
CreateDialogIndirectParamW
ShowCaret
HideCaret
DestroyCaret
CreateCaret
SetCursor
MessageBeep
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ReleaseDC
GetDC
UpdateWindow
DrawTextExW
GetMenu
GetSystemMetrics
ToAscii
GetKeyboardState
GetFocus
SetWindowPlacement
GetWindowPlacement
DestroyWindow
SetMenuItemBitmaps
DeleteMenu
DrawMenuBar
GetMenuStringW
TranslateAcceleratorW
DestroyAcceleratorTable
ShowCursor
FindWindowW
CreateAcceleratorTableW
GetClassNameA
IsCharLowerW
IsCharAlphaNumericW
IsZoomed
IsIconic
ModifyMenuW
IsCharAlphaW
CharLowerW
CharUpperW
DrawIcon
GetDlgItemTextA
LoadMenuW
IsDialogMessageW
SetMenu
RealChildWindowFromPoint
GetMonitorInfoW
MonitorFromWindow
GetMenuItemID
GetSubMenu
RemoveMenu
GetIconInfo
CreateWindowExW
RegisterClassW
PostMessageW
DrawFrameControl
DrawEdge
SetWindowPos
SetFocus
MoveWindow
DrawIconEx
LoadImageW
EnableWindow
GetKeyState
SendDlgItemMessageW
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
GetMenuBarInfo
GetClassNameW
EnumChildWindows
GetWindowLongW
PtInRect
OffsetRect
IntersectRect
FillRect
DrawFocusRect
ScreenToClient
GetCursorPos
GetWindowRect
GetClientRect
GetWindowTextW
InvalidateRect
EndPaint
BeginPaint
DrawTextW
GetMenuItemInfoW
DefWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowTextW
GetDlgItemTextW
SetDlgItemTextW
SetDlgItemTextA
GetDlgItem
CallWindowProcW
SendMessageW
MessageBoxW
wsprintfW
GetAncestor
SystemParametersInfoW
SetPropW
CreateIconIndirect
LoadIconW
GetDesktopWindow
WindowFromPoint
LockWindowUpdate
TrackMouseEvent
SetCaretPos
CheckMenuRadioItem
GetDCEx
mouse_event
SetDlgItemInt
IsClipboardFormatAvailable
LoadBitmapW
RegisterClassExW

gdi32

GetPixel
BitBlt
RestoreDC
SaveDC
DeleteDC
GetDeviceCaps
SetWindowOrgEx
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
MoveToEx
LineTo
CreateHatchBrush
SetBkColor
GetTextMetricsW
SetROP2
GetStockObject
GetObjectW
CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
GetDIBits
SetDIBits
EnumFontFamiliesExW
SetTextAlign
StartDocW
EndDoc
StartPage
EndPage
ExtTextOutW
DPtoLP
GetTextExtentPointW
StretchBlt
CombineRgn
IntersectClipRect
RoundRect
Ellipse
Polygon
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPoint32A
CreateDIBSection
ExtTextOutA
GetROP2
CreateFontW
Rectangle
SetBkMode
SelectObject
SelectClipRgn
GetTextExtentPoint32W
GetClipRgn
ExcludeClipRect
DeleteObject
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePen
CreateFontIndirectW
Polyline
OffsetWindowOrgEx
CreateFontA

comdlg32

ChooseColorW
PrintDlgW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
IsTextUnicode

ole32

CLSIDFromProgID
RegisterDragDrop
OleInitialize
DoDragDrop
OleUninitialize
ReleaseStgMedium
CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateInstance
RevokeDragDrop

oleaut32

SysAllocString
SysFreeString

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeBackgroundContentRect
GetThemePartSize
GetThemeFont
SetWindowTheme
DrawThemeParentBackground
DrawThemeTextEx
GetThemeTransitionDuration
BufferedPaintRenderAnimation
EndBufferedAnimation
BeginBufferedAnimation
BufferedPaintStopAllAnimations

Sections

.text
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 973KB - Virtual size: 972KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 68KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/Notepad++/plugins/Config/nppPluginList.dll
.dll windows:6 windows x64 arch:x64

a7f2201392e4ee29f6e0e2272044bbbe

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:44:11:65:e7:73:d4:bf:cd:54:ce:ce:e1:68:bc:7c:0b:34:de:84
Signer

Actual PE Digest

97:44:11:65:e7:73:d4:bf:cd:54:ce:ce:e1:68:bc:7c:0b:34:de:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/Notepad++/plugins/NppConverter/NppConverter.dll
.dll windows:6 windows x64 arch:x64

c1f049407ab796f51bc6dc486a89941e

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:f0:f6:b5:58:e5:73:a7:0c:29:3d:7a:e4:41:20:cf:2e:e3:39:a6
Signer

Actual PE Digest

7f:f0:f6:b5:58:e5:73:a7:0c:29:3d:7a:e4:41:20:cf:2e:e3:39:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameW
PathFileExistsW

kernel32

RaiseException
SetEndOfFile
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
GetLastError
LockResource
GlobalFree
LoadResource
FindResourceW
GetPrivateProfileIntW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
lstrcpyW
WriteConsoleW
HeapReAlloc
HeapSize
CreateFileW
ReadConsoleW
ReadFile
SetStdHandle
GetStringTypeW
GetProcessHeap
LCMapStringW
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW

user32

ShowWindow
MoveWindow
SetFocus
GetDlgItem
UpdateWindow
InvalidateRect
GetWindowTextW
CreateDialogParamW
GetWindowRect
SetWindowLongPtrW
IsWindowVisible
MessageBoxA
GetClientRect
CreateDialogIndirectParamW
RegisterClipboardFormatW
SendMessageW
OpenClipboard
CloseClipboard
EmptyClipboard
SendDlgItemMessageW
SendDlgItemMessageA
SetClipboardData
DestroyWindow
MessageBoxW
GetWindowLongPtrW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/Notepad++/plugins/NppExport/NppExport.dll
.dll windows:6 windows x64 arch:x64

e7e826cdad4b21672c606b98d0833586

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d7:33:99:9e:bf:1a:a0:5d:28:3f:17:c4:ec:b6:47:63:c9:1d:bb:7b
Signer

Actual PE Digest

d7:33:99:9e:bf:1a:a0:5d:28:3f:17:c4:ec:b6:47:63:c9:1d:bb:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
MulDiv
lstrcpynW
lstrcpyW
lstrcatW
MultiByteToWideChar
WriteConsoleW
CloseHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
WriteFile
CreateFileW
lstrcmpiA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetFilePointerEx
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW

user32

GetDC
EmptyClipboard
ReleaseDC
CloseClipboard
OpenClipboard
SendMessageW
MessageBoxW
RegisterClipboardFormatW
SetClipboardData

gdi32

GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
CreateFontW
SelectObject

comdlg32

GetSaveFileNameW

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/Notepad++/plugins/mimeTools/mimeTools.dll
.dll windows:6 windows x64 arch:x64

9eee3eb9a28f7fe264e99fb25e691a6b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
CreateProcessA
GetThreadContext
VirtualAllocEx
WriteProcessMemory
SetThreadContext
ResumeThread
CloseHandle
TerminateProcess
GetCurrentProcess
QueryPerformanceCounter
QueryPerformanceFrequency
Sleep
GetCurrentThreadId
InitializeCriticalSectionEx
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentProcessId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwindEx
InterlockedFlushSList
RtlPcToFileHeader
RaiseException
GetLastError
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
LCMapStringW
HeapAlloc
HeapFree
GetStdHandle
GetFileType
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
CreateFileW
WriteConsoleW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/Notepad++/readme.txt
敏感信息泄露列表-待确认/Notepad++/shortcuts.xml
.xml
敏感信息泄露列表-待确认/Notepad++/stylers.model.xml
.xml
敏感信息泄露列表-待确认/Notepad++/uninstall.exe
.exe windows:4 windows x86 arch:x86

1f23f452093b5c1ff091a2f9fb4fa3e9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ExitProcess
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
SetCurrentDirectoryW
GetFileAttributesW
SetEnvironmentVariableW
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
GetVersion
SetErrorMode
lstrlenW
lstrcpynW
CopyFileW
GetShortPathNameW
GlobalLock
CreateThread
GetLastError
CreateDirectoryW
CreateProcessW
RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
WriteFile
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
lstrcmpiW
MoveFileW
GetFullPathNameW
SetFileTime
SearchPathW
CompareFileTime
lstrcmpW
CloseHandle
ExpandEnvironmentStringsW
GlobalFree
GlobalUnlock
GetDiskFreeSpaceW
GlobalAlloc
FindFirstFileW
FindNextFileW
DeleteFileW
SetFilePointer
ReadFile
FindClose
lstrlenA
MulDiv
MultiByteToWideChar
WideCharToMultiByte
GetPrivateProfileStringW
WritePrivateProfileStringW
FreeLibrary
LoadLibraryExW
GetModuleHandleW

user32

GetSystemMenu
SetClassLongW
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongW
SetCursor
LoadCursorW
CheckDlgButton
GetMessagePos
LoadBitmapW
CallWindowProcW
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharPrevW
CharNextA
wsprintfA
DispatchMessageW
PeekMessageW
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
GetDC
SetTimer
SetWindowTextW
LoadImageW
SetForegroundWindow
ShowWindow
IsWindow
SetWindowLongW
FindWindowExW
TrackPopupMenu
AppendMenuW
CreatePopupMenu
EndPaint
CreateDialogParamW
SendMessageTimeoutW
wsprintfW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateFontIndirectW
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW

advapi32

AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
RegEnumValueW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegEnumKeyW

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 104KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/Notepad++/updater/GUP.exe
.exe windows:6 windows x64 arch:x64

fc933f2041320b70ef128dd4e38eca3f

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

96:5a:03:74:35:05:82:2e:25:80:17:2e:84:a1:70:2c:9e:1c:4a:ed
Signer

Actual PE Digest

96:5a:03:74:35:05:82:2e:25:80:17:2e:84:a1:70:2c:9e:1c:4a:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl

curl_easy_setopt
curl_easy_cleanup
curl_easy_init
curl_easy_perform

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathFindExtensionW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

kernel32

UnregisterWaitEx
LoadLibraryW
TlsSetValue
QueryDepthSList
InterlockedPopEntrySList
VirtualFree
VirtualProtect
VirtualAlloc
GetVersionExW
CreateDirectoryW
lstrlenW
Sleep
OutputDebugStringW
DeleteFileW
CreateThread
lstrcpyW
lstrcmpW
MoveFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
CreateEventW
GetLastError
SetEvent
CloseHandle
ResetEvent
CreateSemaphoreW
GetModuleHandleA
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SignalObjectAndWait
CreateTimerQueue
WriteConsoleW
SetEndOfFile
HeapSize
CreateFileW
HeapReAlloc
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
MultiByteToWideChar
TryEnterCriticalSection
DuplicateHandle
SwitchToThread
GetCurrentThread
GetExitCodeThread
SetLastError
TlsAlloc
TlsGetValue
RtlUnwind
TlsFree
GetTickCount
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ReadFile
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetFileType
HeapFree
HeapAlloc
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetTimeZoneInformation
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetStdHandle

user32

SetWindowTextW
SetDlgItemTextW
SendMessageW
MessageBoxA
GetDlgItemInt
SystemParametersInfoW
SetDlgItemInt
DialogBoxParamW
CreateWindowExW
EndDialog
MessageBoxW
SetWindowPos
GetWindowRect
FindWindowExW
GetDlgItemTextW

shell32

ShellExecuteW
SHFileOperationW

Sections

.text
Size: 660KB - Virtual size: 659KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 215KB - Virtual size: 215KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/Notepad++/updater/LICENSE
敏感信息泄露列表-待确认/Notepad++/updater/README.md
敏感信息泄露列表-待确认/Notepad++/updater/gup.xml
.xml
敏感信息泄露列表-待确认/Notepad++/updater/libcurl.dll
.dll windows:6 windows x64 arch:x64

e9d434eda5ec1ea7be4f822b520fd9c3

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

03/05/2019, 00:00

Not After

11/05/2022, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:f8:a7:97:7f:0c:69:a9:f5:d7:44:bc:e3:0f:12:12:ed:a8:91:af
Signer

Actual PE Digest

4f:f8:a7:97:7f:0c:69:a9:f5:d7:44:bc:e3:0f:12:12:ed:a8:91:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

send
ntohl
htonl
gethostname
ioctlsocket
freeaddrinfo
getaddrinfo
sendto
recvfrom
select
__WSAFDIsSet
WSAIoctl
WSASetLastError
socket
setsockopt
getsockopt
getpeername
connect
closesocket
WSACleanup
WSAStartup
ntohs
listen
htons
getsockname
bind
accept
WSAGetLastError
recv

wldap32

ord46
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord211
ord143

advapi32

CryptDestroyHash
CryptReleaseContext
CryptGenRandom
CryptEncrypt
CryptImportKey
CryptDestroyKey
CryptAcquireContextA
CryptHashData
CryptCreateHash
CryptGetHashParam

normaliz

IdnToAscii

crypt32

CertFreeCertificateContext

kernel32

GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapReAlloc
GetFileSizeEx
FlushFileBuffers
LCMapStringW
CompareStringW
GetEnvironmentStringsW
GetFullPathNameW
HeapAlloc
HeapFree
GetCurrentDirectoryW
SetStdHandle
GetConsoleCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
GetFileAttributesExW
GetStringTypeW
GetTimeZoneInformation
HeapSize
WriteConsoleW
ExitThread
CreateThread
GetModuleHandleA
GetTickCount64
ExpandEnvironmentStringsA
GetStdHandle
GetFileType
ReadFile
GetLastError
PeekNamedPipe
WaitForMultipleObjects
FreeLibrary
GetProcAddress
SleepEx
SetLastError
FormatMessageA
Sleep
CloseHandle
WaitForSingleObjectEx
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
GetSystemDirectoryA
RtlUnwind
LoadLibraryA
VerifyVersionInfoA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
FileTimeToSystemTime
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
SetFilePointerEx
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
SystemTimeToTzSpecificLocalTime

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_init
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_version
curl_version_info

Sections

.text
Size: 400KB - Virtual size: 400KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
敏感信息泄露列表-待确认/敏感信息泄露列表-待确认.pdf.lnk
.lnk

Sharing

General

Malware Config

Signatures

Files

5c0edb7e35310ff8f3aabe7a6043f076

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

d2:d7:83:88:82:c2:c2:77:d6:d1:26:77:c8:05:bc:b0:d0:d9:dc:aeSigner

Headers

File Characteristics

Imports

shell32

shlwapi

msimg32

kernel32

user32

gdi32

advapi32

ole32

msvcr90

Exports

Exports

Sections

.text Size: 19KB - Virtual size: 19KB

.rdata Size: 8KB - Virtual size: 8KB

.data Size: 1KB - Virtual size: 2KB

.pdata Size: 1024B - Virtual size: 780B

.rsrc Size: 185KB - Virtual size: 184KB

.reloc Size: 1024B - Virtual size: 684B

a651d074cf27b2954131bb4baf8b5e8c

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

2a:8b:11:7f:81:5a:ff:74:ec:28:a9:39:73:c7:31:04:51:9c:6a:9bSigner

Headers

DLL Characteristics

File Characteristics

Imports

comctl32

shlwapi

shell32

dbghelp

version

crypt32

wintrust

sensapi

wininet

imm32

msimg32

kernel32

user32

gdi32

comdlg32

advapi32

ole32

oleaut32

uxtheme

Sections

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

d2:d7:83:88:82:c2:c2:77:d6:d1:26:77:c8:05:bc:b0:d0:d9:dc:ae
Signer

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 780B

.rsrc
Size: 185KB - Virtual size: 184KB

.reloc
Size: 1024B - Virtual size: 684B

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

2a:8b:11:7f:81:5a:ff:74:ec:28:a9:39:73:c7:31:04:51:9c:6a:9b
Signer

.text
Size: 3.1MB - Virtual size: 3.1MB

.rdata
Size: 973KB - Virtual size: 972KB

.data
Size: 68KB - Virtual size: 147KB

.pdata
Size: 103KB - Virtual size: 103KB

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

.reloc
Size: 20KB - Virtual size: 20KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

97:44:11:65:e7:73:d4:bf:cd:54:ce:ce:e1:68:bc:7c:0b:34:de:84
Signer

.text
Size: 44KB - Virtual size: 43KB

.rdata
Size: 34KB - Virtual size: 34KB

.data
Size: 2KB - Virtual size: 6KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 71KB - Virtual size: 70KB

.reloc
Size: 2KB - Virtual size: 1KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

7f:f0:f6:b5:58:e5:73:a7:0c:29:3d:7a:e4:41:20:cf:2e:e3:39:a6
Signer

.text
Size: 101KB - Virtual size: 101KB

.rdata
Size: 47KB - Virtual size: 46KB

.data
Size: 3KB - Virtual size: 9KB

.pdata
Size: 6KB - Virtual size: 6KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

01:34:25:92:a0:01:0c:b1:10:9c:11:c0:51:9c:fd:24
Certificate