eab8c891120692ebebc7b0ef6c2445f7_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

eab8c891120692ebebc7b0ef6c2445f7_JaffaCakes118
Size

2.7MB
MD5

eab8c891120692ebebc7b0ef6c2445f7
SHA1

52af12274fd17ad3f6846e5c4f55299959a2b2a7
SHA256

a684a51b6e95420aebbbee4c67548db91e48dc506836fad30179e622fa5c30a7
SHA512

a2b0674969c5b119ad17586650dbd5d4ee95dbeb605f5bd4551be735c68833e7d798dc0c2a926cd24f7510ab1344953d9d0c5fd83008d4f74f15a6f2172f7e2c
SSDEEP

49152:Idk7UHlivu++WHiRH8JooY+B6i5M/sgXfo1hp37VU582VeGQTn3ho4MdtaTBw806:0vUu/EiRHeY+B6i5MUIfo9LY82VdknRh

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

eab8c891120692ebebc7b0ef6c2445f7_JaffaCakes118
.exe windows:4 windows x86 arch:x86

4f67aeda01a0484282e8c59006b0b352

Code Sign

05:5f:93:7a:9d:f7:3d:fd:90:ba:98:89:e4:c5:0a:11
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/01/2016, 00:00

Not After

29/01/2019, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:c1:4e:ce:b6:db:19:b0:1a:44:7c:29:41:13:b9:ff:08:b4:eb:12
Signer

Actual PE Digest

90:c1:4e:ce:b6:db:19:b0:1a:44:7c:29:41:13:b9:ff:08:b4:eb:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CopyFileA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetFileAttributesA
SetFileAttributesA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
GetCurrentProcess
GetFullPathNameA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
CloseHandle
SetCurrentDirectoryA
MoveFileA
CompareFileTime
GetShortPathNameA
SearchPathA
lstrcmpiA
SetFileTime
lstrcmpA
ExpandEnvironmentStringsA
lstrcpynA
SetErrorMode
GlobalFree
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
GlobalAlloc

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteKeyA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegOpenKeyExA
RegEnumValueA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

154903d617e825e7d4f76664593675fd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
lstrlenA
lstrcmpA
GetModuleHandleA
GlobalFree
MulDiv
lstrcpynA
GlobalAlloc
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
GetDC
ShowWindow
SendMessageA

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 364B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 608B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

cce05dea98cbac3a9d486b233588f528

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentProcess
GlobalAlloc
GetCurrentThread
GetModuleHandleA
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynA

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 673B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

ddbd50fe6279559edf7d1f1d89b42c2c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
GetPropA
CharPrevA
DrawFocusRect
GetWindowLongA
DrawTextA
GetClientRect
GetDlgItem
GetSysColor
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
MapWindowPoints
RemovePropA
GetWindowTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/config.model.xml
.xml
$TEMP/configModel.xml
.xml
$TEMP/langs.model.xml
.xml .js polyglot
$TEMP/langsModel.xml
.xml
$TEMP/nppLocalization/afrikaans.xml
.xml
$TEMP/nppLocalization/albanian.xml
.xml
$TEMP/nppLocalization/arabic.xml
.xml
$TEMP/nppLocalization/aragonese.xml
.xml
$TEMP/nppLocalization/aranese.xml
.xml
$TEMP/nppLocalization/azerbaijani.xml
.xml
$TEMP/nppLocalization/basque.xml
.xml
$TEMP/nppLocalization/belarusian.xml
.xml
$TEMP/nppLocalization/bengali.xml
.xml
$TEMP/nppLocalization/bosnian.xml
.xml
$TEMP/nppLocalization/brazilian_portuguese.xml
.xml
$TEMP/nppLocalization/bulgarian.xml
.xml
$TEMP/nppLocalization/catalan.xml
.xml
$TEMP/nppLocalization/chinese.xml
.xml
$TEMP/nppLocalization/chineseSimplified.xml
.xml
$TEMP/nppLocalization/croatian.xml
.xml
$TEMP/nppLocalization/czech.xml
.xml
$TEMP/nppLocalization/danish.xml
.xml
$TEMP/nppLocalization/dutch.xml
.xml
$TEMP/nppLocalization/english.xml
.xml
$TEMP/nppLocalization/english_customizable.xml
.xml
$TEMP/nppLocalization/esperanto.xml
.xml
$TEMP/nppLocalization/estonian.xml
.xml
$TEMP/nppLocalization/extremaduran.xml
.xml
$TEMP/nppLocalization/farsi.xml
.xml
$TEMP/nppLocalization/finnish.xml
.xml
$TEMP/nppLocalization/french.xml
.xml
$TEMP/nppLocalization/friulian.xml
.xml
$TEMP/nppLocalization/galician.xml
.xml
$TEMP/nppLocalization/georgian.xml
.xml
$TEMP/nppLocalization/german.xml
.xml
$TEMP/nppLocalization/greek.xml
.xml
$TEMP/nppLocalization/gujarati.xml
.xml
$TEMP/nppLocalization/hebrew.xml
.xml
$TEMP/nppLocalization/hindi.xml
.xml
$TEMP/nppLocalization/hungarian.xml
.xml
$TEMP/nppLocalization/indonesian.xml
.xml
$TEMP/nppLocalization/italian.xml
.xml
$TEMP/nppLocalization/japanese.xml
.xml
$TEMP/nppLocalization/kabyle.xml
.xml
$TEMP/nppLocalization/kannada.xml
.xml
$TEMP/nppLocalization/kazakh.xml
.xml
$TEMP/nppLocalization/korean.xml
.xml
$TEMP/nppLocalization/kyrgyz.xml
.xml
$TEMP/nppLocalization/latvian.xml
.xml
$TEMP/nppLocalization/ligurian.xml
.xml
$TEMP/nppLocalization/lithuanian.xml
.xml
$TEMP/nppLocalization/luxembourgish.xml
.xml
$TEMP/nppLocalization/macedonian.xml
.xml
$TEMP/nppLocalization/malay.xml
$TEMP/nppLocalization/marathi.xml
.xml
$TEMP/nppLocalization/mongolian.xml
.xml
$TEMP/nppLocalization/norwegian.xml
.xml
$TEMP/nppLocalization/nynorsk.xml
.xml
$TEMP/nppLocalization/occitan.xml
.xml
$TEMP/nppLocalization/polish.xml
.xml
$TEMP/nppLocalization/portuguese.xml
.xml
$TEMP/nppLocalization/punjabi.xml
.xml
$TEMP/nppLocalization/romanian.xml
.xml
$TEMP/nppLocalization/russian.xml
.xml
$TEMP/nppLocalization/samogitian.xml
.xml
$TEMP/nppLocalization/sardinian.xml
.xml
$TEMP/nppLocalization/serbian.xml
.xml
$TEMP/nppLocalization/serbianCyrillic.xml
.xml
$TEMP/nppLocalization/sinhala.xml
.xml
$TEMP/nppLocalization/slovak.xml
.xml
$TEMP/nppLocalization/slovenian.xml
.xml
$TEMP/nppLocalization/spanish.xml
.xml
$TEMP/nppLocalization/spanish_ar.xml
.xml
$TEMP/nppLocalization/swedish.xml
.xml
$TEMP/nppLocalization/tagalog.xml
.xml
$TEMP/nppLocalization/tajikCyrillic.xml
.xml
$TEMP/nppLocalization/tamil.xml
.xml
$TEMP/nppLocalization/tatar.xml
.xml
$TEMP/nppLocalization/telugu.xml
.xml
$TEMP/nppLocalization/thai.xml
.xml
$TEMP/nppLocalization/turkish.xml
.xml
$TEMP/nppLocalization/ukrainian.xml
.xml
$TEMP/nppLocalization/urdu.xml
.xml
$TEMP/nppLocalization/uyghur.xml
.xml
$TEMP/nppLocalization/uzbek.xml
.xml
$TEMP/nppLocalization/uzbekCyrillic.xml
.xml
$TEMP/nppLocalization/vietnamese.xml
.xml
$TEMP/nppLocalization/welsh.xml
.xml
$TEMP/stylers.model.xml
.xml
$TEMP/stylers_remove.xml
.xml
$TEMP/stylesGlobalModel.xml
.xml
$TEMP/stylesLexerModel.xml
.xml
$_13_/contextMenu.xml
.xml
$_13_/functionList.xml
.xml
$_13_/themes/Bespin.xml
.xml
$_13_/themes/Black board.xml
.xml
$_13_/themes/Choco.xml
.xml
$_13_/themes/Deep Black.xml
.xml
$_13_/themes/Hello Kitty.xml
.xml
$_13_/themes/HotFudgeSundae.xml
.xml
$_13_/themes/Mono Industrial.xml
.xml
$_13_/themes/Monokai.xml
.xml
$_13_/themes/MossyLawn.xml
.xml
$_13_/themes/Navajo.xml
.xml
$_13_/themes/Obsidian.xml
.xml
$_13_/themes/Plastic Code Wrap.xml
.xml
$_13_/themes/Ruby Blue.xml
.xml
$_13_/themes/Solarized-light.xml
.xml
$_13_/themes/Solarized.xml
.xml
$_13_/themes/Twilight.xml
.xml
$_13_/themes/Vibrant Ink.xml
.xml
$_13_/themes/Zenburn.xml
.xml
$_13_/themes/khaki.xml
.xml
$_13_/themes/vim Dark Blue.xml
.xml
LICENSE
NppShell_06.dll
.dll regsvr32 windows:5 windows x64 arch:x64

5c0edb7e35310ff8f3aabe7a6043f076

Code Sign

05:5f:93:7a:9d:f7:3d:fd:90:ba:98:89:e4:c5:0a:11
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/01/2016, 00:00

Not After

29/01/2019, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:d7:83:88:82:c2:c2:77:d6:d1:26:77:c8:05:bc:b0:d0:d9:dc:ae
Signer

Actual PE Digest

d2:d7:83:88:82:c2:c2:77:d6:d1:26:77:c8:05:bc:b0:d0:d9:dc:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteW
DragQueryFileW

shlwapi

StrRChrW
PathFindExtensionW

msimg32

AlphaBlend

kernel32

GetLastError
lstrcatW
lstrlenW
GetModuleFileNameW
lstrcpynW
GetVersionExW
CreateProcessW
lstrcpynA
FindFirstFileW
GetProcAddress
LoadLibraryW
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
Sleep
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
FindClose

user32

DestroyIcon
ReleaseDC
SetRect
GetDC
GetIconInfo
DrawIconEx
SetMenuItemInfoW
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
MessageBoxW
InsertMenuW
SetMenuInfo
EndDialog
GetDlgItem
CreateIconIndirect
wsprintfW
DialogBoxParamW
DrawTextW
CharUpperBuffW
LoadImageW
PostMessageW

gdi32

CreateSolidBrush
RoundRect
CreatePen
DeleteDC
SetBkColor
CreateFontIndirectW
SetTextColor
GetTextExtentPoint32W
GetDIBits
DeleteObject
SelectObject
SetBkMode
CreateDIBSection
CreateCompatibleDC

advapi32

RegCloseKey
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW

ole32

CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitializeEx

msvcr90

_lock
__dllonexit
_unlock
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__CppXcptFilter
__C_specific_handler
_amsg_exit
_onexit
_encoded_null
free
memset
_initterm
_malloc_crt
_encode_pointer
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
??_V@YAXPEAX@Z
memcmp
??_U@YAPEAX_K@Z
_decode_pointer
_initterm_e

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 780B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 185KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SciLexer.dll
.dll windows:6 windows x64 arch:x64

504e994452963a1ab4cefa3c5bbed47c

Code Sign

05:5f:93:7a:9d:f7:3d:fd:90:ba:98:89:e4:c5:0a:11
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/01/2016, 00:00

Not After

29/01/2019, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c2:b1:c6:d0:b9:62:3f:56:97:a7:f7:78:e9:cf:65:16:50:de:79
Signer

Actual PE Digest

20:c2:b1:c6:d0:b9:62:3f:56:97:a7:f7:78:e9:cf:65:16:50:de:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\notepad-plus-plus\scintilla\bin\SciLexer.pdb

Imports

kernel32

LoadLibraryExW
GetModuleFileNameW
WriteFile
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetModuleFileNameA
GetFileType
GetStdHandle
GetProcessHeap
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
HeapAlloc
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
HeapReAlloc
Sleep
InitializeCriticalSectionAndSpinCount
SetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
HeapFree
HeapSize
GetModuleHandleExW
ExitProcess
GetLastError
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
GetCurrentThreadId
GetCommandLineA
GetSystemTimeAsFileTime
IsProcessorFeaturePresent
IsDebuggerPresent
DecodePointer
EncodePointer
GetUserDefaultLCID
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
OutputDebugStringW
SetStdHandle
WriteConsoleW
ReadFile
ReadConsoleW
FlushFileBuffers
CreateFileW
CloseHandle
FreeLibrary
GetStringTypeExW
LCMapStringA
GetStringTypeExA
LCMapStringW
GetModuleHandleA
GlobalFree
GlobalUnlock
WideCharToMultiByte
GlobalAlloc
GetTickCount
GlobalLock
GlobalSize
GetLocaleInfoA
DeleteCriticalSection
LoadLibraryExA
LoadLibraryA
EnterCriticalSection
GetProcAddress
MultiByteToWideChar
MulDiv
LeaveCriticalSection
InitializeCriticalSection
QueryPerformanceCounter
GetCurrentProcess

user32

LoadStringA
LoadCursorA
DestroyMenu
GetUpdateRgn
MapWindowPoints
GetSystemMetrics
ReleaseCapture
CloseClipboard
CallWindowProcA
SetTimer
HideCaret
ScreenToClient
IsChild
KillTimer
MsgWaitForMultipleObjects
IsClipboardFormatAvailable
SetFocus
ShowCaret
RegisterClassExW
GetKeyboardLayout
RegisterClipboardFormatA
GetScrollInfo
GetClipboardData
EmptyClipboard
DestroyCaret
AppendMenuA
CreateCaret
PostMessageA
OpenClipboard
SetCaretPos
SetClipboardData
GetDlgCtrlID
GetCaretBlinkTime
SetScrollInfo
GetMessageTime
EndPaint
ClientToScreen
DestroyWindow
SetCursor
GetWindowRect
GetWindowLongPtrA
RegisterClassExA
TrackPopupMenu
FillRect
SetCapture
DrawTextW
DrawTextA
GetKeyState
GetParent
GetClientRect
SendMessageA
BeginPaint
GetDoubleClickTime
CreateIconIndirect
GetIconInfo
GetDC
DrawFocusRect
InflateRect
SetWindowLongA
InvalidateRect
UnregisterClassA
GetWindowLongA
CreateWindowExA
ReleaseDC
DefWindowProcA
DestroyCursor
GetSysColor
SetWindowPos
GetCursorPos
ShowWindow
CreatePopupMenu
FrameRect
SetWindowLongPtrA
AdjustWindowRectEx
SystemParametersInfoA
LoadStringW

gdi32

Rectangle
ExtTextOutA
GetStockObject
GetObjectA
IntersectClipRect
SetTextAlign
CreateBitmap
CombineRgn
CreateRectRgn
MoveToEx
BitBlt
GetTextExtentPoint32W
GetTextExtentPoint32A
LineTo
SetTextColor
DeleteDC
Polygon
CreateDIBSection
CreateFontIndirectW
GetDeviceCaps
StretchBlt
SetBkColor
SetBkMode
DeleteObject
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
ExtTextOutW
Ellipse
GetObjectW
GetTextExtentExPointW
GetTextExtentExPointA
GetNearestColor
CreatePatternBrush
CreatePen
GetTextMetricsA
RoundRect
CreateSolidBrush

imm32

ImmReleaseContext
ImmSetCompositionFontW
ImmGetCompositionStringW
ImmGetContext
ImmEscapeW
ImmSetCompositionWindow
ImmNotifyIME
ImmSetCandidateWindow

ole32

RegisterDragDrop
DoDragDrop
OleUninitialize
OleInitialize
RevokeDragDrop
CLSIDFromProgID
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Exports

Exports

Scintilla_DirectFunction

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
change.log
config.model.xml
.xml
contextMenu.xml
.xml
functionList.xml
.xml
langs.model.xml
.xml .js polyglot
localization/english.xml
.xml
notepad++.exe
.exe windows:5 windows x64 arch:x64

a175075d2025e600981ffa302482d3ab

Code Sign

05:5f:93:7a:9d:f7:3d:fd:90:ba:98:89:e4:c5:0a:11
Certificate

Issuer

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

25/01/2016, 00:00

Not After

29/01/2019, 12:00

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 High Assurance Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:6e:12:70:98:32:ef:5e:53:9d:9d:6f:81:e7:2f:20:d6:3e:73:c3
Signer

Actual PE Digest

9a:6e:12:70:98:32:ef:5e:53:9d:9d:6f:81:e7:2f:20:d6:3e:73:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_DragMove
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_SetIconSize
ord17
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_Destroy
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_Draw
ImageList_AddMasked
ImageList_GetImageCount
ImageList_DragShowNolock
ImageList_Create

shlwapi

PathStripPathW
PathAddExtensionW
PathRemoveExtensionW
PathAppendW
PathMatchSpecW
PathIsRelativeW
PathGetDriveNumberW
PathCompactPathExW
PathIsDirectoryW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW

shell32

ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
DragFinish
DragQueryPoint
DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHFileOperationW

kernel32

MoveFileExW
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalFree
GetCurrentDirectoryW
QueueUserAPC
ReleaseSemaphore
SleepEx
WaitForSingleObjectEx
CreateSemaphoreW
CancelIo
CreateFileW
ReadDirectoryChangesW
MulDiv
GetCurrentThreadId
GetModuleHandleW
SetCurrentDirectoryW
FreeLibrary
CopyFileW
GetProcAddress
GetCurrentProcess
GetCurrentProcessId
LoadLibraryW
GlobalSize
ReleaseMutex
Sleep
CreateMutexW
lstrcpynW
GetSystemInfo
ExpandEnvironmentStringsW
GetVersionExW
LocalFree
FormatMessageW
DeleteFileW
GetTimeFormatW
GetDateFormatW
GetACP
LockResource
LoadResource
SizeofResource
FindResourceW
SetLastError
GetCommandLineW
GetTempPathW
GetTimeZoneInformation
GetCPInfo
GetOEMCP
IsValidCodePage
PeekNamedPipe
GetFileType
GetFileInformationByHandle
FileTimeToLocalFileTime
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCommandLineA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
ExitThread
GetSystemTimeAsFileTime
ReadFile
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
IsProcessorFeaturePresent
IsDebuggerPresent
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
EncodePointer
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
OpenEventW
lstrcmpiW
WaitForSingleObject
ResetEvent
GetLongPathNameW
CreateEventW
lstrcpyW
CloseHandle
WaitForMultipleObjects
SetEvent
GetLastError
CreateThread
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
FindNextFileW
FindFirstFileW
GetFileAttributesW
lstrlenW
lstrcatW
lstrcmpW
FindClose
WideCharToMultiByte
MultiByteToWideChar
GetModuleFileNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetStdHandle
GetStringTypeW
FlushFileBuffers
WriteFile
GetConsoleCP
SetEnvironmentVariableA
GetModuleFileNameA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
SetEndOfFile
WriteConsoleW
OutputDebugStringW
GetLocalTime

user32

DestroyAcceleratorTable
TranslateAcceleratorW
GetMenuStringW
DrawMenuBar
GetMenuItemCount
DeleteMenu
SetForegroundWindow
CheckMenuRadioItem
MonitorFromWindow
GetMonitorInfoW
RealChildWindowFromPoint
SetMenu
IsDialogMessageW
LoadMenuW
GetClassNameW
DrawIcon
CharUpperW
CharLowerW
IsCharAlphaW
IsCharAlphaNumericW
IsCharLowerW
GetClassNameA
CreateAcceleratorTableW
FindWindowW
ReleaseCapture
CreateDialogIndirectParamW
SystemParametersInfoW
TrackMouseEvent
GetCapture
DragDetect
SetRectEmpty
AppendMenuW
RegisterWindowMessageW
ShowCursor
CreateCursor
DestroyCursor
ScrollWindow
SetPropW
GetPropW
RemovePropW
SetScrollInfo
InsertMenuItemW
SetMenuItemInfoW
LoadStringW
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
TranslateMessage
GetMessageW
MessageBoxA
GetWindowTextW
SetCapture
GetActiveWindow
GetDlgCtrlID
IsChild
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
SetParent
SetWindowTextW
RedrawWindow
EnableMenuItem
CheckMenuItem
CreateMenu
GetMenuState
EmptyClipboard
SetClipboardData
GetDlgItemTextW
IsWindow
GetDlgItemInt
FrameRect
FillRect
DrawFocusRect
IsZoomed
SetWindowLongPtrW
GetWindowLongPtrW
InflateRect
GetSysColor
ClientToScreen
SetWindowPos
CallWindowProcW
IsClipboardFormatAvailable
RegisterClipboardFormatW
GetClipboardData
ChangeClipboardChain
SetClipboardViewer
CloseClipboard
OpenClipboard
LoadCursorW
GetParent
GetWindowLongW
SetCaretPos
ShowCaret
HideCaret
DestroyCaret
CreateCaret
SetCursor
MessageBeep
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
EndPaint
BeginPaint
ReleaseDC
GetDC
DrawTextExW
DrawTextW
GetMenu
IsIconic
ModifyMenuW
GetMenuItemID
GetSystemMetrics
ToAscii
GetKeyboardState
GetFocus
SetWindowPlacement
GetWindowPlacement
DestroyWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
DrawFrameControl
DrawEdge
LoadBitmapW
ScreenToClient
MessageBoxW
GetWindowRect
GetClientRect
InvalidateRect
UpdateWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
IsWindowVisible
ShowWindow
UnregisterClassW
wsprintfW
SetFocus
MoveWindow
DrawIconEx
LoadImageW
EnableWindow
GetKeyState
SendDlgItemMessageW
SetDlgItemTextW
GetDlgItem
SendMessageW
GetSubMenu
RemoveMenu
DestroyIcon
LoadIconW
GetDesktopWindow
PtInRect
WindowFromPoint
LockWindowUpdate
GetDCEx
mouse_event
SetDlgItemInt
GetSysColorBrush
MapWindowPoints
AdjustWindowRectEx
EndDialog
DialogBoxIndirectParamW
DialogBoxParamW
FlashWindowEx
RegisterClassExW
PostQuitMessage
CreateDialogParamW
DispatchMessageW
GetCursorPos

gdi32

GetPixel
BitBlt
RestoreDC
CreateHatchBrush
GetObjectW
SetWindowOrgEx
OffsetWindowOrgEx
CreateBitmap
CreatePatternBrush
PatBlt
SetBrushOrgEx
DeleteDC
GetDeviceCaps
SetTextAlign
StartDocW
EndDoc
StartPage
EndPage
ExtTextOutW
DPtoLP
CreateFontIndirectW
GetTextExtentPointW
StretchBlt
CreateCompatibleDC
CreateCompatibleBitmap
MoveToEx
EnumFontFamiliesExW
LineTo
SetBkColor
GetTextMetricsW
SetTextColor
SetROP2
SetBkMode
SelectObject
Rectangle
GetTextExtentPoint32W
GetStockObject
GetROP2
CreateSolidBrush
CreatePen
CreateFontW
SaveDC
DeleteObject

comdlg32

GetSaveFileNameW
GetOpenFileNameW
ChooseColorW
PrintDlgW

advapi32

FreeSid
CheckTokenMembership
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegQueryValueExW
RegSetValueExW
IsTextUnicode
AllocateAndInitializeSid

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 579KB - Virtual size: 579KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 543KB - Virtual size: 542KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/APIs/actionscript.xml
.xml
plugins/APIs/c.xml
.xml
plugins/APIs/cmake.xml
.xml
plugins/APIs/cpp.xml
.xml
plugins/APIs/cs.xml
.xml
plugins/APIs/css.xml
.xml
plugins/APIs/html.xml
.xml
plugins/APIs/java.xml
.xml
plugins/APIs/javascript.xml
.xml
plugins/APIs/lisp.xml
.xml
plugins/APIs/nsis.xml
.xml
plugins/APIs/perl.xml
.xml
plugins/APIs/php.xml
.xml
plugins/APIs/python.xml
.xml
plugins/APIs/rc.xml
.xml
plugins/APIs/sql.xml
.xml
plugins/APIs/tex.xml
.xml
plugins/APIs/vb.xml
.xml
plugins/APIs/vhdl.xml
.xml
plugins/APIs/xml.xml
.xml
readme.txt
shortcuts.xml
stylers.model.xml
.xml

Sharing

General

Malware Config

Signatures

Files

4f67aeda01a0484282e8c59006b0b352

Code Sign

05:5f:93:7a:9d:f7:3d:fd:90:ba:98:89:e4:c5:0a:11Certificate

Extended Key Usages

Key Usages

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

90:c1:4e:ce:b6:db:19:b0:1a:44:7c:29:41:13:b9:ff:08:b4:eb:12Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 48KB

.rsrc Size: 153KB - Virtual size: 152KB

610235b90207a63ccf481f0d4375d329

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

154903d617e825e7d4f76664593675fd

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 697B

.data Size: 512B - Virtual size: 3KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 364B

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

05:5f:93:7a:9d:f7:3d:fd:90:ba:98:89:e4:c5:0a:11
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

90:c1:4e:ce:b6:db:19:b0:1a:44:7c:29:41:13:b9:ff:08:b4:eb:12
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 48KB

.rsrc
Size: 153KB - Virtual size: 152KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 364B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 851B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 608B

.text
Size: 1024B - Virtual size: 692B

.rdata
Size: 1024B - Virtual size: 673B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 620B

05:5f:93:7a:9d:f7:3d:fd:90:ba:98:89:e4:c5:0a:11
Certificate

0b:7e:10:90:3c:38:49:0f:fa:2f:67:9a:87:a1:a7:b9
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

d2:d7:83:88:82:c2:c2:77:d6:d1:26:77:c8:05:bc:b0:d0:d9:dc:ae
Signer

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 8KB - Virtual size: 8KB

.data
Size: 1KB - Virtual size: 2KB

.pdata
Size: 1024B - Virtual size: 780B

.rsrc
Size: 185KB - Virtual size: 184KB