npp-with-plugins-under-test[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

npp-with-plugins-under-test.zip
Size

5.8MB
MD5

b33f80806fa050a563f81269cbe9d832
SHA1

ebfad32f3fc1c3c6d28a8305c33e42100e37875d
SHA256

52f99f3b22a822b40cef7969c5954a2948468527b610a69de673281746ed55d3
SHA512

42944ea35451631b4d54662c86fb3c6ded9615b69622b4b951195b651961182ada01712ba083c361c34250603b7520049c2cf001a3829d6eca20f9e21aeb0fb5
SSDEEP

98304:pAu5SBSMyIOXZDaTDcU9j2ALrV5pZ4rmm6CmzVCWjd+NP33t0R5vVdbA4VESBLk:Sy6uaTDB9jNjpqSCmZCqkP36ddbA4VDw

Score

3^/10

Malware Config

Signatures

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack002/ComparePlus.dll
unpack002/libs/git2.dll
unpack002/libs/sqlite3.dll
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsDialogs.dll

Files

npp-with-plugins-under-test.zip
.zip
ComparePlus_cp_1.2.0_Win32.zip
.zip
ComparePlus.dll
.dll windows:6 windows x86 arch:x86

9875c4a560917d5de3eb67b262e05a3c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\projects\compareplus\Notepad++\plugins\ComparePlus\ComparePlus.pdb

Imports

comctl32

InitCommonControlsEx

comdlg32

ChooseColorW

shlwapi

PathRemoveFileSpecA
PathRemoveFileSpecW
PathIsDirectoryW
PathRemoveExtensionW
PathIsRootW
PathCombineW
PathFindExtensionW
PathFindFileNameW
PathCanonicalizeW
PathFileExistsW
PathAppendW

shell32

ShellExecuteW

gdi32

StretchBlt
SetPixel
Rectangle
DeleteDC
CreateCompatibleDC
CreateCompatibleBitmap
GetDeviceCaps
MoveToEx
SetBkMode
LineTo
CreatePen
DeleteObject
CreateSolidBrush
GetObjectW
CreateFontIndirectW
GetStockObject
SelectObject
SetBkColor
SetTextColor

msimg32

AlphaBlend

kernel32

SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapSize
SetEndOfFile
ReadFile
ReadConsoleW
GetProcessHeap
GetModuleHandleW
CreateDirectoryW
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
CreateFileW
DeleteFileW
SetFileAttributesW
GetTempPathW
CloseHandle
GetTickCount
GlobalUnlock
GlobalLock
MulDiv
CopyFileW
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
Sleep
GetLastError
LoadResource
LockResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalFree
LocalFree
FormatMessageW
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetCurrentThreadId
GetModuleHandleExW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
HeapReAlloc
GetFileType
GetStdHandle
HeapAlloc
HeapFree
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
InterlockedFlushSList
RaiseException
RtlUnwind
LCMapStringEx
GetCPInfo
CompareStringEx
DecodePointer
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
WriteConsoleW
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

user32

UnregisterClassW
RegisterClassExW
SetForegroundWindow
AdjustWindowRectEx
GetSysColorBrush
SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx
LoadCursorW
DefWindowProcW
PostMessageW
DispatchMessageW
GetScrollPos
SetScrollPos
ReleaseCapture
SetCapture
GetCapture
CreateWindowExW
IsCharAlphaNumericW
CharLowerW
LoadImageW
DestroyIcon
DestroyCursor
GetDC
EnableMenuItem
DrawMenuBar
GetMenuState
GetSystemMetrics
GetClipboardData
CloseClipboard
OpenClipboard
FlashWindowEx
MessageBoxW
KillTimer
SetTimer
GetMessageW
SetWindowTextW
SetFocus
EnableWindow
GetDlgItemInt
SetDlgItemInt
FrameRect
SendDlgItemMessageW
CreateDialogParamW
InflateRect
FillRect
DrawFocusRect
GetWindowRect
RedrawWindow
ReleaseDC
GetWindowDC
GetFocus
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
DestroyWindow
SetDlgItemTextW
GetDlgItem
EndDialog
DialogBoxParamW
SendMessageW
CreateCursor
SetWindowLongW
GetWindowLongW
GetSysColor
SetCursor
GetClientRect
GetWindowTextW
InvalidateRect
EndPaint
BeginPaint
UpdateWindow
DrawTextW
CallWindowProcW
GetParent
PostQuitMessage
ClientToScreen
CreateDialogIndirectParamW
GetClassNameW
EnumChildWindows
GetMenuItemInfoA
SetScrollInfo
MessageBoxA
ShowScrollBar
SendInput

uxtheme

EnableThemeDialogTexture

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 320KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libs/git2.dll
.dll windows:6 windows x86 arch:x86

b11d147aaa2ae1a24dd9dc7068b4cbf9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recv
send
htonl
ntohl
WSACleanup
closesocket
getaddrinfo
WSAStartup
socket
connect
freeaddrinfo
ntohs
htons
WSAGetLastError

advapi32

EqualSid
RegOpenKeyExW
RegCloseKey
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
GetTokenInformation
CopySid
GetNamedSecurityInfoW
IsWellKnownSid
IsValidSid
OpenProcessToken
GetLengthSid
RegQueryValueExW

winhttp

WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpQueryOption
WinHttpConnect
WinHttpSetCredentials
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpQueryAuthSchemes
WinHttpWriteData
WinHttpSendRequest

rpcrt4

UuidCreate

crypt32

CertFreeCertificateContext

ole32

CoCreateInstance
CoUninitialize
CoInitializeEx

kernel32

GetStringTypeW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
WriteConsoleW
HeapReAlloc
GetTimeZoneInformation
GetACP
LCMapStringW
CompareStringW
HeapFree
HeapAlloc
GetStdHandle
GetConsoleCP
ReadConsoleW
GetConsoleMode
HeapSize
WaitForSingleObject
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
FindFirstFileW
FindNextFileW
FindClose
GetLastError
FormatMessageW
LocalFree
GetModuleHandleW
ExpandEnvironmentStringsW
UnmapViewOfFile
CloseHandle
GetSystemInfo
CreateFileMappingA
MapViewOfFile
SetLastError
GetShortPathNameW
DeviceIoControl
GetEnvironmentVariableW
CreateFileW
GetCurrentDirectoryW
ReadFile
GetFullPathNameW
WriteFile
RemoveDirectoryW
GetFinalPathNameByHandleW
SetFileTime
GetFileAttributesW
SetFileAttributesW
Sleep
GetFileInformationByHandle
GetFileAttributesExW
DeleteFileW
MoveFileExW
SystemTimeToFileTime
CreateSymbolicLinkW
GetSystemTime
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FlsGetValue
DecodePointer
GetCurrentThreadId
CreateEventW
GetExitCodeThread
FlsSetValue
SetEvent
CreateThread
GetProcAddress
DeleteCriticalSection
FlsFree
FlsAlloc
MultiByteToWideChar
WideCharToMultiByte
FindFirstFileExW
VerifyVersionInfoA
GetCurrentProcess
VerSetConditionMask
GetTickCount64
GetSystemTimes
GetCurrentProcessId
FormatMessageA
SetFilePointer
GetTempPathW
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedFlushSList
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RaiseException
SetStdHandle
GetFileType
SetEndOfFile
CreateDirectoryW
SetEnvironmentVariableA

Exports

Exports

git_annotated_commit_free
git_annotated_commit_from_fetchhead
git_annotated_commit_from_ref
git_annotated_commit_from_revspec
git_annotated_commit_id
git_annotated_commit_lookup
git_annotated_commit_ref
git_apply
git_apply_options_init
git_apply_to_tree
git_attr_add_macro
git_attr_cache_flush
git_attr_foreach
git_attr_foreach_ext
git_attr_get
git_attr_get_ext
git_attr_get_many
git_attr_get_many_ext
git_attr_value
git_blame_buffer
git_blame_file
git_blame_free
git_blame_get_hunk_byindex
git_blame_get_hunk_byline
git_blame_get_hunk_count
git_blame_init_options
git_blame_options_init
git_blob_create_from_buffer
git_blob_create_from_disk
git_blob_create_from_stream
git_blob_create_from_stream_commit
git_blob_create_from_workdir
git_blob_create_frombuffer
git_blob_create_fromdisk
git_blob_create_fromstream
git_blob_create_fromstream_commit
git_blob_create_fromworkdir
git_blob_data_is_binary
git_blob_dup
git_blob_filter
git_blob_filter_options_init
git_blob_filtered_content
git_blob_free
git_blob_id
git_blob_is_binary
git_blob_lookup
git_blob_lookup_prefix
git_blob_owner
git_blob_rawcontent
git_blob_rawsize
git_branch_create
git_branch_create_from_annotated
git_branch_delete
git_branch_is_checked_out
git_branch_is_head
git_branch_iterator_free
git_branch_iterator_new
git_branch_lookup
git_branch_move
git_branch_name
git_branch_name_is_valid
git_branch_next
git_branch_remote_name
git_branch_set_upstream
git_branch_upstream
git_branch_upstream_merge
git_branch_upstream_name
git_branch_upstream_remote
git_buf_contains_nul
git_buf_dispose
git_buf_free
git_buf_grow
git_buf_is_binary
git_buf_set
git_checkout_head
git_checkout_index
git_checkout_init_options
git_checkout_options_init
git_checkout_tree
git_cherrypick
git_cherrypick_commit
git_cherrypick_init_options
git_cherrypick_options_init
git_clone
git_clone_init_options
git_clone_options_init
git_commit_amend
git_commit_author
git_commit_author_with_mailmap
git_commit_body
git_commit_committer
git_commit_committer_with_mailmap
git_commit_create
git_commit_create_buffer
git_commit_create_from_callback
git_commit_create_from_ids
git_commit_create_v
git_commit_create_with_signature
git_commit_dup
git_commit_extract_signature
git_commit_free
git_commit_graph_free
git_commit_graph_open
git_commit_graph_writer_add_index_file
git_commit_graph_writer_add_revwalk
git_commit_graph_writer_commit
git_commit_graph_writer_dump
git_commit_graph_writer_free
git_commit_graph_writer_new
git_commit_graph_writer_options_init
git_commit_header_field
git_commit_id
git_commit_lookup
git_commit_lookup_prefix
git_commit_message
git_commit_message_encoding
git_commit_message_raw
git_commit_nth_gen_ancestor
git_commit_owner
git_commit_parent
git_commit_parent_id
git_commit_parentcount
git_commit_raw_header
git_commit_summary
git_commit_time
git_commit_time_offset
git_commit_tree
git_commit_tree_id
git_config_add_backend
git_config_add_file_ondisk
git_config_backend_foreach_match
git_config_delete_entry
git_config_delete_multivar
git_config_entry_free
git_config_find_global
git_config_find_programdata
git_config_find_system
git_config_find_xdg
git_config_foreach
git_config_foreach_match
git_config_free
git_config_get_bool
git_config_get_entry
git_config_get_int32
git_config_get_int64
git_config_get_mapped
git_config_get_multivar_foreach
git_config_get_path
git_config_get_string
git_config_get_string_buf
git_config_init_backend
git_config_iterator_free
git_config_iterator_glob_new
git_config_iterator_new
git_config_lock
git_config_lookup_map_value
git_config_multivar_iterator_new
git_config_new
git_config_next
git_config_open_default
git_config_open_global
git_config_open_level
git_config_open_ondisk
git_config_parse_bool
git_config_parse_int32
git_config_parse_int64
git_config_parse_path
git_config_set_bool
git_config_set_int32
git_config_set_int64
git_config_set_multivar
git_config_set_string
git_config_snapshot
git_config_unlock
git_cred_default_new
git_cred_free
git_cred_get_username
git_cred_has_username
git_cred_ssh_custom_new
git_cred_ssh_interactive_new
git_cred_ssh_key_from_agent
git_cred_ssh_key_memory_new
git_cred_ssh_key_new
git_cred_username_new
git_cred_userpass
git_cred_userpass_plaintext_new
git_credential_default_new
git_credential_free
git_credential_get_username
git_credential_has_username
git_credential_ssh_custom_new
git_credential_ssh_interactive_new
git_credential_ssh_key_from_agent
git_credential_ssh_key_memory_new
git_credential_ssh_key_new
git_credential_username_new
git_credential_userpass
git_credential_userpass_plaintext_new
git_describe_commit
git_describe_format
git_describe_format_options_init
git_describe_init_format_options
git_describe_init_options
git_describe_options_init
git_describe_result_free
git_describe_workdir
git_diff_blob_to_buffer
git_diff_blobs
git_diff_buffers
git_diff_commit_as_email
git_diff_find_init_options
git_diff_find_options_init
git_diff_find_similar
git_diff_foreach
git_diff_format_email
git_diff_format_email_init_options
git_diff_format_email_options_init
git_diff_free
git_diff_from_buffer
git_diff_get_delta
git_diff_get_perfdata
git_diff_get_stats
git_diff_index_to_index
git_diff_index_to_workdir
git_diff_init_options
git_diff_is_sorted_icase
git_diff_merge
git_diff_num_deltas
git_diff_num_deltas_of_type
git_diff_options_init
git_diff_patchid
git_diff_patchid_options_init
git_diff_print
git_diff_print_callback__to_buf
git_diff_print_callback__to_file_handle
git_diff_stats_deletions
git_diff_stats_files_changed
git_diff_stats_free
git_diff_stats_insertions
git_diff_stats_to_buf
git_diff_status_char
git_diff_to_buf
git_diff_tree_to_index
git_diff_tree_to_tree
git_diff_tree_to_workdir
git_diff_tree_to_workdir_with_index
git_email_create_from_commit
git_email_create_from_diff
git_error_clear
git_error_last
git_error_set_oom
git_error_set_str
git_fetch_init_options
git_fetch_options_init
git_filter_init
git_filter_list_apply_to_blob
git_filter_list_apply_to_buffer
git_filter_list_apply_to_data
git_filter_list_apply_to_file
git_filter_list_contains
git_filter_list_free
git_filter_list_length
git_filter_list_load
git_filter_list_load_ext
git_filter_list_new
git_filter_list_push
git_filter_list_stream_blob
git_filter_list_stream_buffer
git_filter_list_stream_data
git_filter_list_stream_file
git_filter_lookup
git_filter_register
git_filter_source_filemode
git_filter_source_flags
git_filter_source_id
git_filter_source_mode
git_filter_source_path
git_filter_source_repo
git_filter_unregister
git_graph_ahead_behind
git_graph_descendant_of
git_graph_reachable_from_any
git_hashsig_compare
git_hashsig_create
git_hashsig_create_fromfile
git_hashsig_free
git_ignore_add_rule
git_ignore_clear_internal_rules
git_ignore_path_is_ignored
git_index_add
git_index_add_all
git_index_add_bypath
git_index_add_from_buffer
git_index_add_frombuffer
git_index_caps
git_index_checksum
git_index_clear
git_index_conflict_add
git_index_conflict_cleanup
git_index_conflict_get
git_index_conflict_iterator_free
git_index_conflict_iterator_new
git_index_conflict_next
git_index_conflict_remove
git_index_entry_is_conflict
git_index_entry_stage
git_index_entrycount
git_index_find
git_index_find_prefix
git_index_free
git_index_get_byindex
git_index_get_bypath
git_index_has_conflicts
git_index_iterator_free
git_index_iterator_new
git_index_iterator_next
git_index_name_add
git_index_name_clear
git_index_name_entrycount
git_index_name_get_byindex
git_index_new
git_index_open
git_index_owner
git_index_path
git_index_read
git_index_read_tree
git_index_remove
git_index_remove_all
git_index_remove_bypath
git_index_remove_directory
git_index_reuc_add
git_index_reuc_clear
git_index_reuc_entrycount
git_index_reuc_find
git_index_reuc_get_byindex
git_index_reuc_get_bypath
git_index_reuc_remove
git_index_set_caps
git_index_set_version
git_index_update_all
git_index_version
git_index_write
git_index_write_tree
git_index_write_tree_to
git_indexer_append
git_indexer_commit
git_indexer_free
git_indexer_hash
git_indexer_init_options
git_indexer_name
git_indexer_new
git_indexer_options_init
git_libgit2_features
git_libgit2_init
git_libgit2_opts
git_libgit2_shutdown
git_libgit2_version
git_mailmap_add_entry
git_mailmap_free
git_mailmap_from_buffer
git_mailmap_from_repository
git_mailmap_new
git_mailmap_resolve
git_mailmap_resolve_signature
git_mempack_dump
git_mempack_new
git_mempack_reset
git_merge
git_merge_analysis
git_merge_analysis_for_ref
git_merge_base
git_merge_base_many
git_merge_base_octopus
git_merge_bases
git_merge_bases_many
git_merge_commits
git_merge_driver_lookup
git_merge_driver_register
git_merge_driver_source_ancestor
git_merge_driver_source_file_options
git_merge_driver_source_ours
git_merge_driver_source_repo
git_merge_driver_source_theirs
git_merge_driver_unregister
git_merge_file
git_merge_file_from_index
git_merge_file_init_input
git_merge_file_init_options
git_merge_file_input_init
git_merge_file_options_init
git_merge_file_result_free
git_merge_init_options
git_merge_options_init
git_merge_trees
git_message_prettify
git_message_trailer_array_free
git_message_trailers
git_midx_writer_add
git_midx_writer_commit
git_midx_writer_dump
git_midx_writer_free
git_midx_writer_new
git_note_author
git_note_commit_create
git_note_commit_iterator_new
git_note_commit_read
git_note_commit_remove
git_note_committer
git_note_create
git_note_default_ref
git_note_foreach
git_note_free
git_note_id
git_note_iterator_free
git_note_iterator_new
git_note_message
git_note_next
git_note_read
git_note_remove
git_object__size
git_object_dup
git_object_free
git_object_id
git_object_lookup
git_object_lookup_bypath
git_object_lookup_prefix
git_object_owner
git_object_peel
git_object_rawcontent_is_valid
git_object_short_id
git_object_string2type
git_object_type
git_object_type2string
git_object_typeisloose
git_odb_add_alternate
git_odb_add_backend
git_odb_add_disk_alternate
git_odb_backend_data_alloc
git_odb_backend_data_free
git_odb_backend_loose
git_odb_backend_malloc
git_odb_backend_one_pack
git_odb_backend_pack
git_odb_exists
git_odb_exists_ext
git_odb_exists_prefix
git_odb_expand_ids
git_odb_foreach
git_odb_free
git_odb_get_backend
git_odb_hash
git_odb_hashfile
git_odb_init_backend
git_odb_new
git_odb_num_backends
git_odb_object_data
git_odb_object_dup
git_odb_object_free
git_odb_object_id
git_odb_object_size
git_odb_object_type
git_odb_open
git_odb_open_rstream
git_odb_open_wstream
git_odb_read
git_odb_read_header
git_odb_read_prefix
git_odb_refresh
git_odb_set_commit_graph
git_odb_stream_finalize_write
git_odb_stream_free
git_odb_stream_read
git_odb_stream_write
git_odb_write
git_odb_write_multi_pack_index
git_odb_write_pack
git_oid_cmp
git_oid_cpy
git_oid_equal
git_oid_fmt
git_oid_fromraw
git_oid_fromstr
git_oid_fromstrn
git_oid_fromstrp
git_oid_is_zero
git_oid_iszero
git_oid_ncmp
git_oid_nfmt
git_oid_pathfmt
git_oid_shorten_add
git_oid_shorten_free
git_oid_shorten_new
git_oid_strcmp
git_oid_streq
git_oid_tostr
git_oid_tostr_s
git_oidarray_dispose
git_oidarray_free
git_openssl_set_locking
git_packbuilder_foreach

Sections

.text
Size: 895KB - Virtual size: 895KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
libs/sqlite3.dll
.dll windows:4 windows x86 arch:x86

e727d00364cd87d72f56e7ba919d1d40

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
TryEnterCriticalSection
UnhandledExceptionFilter
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
__setusermatherr
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_onexit
localtime
calloc
cosh
fprintf
free
fwrite
malloc
memcmp
memmove
qsort
realloc
sinh
strcmp
strcspn
strlen
strncmp
strrchr
_unlock
abort
acos
asin
atan
tan
tanh
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_autovacuum_pages
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_changes64
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_filename
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_data_directory
sqlite3_database_file_object
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_name
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_deserialize
sqlite3_drop_modules
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_error_offset
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_filename_database
sqlite3_filename_journal
sqlite3_filename_wal
sqlite3_finalize
sqlite3_free
sqlite3_free_filename
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_hard_heap_limit64
sqlite3_initialize
sqlite3_interrupt
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_preupdate_blobwrite
sqlite3_preupdate_count
sqlite3_preupdate_depth
sqlite3_preupdate_hook
sqlite3_preupdate_new
sqlite3_preupdate_old
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_serialize
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_total_changes64
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_txn_state
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_key
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_distinct
sqlite3_vtab_in
sqlite3_vtab_in_first
sqlite3_vtab_in_next
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_vtab_rhs_value
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug
sqlite3changegroup_add
sqlite3changegroup_add_strm
sqlite3changegroup_delete
sqlite3changegroup_new
sqlite3changegroup_output
sqlite3changegroup_output_strm
sqlite3changeset_apply
sqlite3changeset_apply_strm
sqlite3changeset_apply_v2
sqlite3changeset_apply_v2_strm
sqlite3changeset_concat
sqlite3changeset_concat_strm
sqlite3changeset_conflict
sqlite3changeset_finalize
sqlite3changeset_fk_conflicts
sqlite3changeset_invert
sqlite3changeset_invert_strm
sqlite3changeset_new
sqlite3changeset_next
sqlite3changeset_old
sqlite3changeset_op
sqlite3changeset_pk
sqlite3changeset_start
sqlite3changeset_start_strm
sqlite3changeset_start_v2
sqlite3changeset_start_v2_strm
sqlite3rebaser_configure
sqlite3rebaser_create
sqlite3rebaser_delete
sqlite3rebaser_rebase
sqlite3rebaser_rebase_strm
sqlite3session_attach
sqlite3session_changeset
sqlite3session_changeset_size
sqlite3session_changeset_strm
sqlite3session_config
sqlite3session_create
sqlite3session_delete
sqlite3session_diff
sqlite3session_enable
sqlite3session_indirect
sqlite3session_isempty
sqlite3session_memory_used
sqlite3session_object_config
sqlite3session_patchset
sqlite3session_patchset_strm
sqlite3session_table_filter

Sections

.text
Size: 714KB - Virtual size: 714KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/19
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/31
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/45
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/57
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/70
Size: 1024B - Virtual size: 803B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/81
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/92
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npp.8.6.5.Installer.x64.exe
.exe windows:4 windows x86 arch:x86

9dda1a1d1f8a1d13ae0297b47046b26e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13-05-2022 00:00

Not After

14-05-2025 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4a:cc:f5:38:d2:d0:bd:ee:7d:b3:77:6e:af:10:f8:d5:40:11:62:45:c9:e1:92:eb:0a:6a:06:b4:66:7c:4c:1c
Signer

Actual PE Digest

4a:cc:f5:38:d2:d0:bd:ee:7d:b3:77:6e:af:10:f8:d5:40:11:62:45:c9:e1:92:eb:0a:6a:06:b4:66:7c:4c:1c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 108KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
GetPrivateProfileIntW
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WriteFile
GlobalAlloc

user32

PtInRect
LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
MapWindowPoints

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

3b477381217c97b22146297f93df2a92

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetFileAttributesW
lstrcmpiW
MulDiv
lstrlenW
HeapFree
GetProcessHeap
GetCurrentDirectoryW
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
HeapAlloc
SetCurrentDirectoryW

user32

GetPropW
DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
RemovePropW
CharPrevW
GetWindowLongW
DrawTextW
GetWindowTextW
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
MapDialogRect
GetClientRect
CharNextW
SendMessageW
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9875c4a560917d5de3eb67b262e05a3c

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

comdlg32

shlwapi

shell32

gdi32

msimg32

kernel32

user32

uxtheme

Exports

Exports

Sections

.text Size: 320KB - Virtual size: 319KB

.rdata Size: 76KB - Virtual size: 75KB

.data Size: 6KB - Virtual size: 16KB

.rsrc Size: 114KB - Virtual size: 113KB

.reloc Size: 17KB - Virtual size: 17KB

b11d147aaa2ae1a24dd9dc7068b4cbf9

Headers

DLL Characteristics

File Characteristics

Imports

ws2_32

advapi32

winhttp

rpcrt4

crypt32

ole32

kernel32

Exports

Exports

Sections

.text Size: 895KB - Virtual size: 895KB

.rdata Size: 152KB - Virtual size: 151KB

.data Size: 15KB - Virtual size: 27KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 44KB - Virtual size: 44KB

e727d00364cd87d72f56e7ba919d1d40

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 714KB - Virtual size: 714KB

.data Size: 10KB - Virtual size: 9KB

.rdata Size: 81KB - Virtual size: 81KB

.bss Size: - Virtual size: 2KB

.edata Size: 11KB - Virtual size: 10KB

.idata Size: 3KB - Virtual size: 3KB

.CRT Size: 512B - Virtual size: 44B

.tls Size: 512B - Virtual size: 32B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 15KB - Virtual size: 15KB

/4 Size: 1KB - Virtual size: 1KB

/19 Size: 50KB - Virtual size: 50KB

/31 Size: 10KB - Virtual size: 9KB

/45 Size: 11KB - Virtual size: 11KB

/57 Size: 3KB - Virtual size: 2KB

/70 Size: 1024B - Virtual size: 803B

/81 Size: 15KB - Virtual size: 14KB

/92 Size: 1024B - Virtual size: 848B

9dda1a1d1f8a1d13ae0297b47046b26e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

.text
Size: 320KB - Virtual size: 319KB

.rdata
Size: 76KB - Virtual size: 75KB

.data
Size: 6KB - Virtual size: 16KB

.rsrc
Size: 114KB - Virtual size: 113KB

.reloc
Size: 17KB - Virtual size: 17KB

.text
Size: 895KB - Virtual size: 895KB

.rdata
Size: 152KB - Virtual size: 151KB

.data
Size: 15KB - Virtual size: 27KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 44KB - Virtual size: 44KB

.text
Size: 714KB - Virtual size: 714KB

.data
Size: 10KB - Virtual size: 9KB

.rdata
Size: 81KB - Virtual size: 81KB

.bss
Size: - Virtual size: 2KB

.edata
Size: 11KB - Virtual size: 10KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB

/4
Size: 1KB - Virtual size: 1KB

/19
Size: 50KB - Virtual size: 50KB

/31
Size: 10KB - Virtual size: 9KB

/45
Size: 11KB - Virtual size: 11KB

/57
Size: 3KB - Virtual size: 2KB

/70
Size: 1024B - Virtual size: 803B

/81
Size: 15KB - Virtual size: 14KB

/92
Size: 1024B - Virtual size: 848B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

4a:cc:f5:38:d2:d0:bd:ee:7d:b3:77:6e:af:10:f8:d5:40:11:62:45:c9:e1:92:eb:0a:6a:06:b4:66:7c:4c:1c
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 126KB

.ndata
Size: - Virtual size: 108KB

.rsrc
Size: 152KB - Virtual size: 152KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B