× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0829e0fa607b3dd0b995e8b185c162f0daeb2d1f0c36cc5528d233d9a4c09651
File name: 37c028ba12bd1019290b8891895e75b6.exe
Detection ratio: 2 / 56
Analysis date: 2015-04-29 11:11:41 UTC ( 3 months, 1 week ago )
Antivirus Result Update
Jiangmin Trojan/Generic.bqwoz 20150428
Rising PE:Trojan.Win32.Generic.151CB52E!354202926 20150428
ALYac 20150429
AVG 20150429
AVware 20150429
Ad-Aware 20150429
AegisLab 20150429
Agnitum 20150428
AhnLab-V3 20150429
Alibaba 20150429
Antiy-AVL 20150429
Avast 20150429
Avira 20150429
Baidu-International 20150426
BitDefender 20150429
Bkav 20150425
ByteHero 20150429
CAT-QuickHeal 20150429
CMC 20150423
ClamAV 20150429
Comodo 20150429
Cyren 20150429
DrWeb 20150429
ESET-NOD32 20150429
Emsisoft 20150429
F-Prot 20150429
F-Secure 20150429
Fortinet 20150429
GData 20150429
Ikarus 20150429
K7AntiVirus 20150429
K7GW 20150429
Kaspersky 20150429
Kingsoft 20150429
McAfee 20150429
McAfee-GW-Edition 20150428
MicroWorld-eScan 20150429
Microsoft 20150429
NANO-Antivirus 20150429
Norman 20150428
Panda 20150428
Qihoo-360 20150429
SUPERAntiSpyware 20150429
Sophos 20150429
Symantec 20150429
Tencent 20150429
TheHacker 20150429
TotalDefense 20150429
TrendMicro 20150429
TrendMicro-HouseCall 20150429
VBA32 20150429
VIPRE 20150429
ViRobot 20150429
Zillya 20150429
Zoner 20150429
nProtect 20150429
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
2012 Andrew Redd

Product NppToR
Original name NppToR.ahk
Internal name npptor
File version 2.6.1
Description Utility for Notpad++/R communication.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-02 11:23:24
Link date 12:23 PM 3/2/2012
Entry Point 0x0008B7A3
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
CloseServiceHandle
RegEnumValueW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
GetUserNameW
OpenSCManagerW
RegEnumKeyExW
LockServiceDatabase
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
UnlockServiceDatabase
RegQueryValueExW
ImageList_Destroy
CreateStatusWindowW
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
CreatePolygonRgn
GetTextMetricsW
GetSystemPaletteEntries
GetClipBox
GetPixel
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
FillRgn
CreateEllipticRgn
GetTextFaceW
CreateDCW
EnumFontFamiliesExW
GetStockObject
GetDIBits
GdiFlush
CreateRoundRectRgn
CreateCompatibleDC
CreateFontW
CreateRectRgn
SelectObject
CreateSolidBrush
GetClipRgn
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
TlsGetValue
CopyFileW
WriteProcessMemory
LoadResource
RemoveDirectoryW
Beep
IsDebuggerPresent
HeapAlloc
HeapSetInformation
SetThreadPriority
WritePrivateProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
SetPriorityClass
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetComputerNameW
EnumResourceNamesW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
FindNextFileW
FindFirstFileW
GetProcAddress
SetVolumeLabelW
GetPrivateProfileSectionW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
VirtualAllocEx
GlobalFree
GetConsoleCP
FindResourceW
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
HeapQueryInformation
GetCPInfo
HeapSize
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
Sleep
SafeArrayDestroy
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayUnaccessData
VariantClear
SysAllocString
GetActiveObject
SafeArrayUnlock
VariantCopy
SysFreeString
SafeArrayLock
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCopy
OleLoadPicture
SysStringLen
GetModuleFileNameExW
GetModuleBaseNameW
SHGetFolderPathW
SHBrowseForFolderW
DragQueryFileW
SHFileOperationW
ExtractIconW
SHGetPathFromIDListW
DragQueryPoint
ShellExecuteExW
SHGetDesktopFolder
Shell_NotifyIconW
SHGetMalloc
DragFinish
RedrawWindow
GetMessagePos
SetWindowRgn
VkKeyScanExW
UnregisterHotKey
DrawTextW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
ScreenToClient
WindowFromPoint
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
mouse_event
GetClientRect
SetMenuDefaultItem
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
CountClipboardFormats
GetTopWindow
RegisterHotKey
GetWindowTextW
EnumClipboardFormats
GetWindowTextLengthW
LoadAcceleratorsW
GetKeyState
DestroyWindow
GetParent
UpdateWindow
EnumWindows
CheckRadioButton
GetMessageW
ShowWindow
SetMenuInfo
GetDesktopWindow
IsCharAlphaW
PeekMessageW
EnableWindow
CharUpperW
GetClipboardFormatNameW
SetClipboardViewer
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
SetParent
SetClipboardData
IsZoomed
IsCharLowerW
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
CreateMenu
GetKeyboardLayout
FlashWindow
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
GetWindowLongW
GetMenuStringW
MapWindowPoints
RegisterWindowMessageW
IsIconic
EmptyClipboard
SystemParametersInfoW
DefWindowProcW
keybd_event
KillTimer
MapVirtualKeyW
GetClipboardData
ToUnicodeEx
GetSystemMetrics
SetWindowLongW
GetWindowRect
IsDialogMessageW
EnumChildWindows
IsMenu
CharLowerW
SendDlgItemMessageW
SetKeyboardState
GetCursor
CreatePopupMenu
CheckMenuItem
GetClassLongW
PtInRect
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
BringWindowToTop
SendInput
ClientToScreen
PostMessageW
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
DestroyAcceleratorTable
CreateIconFromResourceEx
SetWindowsHookExW
LoadCursorW
FindWindowW
GetDC
FillRect
SetForegroundWindow
ExitWindowsEx
SetFocus
OpenClipboard
GetAsyncKeyState
IntersectRect
EndDialog
CreateIconIndirect
MessageBeep
GetCaretPos
RemoveMenu
GetWindowThreadProcessId
GetQueueStatus
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
ChangeClipboardChain
AdjustWindowRectEx
LookupIconIdFromDirectoryEx
GetFocus
GetSysColor
SetDlgItemTextW
CopyImage
DestroyIcon
IsWindowVisible
IsCharAlphaNumericW
DispatchMessageW
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
IsCharUpperW
SendMessageTimeoutW
CloseClipboard
DefDlgProcW
SetMenu
TranslateAcceleratorW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerOpen
waveOutSetVolume
mixerSetControlDetails
mciSendStringW
mixerClose
mixerGetDevCapsW
waveOutGetVolume
mixerGetLineInfoW
joyGetPosEx
joyGetDevCapsW
WSAStartup
gethostbyname
gethostname
inet_addr
WSACleanup
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoGetObject
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 8
RT_RCDATA 7
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 28
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2664960

FileOS
Win32

EntryPoint
0x8b7a3

MIMEType
application/octet-stream

LegalCopyright
2012 Andrew Redd

FileVersion
2.6.1

TimeStamp
2012:03:02 12:23:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
npptor

ProductVersion
2.6.1

FileDescription
Utility for Notpad++/R communication.

OSVersion
5.0

OriginalFilename
NppToR.ahk

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
623616

ProductName
NppToR

ProductVersionNumber
1.6.1.0

FileTypeExtension
exe

ObjectFileType
Executable application

File identification
MD5 37c028ba12bd1019290b8891895e75b6
SHA1 fe04039924787c76ccd327dac7157f165941fbce
SHA256 0829e0fa607b3dd0b995e8b185c162f0daeb2d1f0c36cc5528d233d9a4c09651
ssdeep
49152:PDTkw5BEDYxDTkw5BEDY1DTkw5BEDYdDgDTkw5BEDYx:Ps0Bls0BBs0BGs0B1

authentihash 3f302ceb18ff11e89222cdb4d2cae792d663cc8246fb8e65a0a94990796c4d1d
imphash ddb5907fa1ea63fe386562bd29085604
File size 3.1 MB ( 3289600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-17 04:37:38 UTC ( 2 years, 9 months ago )
Last submission 2015-04-29 11:11:41 UTC ( 3 months, 1 week ago )
File names malware
NppToR.ahk
file-4648090_
NPPTOR-2.6.2.EXE
37c028ba12bd1019290b8891895e75b6.exe
37C028BA12BD1019290B8891895E75B6.exe
npptor
NppToR-2.6.2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.