× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 0829e0fa607b3dd0b995e8b185c162f0daeb2d1f0c36cc5528d233d9a4c09651
File name: npptor
Detection ratio: 3 / 57
Analysis date: 2015-04-12 14:07:10 UTC ( 2 weeks ago )
Antivirus Result Update
AVG Generic12_c.OAH 20150412
Jiangmin Trojan/Generic.bqwoz 20150411
Rising PE:Trojan.Win32.Generic.151CB52E!354202926 20150412
ALYac 20150412
AVware 20150412
Ad-Aware 20150412
AegisLab 20150412
Agnitum 20150409
AhnLab-V3 20150412
Alibaba 20150412
Antiy-AVL 20150412
Avast 20150412
Avira 20150412
Baidu-International 20150412
BitDefender 20150412
Bkav 20150410
ByteHero 20150412
CAT-QuickHeal 20150411
CMC 20150410
ClamAV 20150412
Comodo 20150412
Cyren 20150412
DrWeb 20150412
ESET-NOD32 20150412
Emsisoft 20150412
F-Prot 20150412
F-Secure 20150412
Fortinet 20150412
GData 20150412
Ikarus 20150412
K7AntiVirus 20150412
K7GW 20150412
Kaspersky 20150412
Kingsoft 20150412
Malwarebytes 20150412
McAfee 20150412
McAfee-GW-Edition 20150411
MicroWorld-eScan 20150412
Microsoft 20150412
NANO-Antivirus 20150412
Norman 20150412
Panda 20150410
Qihoo-360 20150412
SUPERAntiSpyware 20150412
Sophos 20150412
Symantec 20150412
Tencent 20150412
TheHacker 20150410
TotalDefense 20150412
TrendMicro 20150412
TrendMicro-HouseCall 20150412
VBA32 20150412
VIPRE 20150412
ViRobot 20150412
Zillya 20150411
Zoner 20150410
nProtect 20150410
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Developer metadata
Copyright
2012 Andrew Redd

Product NppToR
Original name NppToR.ahk
Internal name npptor
File version 2.6.1
Description Utility for Notpad++/R communication.
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-03-02 11:23:24
Link date 12:23 PM 3/2/2012
Entry Point 0x0008B7A3
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
CloseServiceHandle
RegEnumValueW
RegConnectRegistryW
RegCloseKey
OpenProcessToken
RegSetValueExW
RegDeleteValueW
RegQueryInfoKeyW
GetUserNameW
OpenSCManagerW
RegEnumKeyExW
LockServiceDatabase
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
UnlockServiceDatabase
RegQueryValueExW
ImageList_Destroy
CreateStatusWindowW
ImageList_AddMasked
ImageList_GetIconSize
ImageList_Create
Ord(17)
ImageList_ReplaceIcon
GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW
CreatePolygonRgn
GetTextMetricsW
GetSystemPaletteEntries
GetClipBox
GetPixel
GetDeviceCaps
ExcludeClipRect
DeleteDC
SetBkMode
GetObjectW
BitBlt
CreateDIBSection
SetTextColor
FillRgn
CreateEllipticRgn
GetTextFaceW
CreateDCW
EnumFontFamiliesExW
GetStockObject
GetDIBits
GdiFlush
CreateRoundRectRgn
CreateCompatibleDC
CreateFontW
CreateRectRgn
SelectObject
CreateSolidBrush
GetClipRgn
SetBkColor
DeleteObject
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
FileTimeToSystemTime
GetPrivateProfileSectionNamesW
GetFileAttributesW
GetLocalTime
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
UnhandledExceptionFilter
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
WideCharToMultiByte
GetDiskFreeSpaceW
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
FormatMessageW
InitializeCriticalSection
OutputDebugStringW
FindClose
InterlockedDecrement
QueryDosDeviceW
MoveFileW
GetFullPathNameW
GetEnvironmentVariableW
SetLastError
GetSystemTime
DeviceIoControl
TlsGetValue
CopyFileW
WriteProcessMemory
LoadResource
RemoveDirectoryW
Beep
IsDebuggerPresent
HeapAlloc
HeapSetInformation
SetThreadPriority
WritePrivateProfileSectionW
GetVolumeInformationW
LoadLibraryExW
MultiByteToWideChar
SetFilePointerEx
GetPrivateProfileStringW
SetFileAttributesW
CreateThread
SetEnvironmentVariableW
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
IsProcessorFeaturePresent
SetPriorityClass
TerminateProcess
SetCurrentDirectoryW
GlobalAlloc
LocalFileTimeToFileTime
SetEndOfFile
GetCurrentThreadId
LeaveCriticalSection
WriteConsoleW
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
FreeLibrary
GlobalSize
GetWindowsDirectoryW
GetFileSize
OpenProcess
GetDateFormatW
GetStartupInfoW
ReadProcessMemory
CreateDirectoryW
DeleteFileW
GlobalLock
GetProcessHeap
GetComputerNameW
EnumResourceNamesW
CompareStringW
GetFileSizeEx
GetModuleFileNameW
FindNextFileW
FindFirstFileW
GetProcAddress
SetVolumeLabelW
GetPrivateProfileSectionW
CreateFileW
GetFileType
TlsSetValue
ExitProcess
InterlockedIncrement
GetLastError
SystemTimeToFileTime
LCMapStringW
GetShortPathNameW
VirtualAllocEx
GlobalFree
GetConsoleCP
FindResourceW
GetTimeFormatW
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
VirtualFreeEx
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
HeapQueryInformation
GetCPInfo
HeapSize
WritePrivateProfileStringW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
IsValidCodePage
HeapCreate
GetTempPathW
CreateProcessW
Sleep
SafeArrayDestroy
VariantChangeType
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayCreate
SafeArrayUnaccessData
VariantClear
SysAllocString
GetActiveObject
SafeArrayUnlock
VariantCopy
SysFreeString
SafeArrayLock
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCopy
OleLoadPicture
SysStringLen
GetModuleFileNameExW
GetModuleBaseNameW
SHGetFolderPathW
SHBrowseForFolderW
DragQueryFileW
SHFileOperationW
ExtractIconW
SHGetPathFromIDListW
DragQueryPoint
ShellExecuteExW
SHGetDesktopFolder
Shell_NotifyIconW
SHGetMalloc
DragFinish
RedrawWindow
GetMessagePos
SetWindowRgn
VkKeyScanExW
UnregisterHotKey
DrawTextW
DestroyMenu
PostQuitMessage
GetForegroundWindow
SetWindowPos
IsWindow
ScreenToClient
WindowFromPoint
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
mouse_event
GetClientRect
SetMenuDefaultItem
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
CountClipboardFormats
GetTopWindow
RegisterHotKey
GetWindowTextW
EnumClipboardFormats
GetWindowTextLengthW
LoadAcceleratorsW
GetKeyState
DestroyWindow
GetParent
UpdateWindow
EnumWindows
CheckRadioButton
GetMessageW
ShowWindow
SetMenuInfo
GetDesktopWindow
IsCharAlphaW
PeekMessageW
EnableWindow
CharUpperW
GetClipboardFormatNameW
SetClipboardViewer
TranslateMessage
IsWindowEnabled
GetWindow
GetIconInfo
SetParent
SetClipboardData
IsZoomed
IsCharLowerW
EnableMenuItem
TrackPopupMenuEx
GetSubMenu
CreateMenu
GetKeyboardLayout
FlashWindow
CreateAcceleratorTableW
GetSysColorBrush
CreateWindowExW
GetWindowLongW
GetMenuStringW
MapWindowPoints
RegisterWindowMessageW
IsIconic
EmptyClipboard
SystemParametersInfoW
DefWindowProcW
keybd_event
KillTimer
MapVirtualKeyW
GetClipboardData
ToUnicodeEx
GetSystemMetrics
SetWindowLongW
GetWindowRect
IsDialogMessageW
EnumChildWindows
IsMenu
CharLowerW
SendDlgItemMessageW
SetKeyboardState
GetCursor
CreatePopupMenu
CheckMenuItem
GetClassLongW
PtInRect
DrawIconEx
SetWindowTextW
SetTimer
GetDlgItem
BringWindowToTop
SendInput
ClientToScreen
PostMessageW
GetKeyboardState
PostThreadMessageW
GetMenuItemCount
AttachThreadInput
DestroyAcceleratorTable
CreateIconFromResourceEx
SetWindowsHookExW
LoadCursorW
FindWindowW
GetDC
FillRect
SetForegroundWindow
ExitWindowsEx
SetFocus
OpenClipboard
GetAsyncKeyState
IntersectRect
EndDialog
CreateIconIndirect
MessageBeep
GetCaretPos
RemoveMenu
GetWindowThreadProcessId
GetQueueStatus
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
AppendMenuW
ChangeClipboardChain
AdjustWindowRectEx
LookupIconIdFromDirectoryEx
GetFocus
GetSysColor
SetDlgItemTextW
CopyImage
DestroyIcon
IsWindowVisible
IsCharAlphaNumericW
DispatchMessageW
SetRect
InvalidateRect
CallWindowProcW
GetClassNameW
IsCharUpperW
SendMessageTimeoutW
CloseClipboard
DefDlgProcW
SetMenu
TranslateAcceleratorW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
mixerGetLineControlsW
mixerGetControlDetailsW
mixerOpen
waveOutSetVolume
mixerSetControlDetails
mciSendStringW
mixerClose
mixerGetDevCapsW
waveOutGetVolume
mixerGetLineInfoW
joyGetPosEx
joyGetDevCapsW
WSAStartup
gethostbyname
gethostname
inet_addr
WSACleanup
CreateStreamOnHGlobal
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance
CoGetObject
CLSIDFromString
StringFromGUID2
Number of PE resources by type
RT_ICON 8
RT_GROUP_ICON 8
RT_RCDATA 7
RT_DIALOG 1
RT_MANIFEST 1
RT_MENU 1
RT_ACCELERATOR 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 28
ExifTool file metadata
SubsystemVersion
5.0

LinkerVersion
10.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.6.1.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
2664960

OriginalFilename
NppToR.ahk

MIMEType
application/octet-stream

LegalCopyright
2012 Andrew Redd

FileVersion
2.6.1

TimeStamp
2012:03:02 12:23:24+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
npptor

ProductVersion
2.6.1

FileDescription
Utility for Notpad++/R communication.

OSVersion
5.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
623616

ProductName
NppToR

ProductVersionNumber
1.6.1.0

EntryPoint
0x8b7a3

ObjectFileType
Executable application

File identification
MD5 37c028ba12bd1019290b8891895e75b6
SHA1 fe04039924787c76ccd327dac7157f165941fbce
SHA256 0829e0fa607b3dd0b995e8b185c162f0daeb2d1f0c36cc5528d233d9a4c09651
ssdeep
49152:PDTkw5BEDYxDTkw5BEDY1DTkw5BEDYdDgDTkw5BEDYx:Ps0Bls0BBs0BGs0B1

authentihash 3f302ceb18ff11e89222cdb4d2cae792d663cc8246fb8e65a0a94990796c4d1d
imphash ddb5907fa1ea63fe386562bd29085604
File size 3.1 MB ( 3289600 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable MS Visual C++ (generic) (67.3%)
Win32 Dynamic Link Library (generic) (14.2%)
Win32 Executable (generic) (9.7%)
Generic Win/DOS Executable (4.3%)
DOS Executable Generic (4.3%)
Tags
peexe

VirusTotal metadata
First submission 2012-10-17 04:37:38 UTC ( 2 years, 6 months ago )
Last submission 2015-03-24 12:36:03 UTC ( 1 month ago )
File names malware
NppToR.ahk
file-4648090_
NPPTOR-2.6.2.EXE
37C028BA12BD1019290B8891895E75B6.exe
npptor
NppToR-2.6.2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Searched windows
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.