× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 643dd5a46c605087ae4e1d2e20203ee8660fa7aa1f7df758977a7d10c532162f
File name: 686c1039.exe
Detection ratio: 45 / 53
Analysis date: 2014-07-29 08:32:34 UTC ( 2 years, 12 months ago )
Antivirus Result Update
Ad-Aware Trojan.Injector.VB.R 20140729
Yandex Trojan.Injector!HTItmzTdFYM 20140727
AhnLab-V3 Backdoor/Win32.Ruskill 20140729
AntiVir TR/Dropper.VB.Gen 20140729
Antiy-AVL Trojan/Win32.Agent 20140729
Avast Win32:VBCrypter-A [Cryp] 20140729
AVG VBCrypt.DRT 20140729
AVware Trojan.Win32.Generic.pak!cobra 20140729
Baidu-International Trojan.Win32.Agent.ACN 20140729
BitDefender Trojan.Injector.VB.R 20140729
Bkav W32.OnGameELCIAUAF.Trojan 20140728
CAT-QuickHeal Worm.Dorkbot.A 20140729
ClamAV Win.Trojan.Agent-56793 20140729
Commtouch W32/Trojan.QSPL-0062 20140729
Comodo TrojWare.Win32.Agent.prac 20140729
DrWeb BackDoor.IRC.NgrBot.42 20140729
ESET-NOD32 a variant of Win32/Injector.AFXD 20140729
F-Secure Trojan.Injector.VB.R 20140729
Fortinet W32/Dorkbot.BAA!tr 20140729
GData Trojan.Injector.VB.R 20140729
Jiangmin Trojan/Agent.khhd 20140725
K7AntiVirus Trojan ( 002c59b01 ) 20140728
K7GW Trojan ( 002c59b01 ) 20140728
Kaspersky Trojan.Win32.Agent.prac 20140729
Kingsoft Win32.Troj.DeepScan.x.(kcloud) 20140729
McAfee Generic Backdoor.xo 20140729
McAfee-GW-Edition Generic Backdoor.xo 20140728
Microsoft VirTool:Win32/VBInject 20140729
eScan Trojan.Injector.VB.R 20140729
NANO-Antivirus Trojan.Win32.Agent.fossh 20140729
Norman VBTroj.DAQI 20140729
nProtect Trojan/W32.Injector.245760 20140728
Panda Generic Malware 20140729
Qihoo-360 Win32/Trojan.cb4 20140729
Rising PE:Trojan.Win32.Generic.12A26BB6!312634294 20140728
Sophos AV Mal/VBCheMan-D 20140729
SUPERAntiSpyware Heur.Agent/Gen-FakeNPP 20140729
Symantec Trojan.Gen 20140729
Tencent Win32.Trojan.Agent.Wlfn 20140729
TheHacker Trojan/Injector.jtq 20140728
TrendMicro TROJ_SPNR.11JA11 20140729
TrendMicro-HouseCall TROJ_SPNR.11JA11 20140729
VBA32 BScope.Worm.NgrBot.2112 20140728
VIPRE Trojan.Win32.Generic.pak!cobra 20140729
ViRobot Trojan.Win32.A.Agent.417792.F 20140729
AegisLab 20140729
ByteHero 20140729
CMC 20140728
F-Prot 20140729
Ikarus 20140729
Malwarebytes 20140729
TotalDefense 20140728
Zoner 20140723
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyleft 1998-2006 by Don HO

Publisher Don HO don.h@free.fr
Product Notepad++
Original name Notepad++.exe
Internal name npp.exe
File version 5.92
Description Notepad++ : a free (GNU) source code editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2011-09-28 00:30:23
Entry Point 0x00002078
Number of sections 3
PE sections
PE imports
_adj_fdiv_m32
__vbaChkstk
_CIatan
__vbaStrCmp
_allmul
Ord(713)
_adj_fdivr_m64
_adj_fprem
__vbaLenBstr
_adj_fpatan
__vbaGenerateBoundsError
Ord(535)
_adj_fdiv_m32i
__vbaExceptHandler
__vbaSetSystemError
__vbaFreeVarList
DllFunctionCall
__vbaFPException
_adj_fdivr_m16i
_adj_fdiv_r
Ord(100)
__vbaFreeVar
_adj_fprem1
__vbaAryConstruct2
_adj_fdiv_m64
_CIsin
_CIsqrt
__vbaUI1I2
_CIlog
_CIcos
Ord(595)
_adj_fptan
__vbaI4Str
Ord(610)
__vbaErrorOverflow
__vbaFreeStr
Ord(644)
__vbaOnError
_adj_fdivr_m32i
__vbaAryDestruct
_CIexp
__vbaStrMove
__vbaStrI4
_adj_fdivr_m32
__vbaStrCat
__vbaStrR4
__vbaVarCopy
_CItan
__vbaFpI4
Ord(598)
__vbaFpI2
_adj_fdiv_m16i
Number of PE resources by type
RT_ICON 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
NEUTRAL 2
ENGLISH US 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
163840

ImageVersion
1.0

ProductName
Notepad++

FileVersionNumber
5.9.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

LinkerVersion
6.0

OriginalFilename
Notepad++.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
5.92

TimeStamp
2011:09:28 01:30:23+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
npp.exe

FileAccessDate
2014:07:29 09:32:23+01:00

ProductVersion
5.92

FileDescription
Notepad++ : a free (GNU) source code editor

OSVersion
4.0

FileCreateDate
2014:07:29 09:32:23+01:00

FileOS
Windows NT 32-bit

LegalCopyright
Copyleft 1998-2006 by Don HO

MachineType
Intel 386 or later, and compatibles

CompanyName
Don HO don.h@free.fr

CodeSize
73728

FileSubtype
0

ProductVersionNumber
5.9.2.0

EntryPoint
0x2078

ObjectFileType
Executable application

File identification
MD5 631b338a5888fd11fae196856f886727
SHA1 bd9ddbac0989149822d79811fe46a44c18b59a76
SHA256 643dd5a46c605087ae4e1d2e20203ee8660fa7aa1f7df758977a7d10c532162f
ssdeep
3072:fqGhyAeMOOfaRF5jpx865n8UV+hTJICrEMiYkZCSjWCfqgOWYJU6o0pQ:fqGhb2OfaXx8asr/irZBjWwJO

imphash ee577dd80c8a46a597ed3be3347cd009
File size 240.0 KB ( 245760 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Win32 Executable Microsoft Visual Basic 6 (90.5%)
Win32 Executable (generic) (4.9%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
Tags
peexe

VirusTotal metadata
First submission 2011-09-30 08:09:11 UTC ( 5 years, 10 months ago )
Last submission 2014-07-29 08:32:34 UTC ( 2 years, 12 months ago )
File names 631b338a5888fd11fae196856f886727
631b338a5888fd11fae196856f886727.exe
9B9538C400BE77F6C02A03FD7D39BA00759DC3E6.dat
Notepad++.exe
631B338A5888FD11FAE196856F886727
lh[1].dat_631b338a5888fd11fae196856f886727
686c1039.exe
npp.exe
install-0.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!