× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a11077cb6c209c67eb2d507d650fbee0925f3cbe860c70e0cd779b73f5af4b80
File name: npp.exe
Detection ratio: 0 / 66
Analysis date: 2018-08-31 05:59:25 UTC ( 1 month, 3 weeks ago )
Antivirus Result Update
Ad-Aware 20180831
AegisLab 20180831
AhnLab-V3 20180831
Alibaba 20180713
ALYac 20180831
Antiy-AVL 20180831
Arcabit 20180831
Avast 20180831
Avast-Mobile 20180831
AVG 20180831
Avira (no cloud) 20180831
AVware 20180823
Babable 20180822
Baidu 20180830
BitDefender 20180831
Bkav 20180831
CAT-QuickHeal 20180830
ClamAV 20180831
CMC 20180831
Comodo 20180831
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180831
Cyren 20180831
DrWeb 20180831
eGambit 20180831
Emsisoft 20180831
Endgame 20180730
ESET-NOD32 20180831
F-Prot 20180831
F-Secure 20180831
Fortinet 20180831
GData 20180831
Ikarus 20180830
Sophos ML 20180717
Jiangmin 20180831
K7AntiVirus 20180829
K7GW 20180831
Kaspersky 20180831
Kingsoft 20180831
Malwarebytes 20180831
MAX 20180831
McAfee 20180831
McAfee-GW-Edition 20180831
Microsoft 20180831
eScan 20180831
NANO-Antivirus 20180831
Palo Alto Networks (Known Signatures) 20180831
Panda 20180830
Qihoo-360 20180831
Rising 20180831
SentinelOne (Static ML) 20180830
Sophos AV 20180831
SUPERAntiSpyware 20180831
Symantec 20180831
Symantec Mobile Insight 20180829
TACHYON 20180831
Tencent 20180831
TheHacker 20180829
TrendMicro 20180831
TrendMicro-HouseCall 20180831
Trustlook 20180831
VBA32 20180830
VIPRE 20180831
ViRobot 20180831
Webroot 20180831
Yandex 20180830
ZoneAlarm by Check Point 20180831
Zoner 20180830
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyleft 1998-2013 by Don HO

Product Notepad++
Original name Notepad++.exe
Internal name npp.exe
File version 6.69
Description Notepad++ : a free (GNU) source code editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-07 21:50:30
Entry Point 0x00141FCE
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
IsTextUnicode
RegQueryValueExW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
Ord(17)
ImageList_SetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
GetROP2
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
BitBlt
CreateHatchBrush
OffsetWindowOrgEx
CreatePatternBrush
SelectObject
ExtTextOutW
CreateBitmap
MoveToEx
EnumFontFamiliesExW
GetStockObject
SetTextAlign
SetROP2
CreateCompatibleDC
CreateFontW
SetBrushOrgEx
EndPage
GetTextExtentPoint32W
SetWindowOrgEx
DPtoLP
SetTextColor
SetBkColor
GetTextExtentPointW
StartDocW
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
OutputDebugStringA
SetLastError
GetSystemTime
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesW
LockFileEx
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetDateFormatA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
CreateEventW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
LocalLock
GlobalSize
GetStartupInfoA
UnlockFile
GetEnvironmentStrings
GetFileSize
DeleteFileA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
HeapValidate
ResetEvent
CreateFileMappingA
FindFirstFileW
IsValidLocale
lstrcmpW
GlobalLock
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LocalUnlock
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
LCMapStringA
HeapReAlloc
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
HeapCompact
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
lstrcpynW
RaiseException
CompareStringA
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
GetTimeFormatA
DragQueryFileW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
SHGetSpecialFolderLocation
SHFileOperationW
SHGetMalloc
DragFinish
PathStripPathW
PathMatchSpecW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathAddExtensionW
PathGetDriveNumberW
PathCompactPathExW
PathIsRelativeW
PathIsDirectoryW
PathRemoveExtensionW
RedrawWindow
LoadBitmapW
MoveWindow
DestroyMenu
PostQuitMessage
SetWindowPos
SetScrollPos
IsWindow
EndPaint
WindowFromPoint
SetMenuItemInfoW
DispatchMessageW
ChangeClipboardChain
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
GetClientRect
ToAscii
SetCaretPos
DrawTextW
GetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
GetActiveWindow
ShowCursor
GetWindowTextW
RegisterClipboardFormatW
LockWindowUpdate
ScrollWindow
DestroyWindow
EnableWindow
DrawEdge
GetParent
UpdateWindow
GetPropW
ShowScrollBar
CreateCaret
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
PeekMessageW
InsertMenuItemW
SetWindowPlacement
GetDC
CharUpperW
MapWindowPoints
GetClipboardData
TranslateMessage
GetDlgItemTextW
DestroyCaret
GetDlgItemInt
RegisterClassW
CreateCursor
SetParent
SetClipboardData
FlashWindowEx
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
EnableMenuItem
DrawFocusRect
CreateMenu
IsDialogMessageW
FillRect
CreateAcceleratorTableW
DeferWindowPos
IsWindowUnicode
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
OpenClipboard
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
BeginPaint
DefWindowProcW
DrawIcon
TrackMouseEvent
CheckMenuRadioItem
SetClipboardViewer
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
GetSubMenu
PtInRect
DrawIconEx
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
ClientToScreen
GetKeyboardState
DialogBoxIndirectParamW
GetMenuItemCount
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
RemoveMenu
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
GetScrollRange
EndDialog
HideCaret
FindWindowW
GetCapture
ScreenToClient
MessageBeep
LoadMenuW
ShowCaret
BeginDeferWindowPos
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
SetRectEmpty
DialogBoxParamW
MessageBoxA
AppendMenuW
DestroyCursor
mouse_event
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
DragDetect
CallWindowProcA
GetClassNameA
GetFocus
wsprintfW
CloseClipboard
SetCursor
SetMenu
SetDlgItemInt
TranslateAcceleratorW
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
ChooseColorW
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 127
RT_GROUP_ICON 81
RT_DIALOG 50
RT_BITMAP 48
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_MENU 3
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 320
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.6.9.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
929792

EntryPoint
0x141fce

OriginalFileName
Notepad++.exe

MIMEType
application/octet-stream

LegalCopyright
Copyleft 1998-2013 by Don HO

FileVersion
6.69

TimeStamp
2014:09:07 22:50:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
npp.exe

ProductVersion
6.69

FileDescription
Notepad++ : a free (GNU) source code editor

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Don HO don.h@free.fr

CodeSize
1470464

ProductName
Notepad++

ProductVersionNumber
6.6.9.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 8695d4e286bf30f6e6cf6930f85aaf04
SHA1 723472331a8c0c471d750593a372281f0ec4251c
SHA256 a11077cb6c209c67eb2d507d650fbee0925f3cbe860c70e0cd779b73f5af4b80
ssdeep
49152:ZvUvyb+XbL3COlJ6Zq0IL9ZuK9wDo6r1CRGfYdW:6qb8/COlcZq0IMyW

authentihash b79bce4e7d0de70868080b10a6157c34b1273393116970199e2458477bf1f990
imphash aeecba387d81b3bcdf2061997e7d191c
File size 2.3 MB ( 2404352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-09-08 00:06:10 UTC ( 4 years, 1 month ago )
Last submission 2018-06-19 08:31:09 UTC ( 4 months ago )
File names alt39ae.tmp
vt-upload-BZBsJT
notepad .exe
notepad%2B%2B.exe
[1]notepad++.exe
alt8eda.tmp
alt70e1.tmp
alt2e80.tmp
altfa43.tmp
altbefd.tmp
alt5d48.tmp
altc06.tmp
altf0bd.tmp
alt6e7e.tmp
1c058e54-2d77-11e7-881c-54ee7527aa7e
altab.tmp
alt5b53.tmp
alt8532.tmp
notepad++.exe
alte038.tmp
alt7bda.tmp
alt6341.tmp
alt9522.tmp
vsdl0g6m.1qf
alt71ad.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
clipboard-monitor

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.