× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a11077cb6c209c67eb2d507d650fbee0925f3cbe860c70e0cd779b73f5af4b80
File name: npp.exe
Detection ratio: 0 / 71
Analysis date: 2018-12-26 10:28:27 UTC ( 3 weeks, 5 days ago )
Antivirus Result Update
Acronis 20181224
Ad-Aware 20181226
AegisLab 20181226
AhnLab-V3 20181226
Alibaba 20180921
ALYac 20181226
Antiy-AVL 20181226
Arcabit 20181226
Avast 20181226
Avast-Mobile 20181225
AVG 20181226
Avira (no cloud) 20181226
Babable 20180918
Baidu 20181207
BitDefender 20181226
Bkav 20181224
CAT-QuickHeal 20181225
ClamAV 20181226
CMC 20181225
Comodo 20181226
CrowdStrike Falcon (ML) 20181022
Cybereason 20180225
Cylance 20181226
Cyren 20181226
DrWeb 20181226
eGambit 20181226
Emsisoft 20181226
Endgame 20181108
ESET-NOD32 20181226
F-Prot 20181226
F-Secure 20181226
Fortinet 20181226
GData 20181226
Ikarus 20181226
Sophos ML 20181128
Jiangmin 20181226
K7AntiVirus 20181226
K7GW 20181226
Kaspersky 20181226
Kingsoft 20181226
Malwarebytes 20181226
MAX 20181226
McAfee 20181226
McAfee-GW-Edition 20181226
Microsoft 20181225
eScan 20181226
NANO-Antivirus 20181226
Palo Alto Networks (Known Signatures) 20181226
Panda 20181225
Qihoo-360 20181226
Rising 20181226
SentinelOne (Static ML) 20181223
Sophos AV 20181226
SUPERAntiSpyware 20181220
Symantec 20181225
Symantec Mobile Insight 20181225
TACHYON 20181226
Tencent 20181226
TheHacker 20181225
TotalDefense 20181226
Trapmine 20181205
TrendMicro 20181226
TrendMicro-HouseCall 20181226
Trustlook 20181226
VBA32 20181226
VIPRE 20181226
ViRobot 20181225
Webroot 20181226
Yandex 20181223
Zillya 20181225
ZoneAlarm by Check Point 20181226
Zoner 20181225
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyleft 1998-2013 by Don HO

Product Notepad++
Original name Notepad++.exe
Internal name npp.exe
File version 6.69
Description Notepad++ : a free (GNU) source code editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-07 21:50:30
Entry Point 0x00141FCE
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
IsTextUnicode
RegQueryValueExW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
Ord(17)
ImageList_SetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
GetROP2
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
BitBlt
CreateHatchBrush
OffsetWindowOrgEx
CreatePatternBrush
SelectObject
ExtTextOutW
CreateBitmap
MoveToEx
EnumFontFamiliesExW
GetStockObject
SetTextAlign
SetROP2
CreateCompatibleDC
CreateFontW
SetBrushOrgEx
EndPage
GetTextExtentPoint32W
SetWindowOrgEx
DPtoLP
SetTextColor
SetBkColor
GetTextExtentPointW
StartDocW
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
OutputDebugStringA
SetLastError
GetSystemTime
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesW
LockFileEx
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetDateFormatA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
CreateEventW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
LocalLock
GlobalSize
GetStartupInfoA
UnlockFile
GetEnvironmentStrings
GetFileSize
DeleteFileA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
HeapValidate
ResetEvent
CreateFileMappingA
FindFirstFileW
IsValidLocale
lstrcmpW
GlobalLock
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LocalUnlock
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
LCMapStringA
HeapReAlloc
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
HeapCompact
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
lstrcpynW
RaiseException
CompareStringA
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
GetTimeFormatA
DragQueryFileW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
SHGetSpecialFolderLocation
SHFileOperationW
SHGetMalloc
DragFinish
PathStripPathW
PathMatchSpecW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathAddExtensionW
PathGetDriveNumberW
PathCompactPathExW
PathIsRelativeW
PathIsDirectoryW
PathRemoveExtensionW
RedrawWindow
LoadBitmapW
MoveWindow
DestroyMenu
PostQuitMessage
SetWindowPos
SetScrollPos
IsWindow
EndPaint
WindowFromPoint
SetMenuItemInfoW
DispatchMessageW
ChangeClipboardChain
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
GetClientRect
ToAscii
SetCaretPos
DrawTextW
GetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
GetActiveWindow
ShowCursor
GetWindowTextW
RegisterClipboardFormatW
LockWindowUpdate
ScrollWindow
DestroyWindow
EnableWindow
DrawEdge
GetParent
UpdateWindow
GetPropW
ShowScrollBar
CreateCaret
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
PeekMessageW
InsertMenuItemW
SetWindowPlacement
GetDC
CharUpperW
MapWindowPoints
GetClipboardData
TranslateMessage
GetDlgItemTextW
DestroyCaret
GetDlgItemInt
RegisterClassW
CreateCursor
SetParent
SetClipboardData
FlashWindowEx
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
EnableMenuItem
DrawFocusRect
CreateMenu
IsDialogMessageW
FillRect
CreateAcceleratorTableW
DeferWindowPos
IsWindowUnicode
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
OpenClipboard
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
BeginPaint
DefWindowProcW
DrawIcon
TrackMouseEvent
CheckMenuRadioItem
SetClipboardViewer
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
GetSubMenu
PtInRect
DrawIconEx
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
ClientToScreen
GetKeyboardState
DialogBoxIndirectParamW
GetMenuItemCount
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
RemoveMenu
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
GetScrollRange
EndDialog
HideCaret
FindWindowW
GetCapture
ScreenToClient
MessageBeep
LoadMenuW
ShowCaret
BeginDeferWindowPos
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
SetRectEmpty
DialogBoxParamW
MessageBoxA
AppendMenuW
DestroyCursor
mouse_event
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
DragDetect
CallWindowProcA
GetClassNameA
GetFocus
wsprintfW
CloseClipboard
SetCursor
SetMenu
SetDlgItemInt
TranslateAcceleratorW
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
ChooseColorW
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 127
RT_GROUP_ICON 81
RT_DIALOG 50
RT_BITMAP 48
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_MENU 3
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 320
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
8.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.6.9.0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
Notepad++ : a free (GNU) source code editor

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
929792

EntryPoint
0x141fce

OriginalFileName
Notepad++.exe

MIMEType
application/octet-stream

LegalCopyright
Copyleft 1998-2013 by Don HO

FileVersion
6.69

TimeStamp
2014:09:07 22:50:30+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
npp.exe

ProductVersion
6.69

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Don HO don.h@free.fr

CodeSize
1470464

ProductName
Notepad++

ProductVersionNumber
6.6.9.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 8695d4e286bf30f6e6cf6930f85aaf04
SHA1 723472331a8c0c471d750593a372281f0ec4251c
SHA256 a11077cb6c209c67eb2d507d650fbee0925f3cbe860c70e0cd779b73f5af4b80
ssdeep
49152:ZvUvyb+XbL3COlJ6Zq0IL9ZuK9wDo6r1CRGfYdW:6qb8/COlcZq0IMyW

authentihash b79bce4e7d0de70868080b10a6157c34b1273393116970199e2458477bf1f990
imphash aeecba387d81b3bcdf2061997e7d191c
File size 2.3 MB ( 2404352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-09-08 00:06:10 UTC ( 4 years, 4 months ago )
Last submission 2018-06-19 08:31:09 UTC ( 7 months ago )
File names alt39ae.tmp
vt-upload-BZBsJT
notepad .exe
notepad%2B%2B.exe
[1]notepad++.exe
alt8eda.tmp
alt70e1.tmp
alt2e80.tmp
altfa43.tmp
altbefd.tmp
alt5d48.tmp
altc06.tmp
altf0bd.tmp
alt6e7e.tmp
1c058e54-2d77-11e7-881c-54ee7527aa7e
altab.tmp
alt5b53.tmp
alt8532.tmp
notepad++.exe
alte038.tmp
alt7bda.tmp
alt6341.tmp
alt9522.tmp
vsdl0g6m.1qf
alt71ad.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
clipboard-monitor

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.