× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a11077cb6c209c67eb2d507d650fbee0925f3cbe860c70e0cd779b73f5af4b80
File name: [0]notepad++.exe
Detection ratio: 0 / 66
Analysis date: 2018-05-06 06:58:58 UTC ( 2 weeks, 5 days ago )
Antivirus Result Update
Ad-Aware 20180506
AegisLab 20180506
AhnLab-V3 20180505
Alibaba 20180503
ALYac 20180506
Antiy-AVL 20180505
Arcabit 20180506
Avast 20180506
Avast-Mobile 20180505
AVG 20180506
Avira (no cloud) 20180505
AVware 20180428
Babable 20180406
Baidu 20180503
BitDefender 20180506
Bkav 20180504
CAT-QuickHeal 20180505
ClamAV 20180505
CMC 20180505
Comodo 20180505
CrowdStrike Falcon (ML) 20180418
Cybereason None
Cylance 20180506
Cyren 20180505
DrWeb 20180505
eGambit 20180506
Emsisoft 20180505
Endgame 20180504
ESET-NOD32 20180506
F-Prot 20180506
F-Secure 20180506
Fortinet 20180506
GData 20180506
Sophos ML 20180503
Jiangmin 20180506
K7AntiVirus 20180506
K7GW 20180506
Kaspersky 20180506
Kingsoft 20180506
Malwarebytes 20180506
MAX 20180506
McAfee 20180506
McAfee-GW-Edition 20180505
Microsoft 20180505
eScan 20180506
NANO-Antivirus 20180506
nProtect 20180506
Palo Alto Networks (Known Signatures) 20180506
Panda 20180505
Qihoo-360 20180506
Rising 20180506
SentinelOne (Static ML) 20180225
Sophos AV 20180506
SUPERAntiSpyware 20180505
Symantec 20180505
Symantec Mobile Insight 20180505
Tencent 20180506
TheHacker 20180504
TotalDefense 20180506
TrendMicro 20180506
TrendMicro-HouseCall 20180506
Trustlook 20180506
VBA32 20180504
VIPRE 20180506
ViRobot 20180505
Webroot 20180506
Yandex 20180504
Zillya 20180504
ZoneAlarm by Check Point 20180506
Zoner 20180505
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyleft 1998-2013 by Don HO

Product Notepad++
Original name Notepad++.exe
Internal name npp.exe
File version 6.69
Description Notepad++ : a free (GNU) source code editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2014-09-07 21:50:30
Entry Point 0x00141FCE
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
FreeSid
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
IsTextUnicode
RegQueryValueExW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
Ord(17)
ImageList_SetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
GetROP2
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
BitBlt
CreateHatchBrush
OffsetWindowOrgEx
CreatePatternBrush
SelectObject
ExtTextOutW
CreateBitmap
MoveToEx
EnumFontFamiliesExW
GetStockObject
SetTextAlign
SetROP2
CreateCompatibleDC
CreateFontW
SetBrushOrgEx
EndPage
GetTextExtentPoint32W
SetWindowOrgEx
DPtoLP
SetTextColor
SetBkColor
GetTextExtentPointW
StartDocW
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetTempPathA
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
GetDiskFreeSpaceA
GetStringTypeW
GetFullPathNameA
SetEvent
LocalFree
FormatMessageW
InitializeCriticalSection
LoadResource
FindClose
TlsGetValue
FormatMessageA
GetFullPathNameW
OutputDebugStringA
SetLastError
GetSystemTime
CopyFileW
OutputDebugStringW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
GetVersionExA
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
SetFileAttributesW
LockFileEx
CreateThread
MoveFileExW
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
GetDateFormatA
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
CreateEventW
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
AreFileApisANSI
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
FlushFileBuffers
LoadLibraryA
RtlUnwind
LocalLock
GlobalSize
GetStartupInfoA
UnlockFile
GetEnvironmentStrings
GetFileSize
DeleteFileA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
CreateFileMappingW
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
HeapValidate
ResetEvent
CreateFileMappingA
FindFirstFileW
IsValidLocale
lstrcmpW
GlobalLock
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LocalUnlock
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
HeapCreate
GetSystemInfo
GlobalFree
GetConsoleCP
OpenEventW
LCMapStringA
HeapReAlloc
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
LockFile
lstrlenW
HeapCompact
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
lstrcpynW
RaiseException
CompareStringA
MapViewOfFile
TlsFree
SetFilePointer
ReadFile
CloseHandle
UnlockFileEx
GetACP
GetModuleHandleW
GetFileAttributesExW
GetLongPathNameW
WideCharToMultiByte
IsValidCodePage
UnmapViewOfFile
FindResourceW
VirtualFree
Sleep
VirtualAlloc
GetOEMCP
GetTimeFormatA
DragQueryFileW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
SHGetSpecialFolderLocation
SHFileOperationW
SHGetMalloc
DragFinish
PathStripPathW
PathMatchSpecW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathAddExtensionW
PathGetDriveNumberW
PathCompactPathExW
PathIsRelativeW
PathIsDirectoryW
PathRemoveExtensionW
RedrawWindow
LoadBitmapW
MoveWindow
DestroyMenu
PostQuitMessage
SetWindowPos
SetScrollPos
IsWindow
EndPaint
WindowFromPoint
SetMenuItemInfoW
DispatchMessageW
ChangeClipboardChain
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
GetClientRect
ToAscii
SetCaretPos
DrawTextW
GetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
TrackPopupMenu
GetActiveWindow
ShowCursor
GetWindowTextW
RegisterClipboardFormatW
LockWindowUpdate
ScrollWindow
DestroyWindow
EnableWindow
DrawEdge
GetParent
UpdateWindow
GetPropW
ShowScrollBar
CreateCaret
GetMessageW
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
PeekMessageW
InsertMenuItemW
SetWindowPlacement
GetDC
CharUpperW
MapWindowPoints
GetClipboardData
TranslateMessage
GetDlgItemTextW
DestroyCaret
GetDlgItemInt
RegisterClassW
CreateCursor
SetParent
SetClipboardData
FlashWindowEx
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
EnableMenuItem
DrawFocusRect
CreateMenu
IsDialogMessageW
FillRect
CreateAcceleratorTableW
DeferWindowPos
IsWindowUnicode
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
OpenClipboard
IsChild
SetFocus
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
BeginPaint
DefWindowProcW
DrawIcon
TrackMouseEvent
CheckMenuRadioItem
SetClipboardViewer
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
GetSubMenu
PtInRect
DrawIconEx
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
ClientToScreen
GetKeyboardState
DialogBoxIndirectParamW
GetMenuItemCount
DestroyAcceleratorTable
GetMenuState
SetWindowsHookExW
LoadCursorW
LoadIconW
RemoveMenu
GetMenuItemID
InsertMenuW
SetForegroundWindow
GetMenuStringW
EmptyClipboard
CreateDialogIndirectParamW
GetScrollRange
EndDialog
HideCaret
FindWindowW
GetCapture
ScreenToClient
MessageBeep
LoadMenuW
ShowCaret
BeginDeferWindowPos
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
SetRectEmpty
DialogBoxParamW
MessageBoxA
AppendMenuW
DestroyCursor
mouse_event
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
SystemParametersInfoW
MonitorFromWindow
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
DragDetect
CallWindowProcA
GetClassNameA
GetFocus
wsprintfW
CloseClipboard
SetCursor
SetMenu
SetDlgItemInt
TranslateAcceleratorW
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
ChooseColorW
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 127
RT_GROUP_ICON 81
RT_DIALOG 50
RT_BITMAP 48
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_MENU 3
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 320
PE resources
Debug information
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.6.9.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
929792

EntryPoint
0x141fce

OriginalFileName
Notepad++.exe

MIMEType
application/octet-stream

LegalCopyright
Copyleft 1998-2013 by Don HO

FileVersion
6.69

TimeStamp
2014:09:07 21:50:30+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
npp.exe

ProductVersion
6.69

FileDescription
Notepad++ : a free (GNU) source code editor

OSVersion
4.0

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Don HO don.h@free.fr

CodeSize
1470464

ProductName
Notepad++

ProductVersionNumber
6.6.9.0

FileTypeExtension
exe

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
While monitoring an end-user machine in-the-wild, CarbonBlack noticed this sample wrote the following files to disk.
Execution parents
Compressed bundles
File identification
MD5 8695d4e286bf30f6e6cf6930f85aaf04
SHA1 723472331a8c0c471d750593a372281f0ec4251c
SHA256 a11077cb6c209c67eb2d507d650fbee0925f3cbe860c70e0cd779b73f5af4b80
ssdeep
49152:ZvUvyb+XbL3COlJ6Zq0IL9ZuK9wDo6r1CRGfYdW:6qb8/COlcZq0IMyW

authentihash b79bce4e7d0de70868080b10a6157c34b1273393116970199e2458477bf1f990
imphash aeecba387d81b3bcdf2061997e7d191c
File size 2.3 MB ( 2404352 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (36.1%)
Win32 Executable MS Visual C++ (generic) (26.2%)
Win64 Executable (generic) (23.2%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.7%)
Tags
peexe via-tor

VirusTotal metadata
First submission 2014-09-08 00:06:10 UTC ( 3 years, 8 months ago )
Last submission 2018-05-06 06:58:58 UTC ( 2 weeks, 5 days ago )
File names alt39ae.tmp
vt-upload-BZBsJT
notepad .exe
notepad%2B%2B.exe
[1]notepad++.exe
alt8eda.tmp
alt70e1.tmp
altc305.tmp
altfa43.tmp
altbefd.tmp
alt5d48.tmp
altc06.tmp
altf0bd.tmp
alt6e7e.tmp
1c058e54-2d77-11e7-881c-54ee7527aa7e
altab.tmp
alt5b53.tmp
alt8532.tmp
notepad++.exe
alte038.tmp
alt7bda.tmp
alt6341.tmp
alt9522.tmp
vsdl0g6m.1qf
alt71ad.tmp
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Behaviour characterization
Zemana
clipboard-monitor

No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Copied files
Created mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.