× Les cookies sont désactivés ! Ce site exige que les cookies soient activés pour fonctionner correctement
SHA256: 5b7b349beede01926017bbe5131d511957cc52dbac98b19d3d08a5596c9fcb04
Nom du fichier : test2.exe
Ratio de détection : 2 / 46
Date d'analyse : 2013-02-24 21:56:38 UTC (il y a 1 an, 1 mois) Voir les derniers
Antivirus Résultat Mise à jour
Rising Trojan.Win32.Generic.131C21CC 20130205
VIPRE Trojan.Win32.Generic!BT 20130224
AVG 20130224
Agnitum 20130224
AhnLab-V3 20130224
AntiVir 20130224
Antiy-AVL 20130224
Avast 20130224
BitDefender 20130224
ByteHero 20130221
CAT-QuickHeal 20130223
ClamAV 20130224
Commtouch 20130224
Comodo 20130224
DrWeb 20130224
ESET-NOD32 20130224
Emsisoft 20130224
F-Prot 20130224
F-Secure 20130224
Fortinet 20130224
GData 20130224
Ikarus 20130224
Jiangmin 20130224
K7AntiVirus 20130222
Kaspersky 20130224
Kingsoft 20130204
Malwarebytes 20130224
McAfee 20130224
McAfee-GW-Edition 20130224
MicroWorld-eScan 20130224
Microsoft 20130224
NANO-Antivirus 20130224
Norman 20130224
PCTools 20130219
Panda 20130224
SUPERAntiSpyware 20130224
Sophos 20130224
Symantec 20130224
TheHacker 20130224
TotalDefense 20130224
TrendMicro 20130224
TrendMicro-HouseCall 20130224
VBA32 20130222
ViRobot 20130224
eSafe 20130211
nProtect 20130224
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block
Copyright
Copyleft 1998-2006 by Don HO

Publisher Don HO don.h@free.fr
Product Notepad__
Original name Notepad__.exe
Internal name npp.exe
File version 6.12
Description Notepad__ : a free (GNU) source code editor
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2012-04-26 21:06:13
Entry Point 0x000B48F9
Number of sections 4
PE sections
PE imports
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
IsTextUnicode
RegQueryValueExW
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_BeginDrag
ImageList_Destroy
ImageList_AddMasked
ImageList_Draw
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_DragMove
ImageList_Create
Ord(17)
ImageList_Add
ImageList_SetIconSize
InitCommonControlsEx
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_EndDrag
GetTextMetricsW
CreateFontIndirectW
PatBlt
CreatePen
SaveDC
GetROP2
GetPixel
Rectangle
GetDeviceCaps
LineTo
DeleteDC
RestoreDC
SetBkMode
EndDoc
CreateSolidBrush
StartPage
DeleteObject
GetObjectW
BitBlt
CreateHatchBrush
OffsetWindowOrgEx
CreatePatternBrush
SelectObject
ExtTextOutW
CreateBitmap
MoveToEx
EnumFontFamiliesExW
GetStockObject
SetTextAlign
SetROP2
CreateCompatibleDC
CreateFontW
SetBrushOrgEx
EndPage
GetTextExtentPoint32W
SetWindowOrgEx
DPtoLP
SetTextColor
SetBkColor
GetTextExtentPointW
StartDocW
CreateCompatibleBitmap
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
ReleaseMutex
FileTimeToSystemTime
WaitForSingleObject
GetDriveTypeA
HeapDestroy
GetFileAttributesW
GetLocalTime
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
FreeEnvironmentStringsW
lstrcatW
GetLocaleInfoW
SetStdHandle
GetCPInfo
GetStringTypeA
InterlockedExchange
WriteFile
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
FreeLibrary
LocalFree
InitializeCriticalSection
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
SetLastError
CopyFileW
GetModuleFileNameW
IsDebuggerPresent
HeapAlloc
FlushFileBuffers
GetModuleFileNameA
lstrcmpiW
EnumSystemLocalesA
GetUserDefaultLCID
UnhandledExceptionFilter
TlsGetValue
MultiByteToWideChar
GetModuleHandleA
GetFullPathNameW
CreateThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
SetEnvironmentVariableA
TerminateProcess
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetCurrentThreadId
InterlockedIncrement
WriteConsoleW
HeapFree
EnterCriticalSection
SetHandleCount
TerminateThread
LoadLibraryW
GetVersionExW
GetOEMCP
QueryPerformanceCounter
GetTickCount
TlsAlloc
GetVersionExA
LoadLibraryA
RtlUnwind
LocalLock
GlobalSize
GetStartupInfoA
GetDateFormatA
GetEnvironmentStrings
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetTimeFormatW
lstrcpyW
ExpandEnvironmentStringsW
FindNextFileW
GetTimeFormatA
FindFirstFileW
IsValidLocale
lstrcmpW
GlobalLock
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
ExitProcess
LocalUnlock
LeaveCriticalSection
GetLastError
LCMapStringW
GetSystemInfo
GlobalFree
GetConsoleCP
FindResourceW
LCMapStringA
CompareStringW
GetEnvironmentStringsW
GlobalUnlock
lstrlenW
FileTimeToLocalFileTime
SizeofResource
GetCurrentDirectoryW
GetCurrentProcessId
LockResource
GetCommandLineW
GetCurrentDirectoryA
HeapSize
GetCommandLineA
InterlockedCompareExchange
lstrcpynW
RaiseException
TlsFree
SetFilePointer
ReadFile
CloseHandle
GetACP
GetModuleHandleW
GetLongPathNameW
WideCharToMultiByte
IsValidCodePage
HeapCreate
GetTempPathW
VirtualFree
Sleep
VirtualAlloc
CompareStringA
DragQueryFileW
SHBrowseForFolderW
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
DragQueryPoint
SHGetSpecialFolderLocation
SHGetMalloc
DragFinish
PathStripPathW
PathMatchSpecW
PathFindFileNameW
PathFileExistsW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAppendW
PathFindExtensionW
PathAddExtensionW
PathIsRelativeW
PathIsDirectoryW
PathCompactPathExW
RedrawWindow
LoadBitmapW
DestroyMenu
PostQuitMessage
SetWindowPos
SetScrollPos
IsWindow
ClientToScreen
WindowFromPoint
SetMenuItemInfoW
DispatchMessageW
ChangeClipboardChain
GetCursorPos
ReleaseDC
GetDlgCtrlID
GetMenu
GetMenuStringW
GetClientRect
ToAscii
SetCaretPos
DrawTextW
GetScrollPos
CallNextHookEx
IsClipboardFormatAvailable
LoadImageW
GetKeyboardState
GetActiveWindow
ShowCursor
GetWindowTextW
RegisterClipboardFormatW
LockWindowUpdate
ShowCaret
ScrollWindow
PtInRect
EnableWindow
GetMessageA
GetParent
UpdateWindow
ShowScrollBar
GetMenuState
CreateCaret
GetMessageW
ShowWindow
DrawFrameControl
GetDesktopWindow
PeekMessageW
InsertMenuItemW
SetWindowPlacement
CharUpperW
GetClipboardData
TranslateMessage
GetDlgItemTextW
DestroyCaret
GetDlgItemInt
SetClipboardData
CreateCursor
SetParent
RegisterClassW
IsZoomed
GetWindowPlacement
LoadStringW
DrawMenuBar
EnableMenuItem
DrawFocusRect
GetDCEx
IsDialogMessageW
FillRect
CreateAcceleratorTableW
DeferWindowPos
IsWindowUnicode
RealChildWindowFromPoint
CreateWindowExW
GetWindowLongW
DestroyWindow
IsChild
IsDialogMessageA
MapWindowPoints
RegisterWindowMessageW
GetMonitorInfoW
IsIconic
DrawEdge
BeginPaint
DefWindowProcW
DrawIcon
CheckMenuRadioItem
SetClipboardViewer
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
DrawTextExW
CharLowerW
SetWindowLongA
SendDlgItemMessageW
PostMessageW
CreateDialogParamW
CreatePopupMenu
CheckMenuItem
GetSubMenu
DrawIconEx
SetWindowTextW
CreateMenu
GetDlgItem
ScreenToClient
TrackPopupMenu
DialogBoxIndirectParamW
GetMenuItemCount
DestroyAcceleratorTable
SetDlgItemInt
SetWindowsHookExW
LoadCursorW
LoadIconW
GetMenuItemID
InsertMenuW
SetForegroundWindow
SetFocus
OpenClipboard
EmptyClipboard
EndPaint
CreateDialogIndirectParamW
GetScrollRange
EndDialog
HideCaret
FindWindowW
GetCapture
MessageBeep
LoadMenuW
RemoveMenu
BeginDeferWindowPos
MessageBoxW
SendMessageW
RegisterClassExW
UnhookWindowsHookEx
MoveWindow
DialogBoxParamW
MessageBoxA
AppendMenuW
DestroyCursor
mouse_event
GetSysColor
SetDlgItemTextW
SetScrollInfo
GetKeyState
EndDeferWindowPos
DestroyIcon
IsWindowVisible
SystemParametersInfoW
GetDC
FrameRect
DeleteMenu
InvalidateRect
CallWindowProcW
GetClassNameW
ModifyMenuW
MonitorFromWindow
DragDetect
CallWindowProcA
GetFocus
wsprintfW
CloseClipboard
SetCursor
SetMenu
TranslateAcceleratorW
GetSaveFileNameW
PrintDlgW
GetOpenFileNameW
ChooseColorW
CoUninitialize
CoInitialize
Number of PE resources by type
RT_ICON 121
RT_GROUP_ICON 75
RT_DIALOG 41
RT_BITMAP 41
RT_GROUP_CURSOR 4
RT_CURSOR 4
RT_MENU 3
RT_MANIFEST 1
RT_STRING 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 292
ExifTool file metadata
SubsystemVersion
4.0

LinkerVersion
8.0

ImageVersion
1.0

FileSubtype
0

FileVersionNumber
6.1.2.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
724992

FileOS
Windows NT 32-bit

MIMEType
application/octet-stream

LegalCopyright
Copyleft 1998-2006 by Don HO

FileVersion
6.12

TimeStamp
2012:04:26 22:06:13+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
npp.exe

ProductVersion
6.12

FileDescription
Notepad++ : a free (GNU) source code editor

OSVersion
4.0

OriginalFilename
Notepad++.exe

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Don HO don.h@free.fr

CodeSize
880640

ProductName
Notepad++

ProductVersionNumber
6.1.2.0

EntryPoint
0xb48f9

ObjectFileType
Executable application

File identification
MD5 eafd3112a13cc2f853b42384480ce895
SHA1 c22b6c23137947bf1c2d9f51e0c9efa3dc3f86c6
SHA256 5b7b349beede01926017bbe5131d511957cc52dbac98b19d3d08a5596c9fcb04
ssdeep
24576:AZ9J6BGb8JQ97qBn4PBIv2C9EhrJGLyC5ClRGVywYdi:oJjeQ97co2ahVGL+RGbYdi

File size 1.5 MB ( 1609728 bytes )
File type Win32 EXE
Magic literal
MS-DOS executable PE for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (42.6%)
Win32 Executable MS Visual C++ (generic) (37.3%)
Win32 Executable Generic (8.4%)
Win32 Dynamic Link Library (generic) (7.5%)
Generic Win/DOS Executable (1.9%)
Tags
peexe

VirusTotal metadata
First submission 2013-02-24 21:56:38 UTC (il y a 1 an, 1 mois)
Last submission 2013-04-15 01:41:45 UTC (il y a 1 an)
Noms du fichier eafd3112a13cc2f853b42384480ce895
npp.exe
test2.exe
Notepad__.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
Aucun commentaire. Aucun membre de la communauté VirusTotal n'a encore commenté cet élément, soyez le premier à le faire !

Laissez votre commentaire...

?
Poster un commentaire

Vous n'êtes pas connecté. Seuls les utilisateurs enregistrés peuvent laisser des commentaires, connectez-vous pour commenter !

Aucun vote. Personne n'a encore voté pour cet élément, soyez le premier à le faire !
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Opened mutexes
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
UDP communications