notepad.exe - Notepad

filename	notepad.exe
size	352256 (0x56000)
md5	3acd46e57d62c79da122ad9d4456915e

type	PE32+ executable (GUI) x86-64, for MS Windows
mimetype	application/x-dosexec

clamav	scan pending
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xf0

Rich Header

lib id	version	times used
147	30729	44
260	29395	10
259	29395	4
261	29395	31
257	29395	9
1	0	1364
264	29395	27
253	29395	1
255	29395	1
258	29395	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x8664
NumberOfSections	7
TimeDateStamp	0xd51c38ae
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xf0
Characteristics	0x22
Magic	0x20b
LinkerVersion	14.28
SizeOfCode	0x27000
SizeOfInitializedData	0x30000
SizeOfUninitializedData	0
AddressOfEntryPoint	0x1b60
BaseOfCode	0x1000
ImageBase	0x140000000
SectionAlignment	0x1000
FileAlignment	0x1000
OperatingSystemVersion	10.0
ImageVersion	10.0
SubsystemVersion	10.0
Reserved1	0
SizeOfImage	0x58000
SizeOfHeaders	0x1000
CheckSum	0x573b3
Subsystem	2
DllCharacteristics	0xc160
SizeOfStackReserve	0x80000
SizeOfStackCommit	0x11000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ 8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x26332	0x27000	R-X CODE
.rdata	0x28000	0x989a	0xa000	R-- IDATA
.data	0x32000	0x26a0	0x1000	RW- IDATA
.pdata	0x35000	0x13f8	0x2000	R-- IDATA
.didat	0x37000	0x188	0x1000	RW- IDATA
.rsrc	0x38000	0x1e1d0	0x1f000	R-- IDATA
.reloc	0x57000	0x31c	0x1000	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x2f580	0x208
RESOURCE	0x38000	0x1e1d0
EXCEPTION	0x35000	0x13f8
SECURITY	0	0
BASERELOC	0x57000	0x31c
DEBUG	0x2d170	0x54
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0	0
LOAD_CONFIG	0x28790	0x138
Bound_IAT	0	0
IAT	0x288c8	0x990
Delay_IAT	0x2ee50	0xe0
CLR_Header	0	0

show previews

type	name	size
EDPENLIGHTENEDAPPINFOID	MICROSOFTEDPENLIGHTENEDAPPINFO	2
EDPPERMISSIVEAPPINFOID	MICROSOFTEDPPERMISSIVEAPPINFO	2
MUI	#1	320
ICON	#1	1640
ICON	#2	744
ICON	#3	488
ICON	#4	296
ICON	#5	3752
ICON	#6	2216
ICON	#7	1736
ICON	#8	1384
ICON	#9	72024
ICON	#10	9640
ICON	#11	4264
ICON	#12	2440
ICON	#13	1128
ICON	#14	2632
ICON	#15	1800
ICON	#16	1192
ICON	#17	2632
ICON	#18	1800
ICON	#19	1192
ICON	#20	2632
ICON	#21	1800
ICON	#22	1192
GROUP_ICON	#2	188
GROUP_ICON	#300	48
GROUP_ICON	#301	48
GROUP_ICON	#302	48
VERSION	#1	884
MANIFEST	#1	1252

module_name	hint	ord	function_name
KERNEL32.dll	1340		SetEvent
KERNEL32.dll	850		GlobalFree
KERNEL32.dll	632		GetLocaleInfoW
KERNEL32.dll	211		CreateFileW
KERNEL32.dll	1164		ReadFile
KERNEL32.dll	452		GetACP
KERNEL32.dll	554		GetCurrentProcess
KERNEL32.dll	489		GetCommandLineW
KERNEL32.dll	875		HeapSetInformation
KERNEL32.dll	1000		LocalFree
KERNEL32.dll	995		LocalAlloc
KERNEL32.dll	402		FindFirstFileW
KERNEL32.dll	391		FindClose
KERNEL32.dll	438		FoldStringW
KERNEL32.dll	956		K32GetModuleFileNameExW
KERNEL32.dll	648		GetModuleFileNameW
KERNEL32.dll	819		GetUserDefaultUILanguage
KERNEL32.dll	629		GetLocalTime
KERNEL32.dll	565		GetDateFormatW
KERNEL32.dll	808		GetTimeFormatW
KERNEL32.dll	1577		WideCharToMultiByte
KERNEL32.dll	1597		WriteFile
KERNEL32.dll	601		GetFileAttributesW
KERNEL32.dll	1002		LocalLock
KERNEL32.dll	198		CreateEventExW
KERNEL32.dll	288		DeleteFileW
KERNEL32.dll	1334		SetEndOfFile
KERNEL32.dll	598		GetFileAttributesExW
KERNEL32.dll	603		GetFileInformationByHandle
KERNEL32.dll	208		CreateFileMappingW
KERNEL32.dll	1015		MapViewOfFile
KERNEL32.dll	1032		MultiByteToWideChar
KERNEL32.dll	1003		LocalReAlloc
KERNEL32.dll	1499		UnmapViewOfFile
KERNEL32.dll	621		GetFullPathNameW
KERNEL32.dll	1005		LocalSize
KERNEL32.dll	744		GetStartupInfoW
KERNEL32.dll	1634		lstrcmpiW
KERNEL32.dll	409		FindNLSString
KERNEL32.dll	854		GlobalLock
KERNEL32.dll	861		GlobalUnlock
KERNEL32.dll	843		GlobalAlloc
KERNEL32.dll	1327		SetCurrentDirectoryW
KERNEL32.dll	572		GetDiskFreeSpaceExW
KERNEL32.dll	194		CreateDirectoryW
KERNEL32.dll	1212		RegisterApplicationRestart
KERNEL32.dll	547		GetCurrentDirectoryW
KERNEL32.dll	238		CreateProcessW
KERNEL32.dll	1538		WaitForSingleObject
KERNEL32.dll	1147		RaiseException
KERNEL32.dll	1031		MulDiv
KERNEL32.dll	919		IsDebuggerPresent
KERNEL32.dll	273		DebugBreak
KERNEL32.dll	652		GetModuleHandleW
KERNEL32.dll	715		GetProcessHeap
KERNEL32.dll	555		GetCurrentProcessId
KERNEL32.dll	283		DeleteCriticalSection
KERNEL32.dll	1		AcquireSRWLockShared
KERNEL32.dll	225		CreateMutexExW
KERNEL32.dll	708		GetProcAddress
KERNEL32.dll	867		HeapAlloc
KERNEL32.dll	255		CreateThreadpoolTimer
KERNEL32.dll	1229		ReleaseSRWLockShared
KERNEL32.dll	1424		SetThreadpoolTimer
KERNEL32.dll	142		CloseHandle
KERNEL32.dll	1064		OpenSemaphoreW
KERNEL32.dll	1539		WaitForSingleObjectEx
KERNEL32.dll			AcquireSRWLockExclusive
KERNEL32.dll	152		CloseThreadpoolTimer
KERNEL32.dll	1072		OutputDebugStringW
KERNEL32.dll	1228		ReleaseSRWLockExclusive
KERNEL32.dll	628		GetLastError
KERNEL32.dll	441		FormatMessageW
KERNEL32.dll	559		GetCurrentThreadId
KERNEL32.dll	1225		ReleaseMutex
KERNEL32.dll	1541		WaitForThreadpoolTimerCallbacks
KERNEL32.dll	894		InitializeCriticalSectionEx
KERNEL32.dll	982		LeaveCriticalSection
KERNEL32.dll	651		GetModuleHandleExW
KERNEL32.dll	1230		ReleaseSemaphore
KERNEL32.dll	321		EnterCriticalSection
KERNEL32.dll	1367		SetLastError
KERNEL32.dll	871		HeapFree
KERNEL32.dll	647		GetModuleFileNameA
KERNEL32.dll	244		CreateSemaphoreExW
KERNEL32.dll	1007		LocalUnlock
KERNEL32.dll	1251		ResolveDelayLoadedAPI
KERNEL32.dll	280		DelayLoadFailureHook
GDI32.dll	52		CreateDCW
GDI32.dll	934		StartPage
GDI32.dll	932		StartDocW
GDI32.dll	877		SetAbortProc
GDI32.dll	402		EndDoc
GDI32.dll			AbortDoc
GDI32.dll	405		EndPage
GDI32.dll	734		GetTextMetricsW
GDI32.dll	883		SetBkMode
GDI32.dll	750		LPtoDP
GDI32.dll	928		SetWindowExtEx
GDI32.dll	924		SetViewportExtEx
GDI32.dll	904		SetMapMode
GDI32.dll	941		TextOutW
GDI32.dll	459		EnumFontsW
GDI32.dll	732		GetTextFaceW
GDI32.dll	642		GetDeviceCaps
GDI32.dll	389		DeleteDC
GDI32.dll	392		DeleteObject
GDI32.dll	882		SetBkColor
GDI32.dll	90		CreateSolidBrush
GDI32.dll	726		GetTextExtentPoint32W
GDI32.dll	875		SelectObject
GDI32.dll	49		CreateCompatibleDC
GDI32.dll	67		CreateFontIndirectW
USER32.dll	272		FillRect
USER32.dll	222		DrawTextW
USER32.dll	210		DrawFocusRect
USER32.dll	167		DefWindowProcW
USER32.dll	939		TrackMouseEvent
USER32.dll	547		InvalidateRect
USER32.dll	177		DestroyIcon
USER32.dll	875		SetThreadDpiAwarenessContext
USER32.dll	186		DialogBoxParamW
USER32.dll	602		LoadIconW
USER32.dll	344		GetFocus
USER32.dll	650		MessageBoxW
USER32.dll	914		ShowWindow
USER32.dll	808		SetCursor
USER32.dll	795		SetActiveWindow
USER32.dll	233		EnableMenuItem
USER32.dll	566		IsIconic
USER32.dll	823		SetFocus
USER32.dll	642		MessageBeep
USER32.dll	345		GetForegroundWindow
USER32.dll	332		GetDlgCtrlID
USER32.dll	894		SetWindowPos
USER32.dll	730		RedrawWindow
USER32.dll	362		GetKeyboardLayout
USER32.dll	52		CharNextW
USER32.dll	882		SetWinEventHook
USER32.dll	394		GetMessageW
USER32.dll	944		TranslateAcceleratorW
USER32.dll	562		IsDialogMessageW
USER32.dll	946		TranslateMessage
USER32.dll	189		DispatchMessageW
USER32.dll	949		UnhookWinEvent
USER32.dll	899		SetWindowTextW
USER32.dll	376		GetMenu
USER32.dll	451		GetSubMenu
USER32.dll	667		OpenClipboard
USER32.dll	559		IsClipboardFormatAvailable
USER32.dll	79		CloseClipboard
USER32.dll	67		CheckMenuItem
USER32.dll	820		SetDlgItemTextW
USER32.dll	336		GetDlgItemTextW
USER32.dll	242		EndDialog
USER32.dll	783		SendDlgItemMessageW
USER32.dll	863		SetScrollPos
USER32.dll	972		UpdateWindow
USER32.dll	495		GetWindowPlacement
USER32.dll	893		SetWindowPlacement
USER32.dll	63		CharUpperW
USER32.dll	455		GetSystemMenu
USER32.dll	594		LoadAcceleratorsW
USER32.dll	892		SetWindowLongW
USER32.dll	655		MonitorFromWindow
USER32.dll	762		RegisterWindowMessageW
USER32.dll	600		LoadCursorW
USER32.dll	604		LoadImageW
USER32.dll	503		GetWindowTextLengthW
USER32.dll	490		GetWindowLongW
USER32.dll	681		PeekMessageW
USER32.dll	504		GetWindowTextW
USER32.dll	239		EnableWindow
USER32.dll	106		CreateDialogParamW
USER32.dll	221		DrawTextExW
USER32.dll	307		GetClientRect
USER32.dll	181		DestroyWindow
USER32.dll	341		GetDpiForWindow
USER32.dll	17		BeginPaint
USER32.dll	686		PostQuitMessage
USER32.dll	118		CreateWindowExW
USER32.dll	734		RegisterClassExW
USER32.dll	615		LoadStringW
USER32.dll	929		SystemParametersInfoForDpi
USER32.dll	792		SendMessageW
USER32.dll	656		MoveWindow
USER32.dll	322		GetDC
USER32.dll	764		ReleaseDC
USER32.dll	244		EndPaint
USER32.dll	685		PostMessageW
api-ms-win-crt-string-l1-1-0.dll	131		memset
api-ms-win-crt-string-l1-1-0.dll	158		wcscmp
api-ms-win-crt-string-l1-1-0.dll	169		wcsnlen
api-ms-win-crt-runtime-l1-1-0.dll	54		_initterm
api-ms-win-crt-runtime-l1-1-0.dll	55		_initterm_e
api-ms-win-crt-runtime-l1-1-0.dll	21		_c_exit
api-ms-win-crt-runtime-l1-1-0.dll	61		_register_thread_local_exe_atexit_callback
api-ms-win-crt-private-l1-1-0.dll	143		_o__beginthreadex
api-ms-win-crt-private-l1-1-0.dll	145		_o__callnewh
api-ms-win-crt-private-l1-1-0.dll	147		_o__cexit
api-ms-win-crt-private-l1-1-0.dll	159		_o__configthreadlocale
api-ms-win-crt-private-l1-1-0.dll	161		_o__configure_wide_argv
api-ms-win-crt-private-l1-1-0.dll	167		_o__crt_atexit
api-ms-win-crt-private-l1-1-0.dll	192		_o__errno
api-ms-win-crt-private-l1-1-0.dll	199		_o__exit
api-ms-win-crt-private-l1-1-0.dll	281		_o__get_wide_winmain_command_line
api-ms-win-crt-private-l1-1-0.dll	317		_o__initialize_onexit_table
api-ms-win-crt-private-l1-1-0.dll	318		_o__initialize_wide_environment
api-ms-win-crt-private-l1-1-0.dll	319		_o__invalid_parameter_noinfo
api-ms-win-crt-private-l1-1-0.dll	579		_o__purecall
api-ms-win-crt-private-l1-1-0.dll	593		_o__register_onexit_function
api-ms-win-crt-private-l1-1-0.dll	602		_o__seh_filter_exe
api-ms-win-crt-private-l1-1-0.dll	604		_o__set_app_type
api-ms-win-crt-private-l1-1-0.dll	607		_o__set_fmode
api-ms-win-crt-private-l1-1-0.dll	610		_o__set_new_mode
api-ms-win-crt-private-l1-1-0.dll	717		_o__wcsicmp
api-ms-win-crt-private-l1-1-0.dll	823		_o__wtol
api-ms-win-crt-private-l1-1-0.dll	877		_o_exit
api-ms-win-crt-private-l1-1-0.dll	909		_o_free
api-ms-win-crt-private-l1-1-0.dll	945		_o_iswdigit
api-ms-win-crt-private-l1-1-0.dll	984		_o_malloc
api-ms-win-crt-private-l1-1-0.dll	1078		_o_terminate
api-ms-win-crt-private-l1-1-0.dll	18		__CxxFrameHandler3
api-ms-win-crt-private-l1-1-0.dll	32		__current_exception
api-ms-win-crt-private-l1-1-0.dll	33		__current_exception_context
api-ms-win-crt-private-l1-1-0.dll	1		_CxxThrowException
api-ms-win-crt-private-l1-1-0.dll	112		_o___stdio_common_vswprintf
api-ms-win-crt-private-l1-1-0.dll	1131		wcschr
api-ms-win-crt-private-l1-1-0.dll	12		__C_specific_handler
api-ms-win-crt-private-l1-1-0.dll	95		_o___std_exception_destroy
api-ms-win-crt-private-l1-1-0.dll	94		_o___std_exception_copy
api-ms-win-crt-private-l1-1-0.dll	83		_o___p__commode
api-ms-win-crt-private-l1-1-0.dll	1122		memcmp
api-ms-win-crt-private-l1-1-0.dll	1123		memcpy
api-ms-win-crt-private-l1-1-0.dll	1124		memmove
api-ms-win-core-com-l1-1-0.dll	66		CoTaskMemAlloc
api-ms-win-core-com-l1-1-0.dll	73		CoWaitForMultipleHandles
api-ms-win-core-com-l1-1-0.dll	7		CoCreateFreeThreadedMarshaler
api-ms-win-core-com-l1-1-0.dll	9		CoCreateInstance
api-ms-win-core-com-l1-1-0.dll	40		CoInitializeEx
api-ms-win-core-com-l1-1-0.dll	70		CoUninitialize
api-ms-win-core-com-l1-1-0.dll	8		CoCreateGuid
api-ms-win-core-com-l1-1-0.dll	67		CoTaskMemFree
api-ms-win-core-com-l1-1-0.dll	80		PropVariantClear
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	34		PathIsFileSpecW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	22		PathFindExtensionW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	20		PathFileExistsW
api-ms-win-core-winrt-string-l1-1-0.dll	10		WindowsCreateString
api-ms-win-core-winrt-string-l1-1-0.dll	12		WindowsDeleteString
api-ms-win-core-winrt-string-l1-1-0.dll	11		WindowsCreateStringReference
api-ms-win-core-winrt-string-l1-1-0.dll	16		WindowsGetStringRawBuffer
api-ms-win-core-winrt-l1-1-0.dll	1		RoGetActivationFactory
api-ms-win-shcore-obsolete-l1-1-0.dll	2		SHStrDupW
api-ms-win-shcore-path-l1-1-0.dll		170
api-ms-win-shcore-scaling-l1-1-1.dll			GetDpiForMonitor
api-ms-win-core-rtlsupport-l1-1-0.dll	768		RtlCaptureContext
api-ms-win-core-rtlsupport-l1-1-0.dll	1281		RtlLookupFunctionEntry
api-ms-win-core-rtlsupport-l1-1-0.dll	1605		RtlVirtualUnwind
api-ms-win-core-errorhandling-l1-1-0.dll	17		UnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-0.dll	15		SetUnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0.dll	85		TerminateProcess
api-ms-win-core-processthreads-l1-1-1.dll	29		GetProcessMitigationPolicy
api-ms-win-core-processthreads-l1-1-1.dll	50		IsProcessorFeaturePresent
api-ms-win-core-profile-l1-1-0.dll			QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll	22		GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0.dll			InitializeSListHead
api-ms-win-core-libraryloader-l1-2-0.dll	13		FreeLibrary
api-ms-win-core-winrt-error-l1-1-0.dll	18		SetRestrictedErrorInfo
api-ms-win-core-string-l1-1-0.dll	1		CompareStringOrdinal
api-ms-win-core-winrt-error-l1-1-1.dll	6		RoGetMatchingRestrictedErrorInfo
COMCTL32.dll	114		ImageList_SetBkColor
COMCTL32.dll	12		CreateStatusWindowW
COMCTL32.dll		345
COMCTL32.dll	85		ImageList_Destroy
COMCTL32.dll		413
COMCTL32.dll	100		ImageList_GetIconSize
COMCTL32.dll	91		ImageList_Draw
COMCTL32.dll		410
COMCTL32.dll	112		ImageList_ReplaceIcon
COMCTL32.dll		381
COMCTL32.dll	84		ImageList_Create

StringTable 040904B0

CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion	10.0.22000.2360 (WinBuild.160101.0800)
InternalName	Notepad
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	NOTEPAD.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	10.0.22000.2360

VS_FIXEDFILEINFO

FileVersion	10.0.22000.2360
ProductVersion	10.0.22000.2360
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

show previews

offset	size	type	comment
15c1	15	HTM		#
39c48	72024	PNG	(256 x 256)	#
4b5a0	43616	BIN	overlay data past EOF	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi	Support Me on Ko-fi
Yandex.Money
Thank you!

[?] ignoring invalid PEdump::BITMAPINFOHEADER

notepad.exe-

MZ Header

Rich Header

DOS stub

PE Header

Packer / Compiler

Sections

Data Directory

StringTable 040904B0

VS_FIXEDFILEINFO

notepad.exe
-