notepad.exe - Notepad

filename	notepad.exe
size	202240 (0x31600)
md5	423d3ade2f14572c5bd5f546973eb493

type	PE32+ executable (GUI) x86-64, for MS Windows
mimetype	application/x-dosexec

clamav	scan pending
virustotal	→ scan with virustotal.com

histogram

MZ Header

signature	MZ
bytes_in_last_block	0x90
blocks_in_file	3
num_relocs	0
header_paragraphs	4
min_extra_paragraphs	0
max_extra_paragraphs	0xffff
ss	0
sp	0xb8
checksum	0
ip	0
cs	0
reloc_table_offset	0x40
overlay_number	0
reserved0	0
oem_id	0
oem_info	0
reserved2	0
reserved3	0
reserved4	0
reserved5	0
reserved6	0
lfanew	0xf8

Rich Header

lib id	version	times used
147	30729	46
260	27412	10
259	27412	3
257	27412	9
1	0	1324
264	27412	30
261	27412	33
253	27412	1
255	27412	1
258	27412	1

DOS stub

00000000: 0e 1f ba 0e 00 b4 09 cd  21 b8 01 4c cd 21 54 68  |........!..L.!Th|
00000010: 69 73 20 70 72 6f 67 72  61 6d 20 63 61 6e 6e 6f  |is program canno|
00000020: 74 20 62 65 20 72 75 6e  20 69 6e 20 44 4f 53 20  |t be run in DOS |
00000030: 6d 6f 64 65 2e 0d 0d 0a  24 00 00 00 00 00 00 00  |mode....$.......|

PE Header

Signature	PE
Machine	0x8664
NumberOfSections	7
TimeDateStamp	0x86fcbd69
PointerToSymbolTable	0
NumberOfSymbols	0
SizeOfOptionalHeader	0xf0
Characteristics	0x22
Magic	0x20b
LinkerVersion	14.20
SizeOfCode	0x24a00
SizeOfInitializedData	0xe200
SizeOfUninitializedData	0
AddressOfEntryPoint	0x23db0
BaseOfCode	0x1000
ImageBase	0x140000000
SectionAlignment	0x1000
FileAlignment	0x200
OperatingSystemVersion	10.0
ImageVersion	10.0
SubsystemVersion	10.0
Reserved1	0
SizeOfImage	0x38000
SizeOfHeaders	0x400
CheckSum	0x36bb0
Subsystem	2
DllCharacteristics	0xc160
SizeOfStackReserve	0x80000
SizeOfStackCommit	0x11000
SizeOfHeapReserve	0x100000
SizeOfHeapCommit	0x1000
LoaderFlags	0
NumberOfRvaAndSizes	0x10

Packer / Compiler

MS Visual C++ 8.0

Sections

name	va	vsize	raw size	flags
.text	0x1000	0x249f2	0x24a00	R-X CODE
.rdata	0x26000	0x947e	0x9600	R-- IDATA
.data	0x30000	0x27a8	0xe00	RW- IDATA
.pdata	0x33000	0x1128	0x1200	R-- IDATA
.didat	0x35000	0x178	0x200	RW- IDATA
.rsrc	0x36000	0xbd8	0xc00	R-- IDATA
.reloc	0x37000	0x2d4	0x400	R-- IDATA DISCARDABLE

Data Directory

type	va	size
EXPORT	0	0
IMPORT	0x2d288	0x230
RESOURCE	0x36000	0xbd8
EXCEPTION	0x33000	0x1128
SECURITY	0	0
BASERELOC	0x37000	0x2d4
DEBUG	0x2ad50	0x54
ARCHITECTURE	0	0
GLOBALPTR	0	0
TLS	0x267b8	0x28
LOAD_CONFIG	0x266a0	0x118
Bound_IAT	0	0
IAT	0x267e0	0x918
Delay_IAT	0x2cba0	0xe0
CLR_Header	0	0

TLS

raw start	raw end	index	callbks	zero fill	flags
0x14002bb30	0x14002bb38	0x1400312b8	0x1400271b8	0	0x300000

show previews

type	name	size
EDPENLIGHTENEDAPPINFOID	MICROSOFTEDPENLIGHTENEDAPPINFO	2
EDPPERMISSIVEAPPINFOID	MICROSOFTEDPPERMISSIVEAPPINFO	2
MUI	#1	320
VERSION	#1	884
MANIFEST	#1	1199

module_name	hint	ord	function_name
KERNEL32.dll	696		GetProcAddress
KERNEL32.dll	220		CreateMutexExW
KERNEL32.dll	1		AcquireSRWLockShared
KERNEL32.dll	276		DeleteCriticalSection
KERNEL32.dll	545		GetCurrentProcessId
KERNEL32.dll	702		GetProcessHeap
KERNEL32.dll	641		GetModuleHandleW
KERNEL32.dll	266		DebugBreak
KERNEL32.dll	901		IsDebuggerPresent
KERNEL32.dll	832		GlobalFree
KERNEL32.dll	622		GetLocaleInfoW
KERNEL32.dll	206		CreateFileW
KERNEL32.dll	1145		ReadFile
KERNEL32.dll	1013		MulDiv
KERNEL32.dll	544		GetCurrentProcess
KERNEL32.dll	480		GetCommandLineW
KERNEL32.dll	857		HeapSetInformation
KERNEL32.dll	436		FreeLibrary
KERNEL32.dll	393		FindFirstFileW
KERNEL32.dll	382		FindClose
KERNEL32.dll	157		CompareStringOrdinal
KERNEL32.dll	977		LocalAlloc
KERNEL32.dll	982		LocalFree
KERNEL32.dll	429		FoldStringW
KERNEL32.dll	637		GetModuleFileNameW
KERNEL32.dll	801		GetUserDefaultUILanguage
KERNEL32.dll	619		GetLocalTime
KERNEL32.dll	555		GetDateFormatW
KERNEL32.dll	790		GetTimeFormatW
KERNEL32.dll	1553		WideCharToMultiByte
KERNEL32.dll	1573		WriteFile
KERNEL32.dll	591		GetFileAttributesW
KERNEL32.dll	984		LocalLock
KERNEL32.dll	443		GetACP
KERNEL32.dll	989		LocalUnlock
KERNEL32.dll	281		DeleteFileW
KERNEL32.dll	1312		SetEndOfFile
KERNEL32.dll	588		GetFileAttributesExW
KERNEL32.dll	593		GetFileInformationByHandle
KERNEL32.dll	203		CreateFileMappingW
KERNEL32.dll	997		MapViewOfFile
KERNEL32.dll	1014		MultiByteToWideChar
KERNEL32.dll	985		LocalReAlloc
KERNEL32.dll	1475		UnmapViewOfFile
KERNEL32.dll	611		GetFullPathNameW
KERNEL32.dll	987		LocalSize
KERNEL32.dll	730		GetStartupInfoW
KERNEL32.dll	1610		lstrcmpiW
KERNEL32.dll	400		FindNLSString
KERNEL32.dll	836		GlobalLock
KERNEL32.dll	843		GlobalUnlock
KERNEL32.dll	825		GlobalAlloc
KERNEL32.dll	562		GetDiskFreeSpaceExW
KERNEL32.dll	189		CreateDirectoryW
KERNEL32.dll	1193		RegisterApplicationRestart
KERNEL32.dll	238		CreateSemaphoreExW
KERNEL32.dll	249		CreateThreadpoolTimer
KERNEL32.dll	1209		ReleaseSRWLockShared
KERNEL32.dll	1400		SetThreadpoolTimer
KERNEL32.dll	137		CloseHandle
KERNEL32.dll	1046		OpenSemaphoreW
KERNEL32.dll	1515		WaitForSingleObjectEx
KERNEL32.dll			AcquireSRWLockExclusive
KERNEL32.dll	147		CloseThreadpoolTimer
KERNEL32.dll	1054		OutputDebugStringW
KERNEL32.dll	1208		ReleaseSRWLockExclusive
KERNEL32.dll	618		GetLastError
KERNEL32.dll	432		FormatMessageW
KERNEL32.dll	1206		ReleaseMutex
KERNEL32.dll	549		GetCurrentThreadId
KERNEL32.dll	1514		WaitForSingleObject
KERNEL32.dll	1517		WaitForThreadpoolTimerCallbacks
KERNEL32.dll	876		InitializeCriticalSectionEx
KERNEL32.dll	964		LeaveCriticalSection
KERNEL32.dll	640		GetModuleHandleExW
KERNEL32.dll	1210		ReleaseSemaphore
KERNEL32.dll	312		EnterCriticalSection
KERNEL32.dll	1345		SetLastError
KERNEL32.dll	849		HeapAlloc
KERNEL32.dll	853		HeapFree
KERNEL32.dll	1231		ResolveDelayLoadedAPI
KERNEL32.dll	273		DelayLoadFailureHook
KERNEL32.dll	636		GetModuleFileNameA
GDI32.dll	52		CreateDCW
GDI32.dll	927		StartPage
GDI32.dll	925		StartDocW
GDI32.dll	870		SetAbortProc
GDI32.dll	384		DeleteDC
GDI32.dll	398		EndDoc
GDI32.dll			AbortDoc
GDI32.dll	401		EndPage
GDI32.dll	727		GetTextMetricsW
GDI32.dll	876		SetBkMode
GDI32.dll	743		LPtoDP
GDI32.dll	921		SetWindowExtEx
GDI32.dll	917		SetViewportExtEx
GDI32.dll	897		SetMapMode
GDI32.dll	719		GetTextExtentPoint32W
GDI32.dll	934		TextOutW
GDI32.dll	455		EnumFontsW
GDI32.dll	725		GetTextFaceW
GDI32.dll	868		SelectObject
GDI32.dll	387		DeleteObject
GDI32.dll	67		CreateFontIndirectW
GDI32.dll	635		GetDeviceCaps
USER32.dll	343		GetFocus
USER32.dll	687		PostMessageW
USER32.dll	375		GetMenu
USER32.dll	67		CheckMenuItem
USER32.dll	450		GetSubMenu
USER32.dll	233		EnableMenuItem
USER32.dll	909		ShowWindow
USER32.dll	322		GetDC
USER32.dll	764		ReleaseDC
USER32.dll	808		SetCursor
USER32.dll	340		GetDpiForWindow
USER32.dll	795		SetActiveWindow
USER32.dll	615		LoadStringW
USER32.dll	167		DefWindowProcW
USER32.dll	565		IsIconic
USER32.dll	823		SetFocus
USER32.dll	688		PostQuitMessage
USER32.dll	181		DestroyWindow
USER32.dll	644		MessageBeep
USER32.dll	344		GetForegroundWindow
USER32.dll	331		GetDlgCtrlID
USER32.dll	891		SetWindowPos
USER32.dll	730		RedrawWindow
USER32.dll	361		GetKeyboardLayout
USER32.dll	52		CharNextW
USER32.dll	879		SetWinEventHook
USER32.dll	393		GetMessageW
USER32.dll	939		TranslateAcceleratorW
USER32.dll	561		IsDialogMessageW
USER32.dll	941		TranslateMessage
USER32.dll	189		DispatchMessageW
USER32.dll	944		UnhookWinEvent
USER32.dll	896		SetWindowTextW
USER32.dll	669		OpenClipboard
USER32.dll	558		IsClipboardFormatAvailable
USER32.dll	79		CloseClipboard
USER32.dll	820		SetDlgItemTextW
USER32.dll	335		GetDlgItemTextW
USER32.dll	242		EndDialog
USER32.dll	783		SendDlgItemMessageW
USER32.dll	861		SetScrollPos
USER32.dll	546		InvalidateRect
USER32.dll	967		UpdateWindow
USER32.dll	494		GetWindowPlacement
USER32.dll	890		SetWindowPlacement
USER32.dll	63		CharUpperW
USER32.dll	454		GetSystemMenu
USER32.dll	594		LoadAcceleratorsW
USER32.dll	889		SetWindowLongW
USER32.dll	118		CreateWindowExW
USER32.dll	657		MonitorFromWindow
USER32.dll	762		RegisterWindowMessageW
USER32.dll	600		LoadCursorW
USER32.dll	734		RegisterClassExW
USER32.dll	502		GetWindowTextLengthW
USER32.dll	489		GetWindowLongW
USER32.dll	683		PeekMessageW
USER32.dll	503		GetWindowTextW
USER32.dll	239		EnableWindow
USER32.dll	106		CreateDialogParamW
USER32.dll	221		DrawTextExW
USER32.dll	602		LoadIconW
USER32.dll	604		LoadImageW
USER32.dll	186		DialogBoxParamW
USER32.dll	872		SetThreadDpiAwarenessContext
USER32.dll	792		SendMessageW
USER32.dll	658		MoveWindow
USER32.dll	307		GetClientRect
USER32.dll	652		MessageBoxW
api-ms-win-crt-string-l1-1-0.dll	131		memset
api-ms-win-crt-string-l1-1-0.dll	169		wcsnlen
api-ms-win-crt-string-l1-1-0.dll	158		wcscmp
api-ms-win-crt-runtime-l1-1-0.dll	21		_c_exit
api-ms-win-crt-runtime-l1-1-0.dll	61		_register_thread_local_exe_atexit_callback
api-ms-win-crt-runtime-l1-1-0.dll	55		_initterm_e
api-ms-win-crt-runtime-l1-1-0.dll	54		_initterm
api-ms-win-crt-private-l1-1-0.dll	145		_o__callnewh
api-ms-win-crt-private-l1-1-0.dll	147		_o__cexit
api-ms-win-crt-private-l1-1-0.dll	159		_o__configthreadlocale
api-ms-win-crt-private-l1-1-0.dll	161		_o__configure_wide_argv
api-ms-win-crt-private-l1-1-0.dll	167		_o__crt_atexit
api-ms-win-crt-private-l1-1-0.dll	192		_o__errno
api-ms-win-crt-private-l1-1-0.dll	199		_o__exit
api-ms-win-crt-private-l1-1-0.dll	281		_o__get_wide_winmain_command_line
api-ms-win-crt-private-l1-1-0.dll	317		_o__initialize_onexit_table
api-ms-win-crt-private-l1-1-0.dll	318		_o__initialize_wide_environment
api-ms-win-crt-private-l1-1-0.dll	319		_o__invalid_parameter_noinfo
api-ms-win-crt-private-l1-1-0.dll	579		_o__purecall
api-ms-win-crt-private-l1-1-0.dll	593		_o__register_onexit_function
api-ms-win-crt-private-l1-1-0.dll	602		_o__seh_filter_exe
api-ms-win-crt-private-l1-1-0.dll	604		_o__set_app_type
api-ms-win-crt-private-l1-1-0.dll	607		_o__set_fmode
api-ms-win-crt-private-l1-1-0.dll	610		_o__set_new_mode
api-ms-win-crt-private-l1-1-0.dll	717		_o__wcsicmp
api-ms-win-crt-private-l1-1-0.dll	823		_o__wtol
api-ms-win-crt-private-l1-1-0.dll	877		_o_exit
api-ms-win-crt-private-l1-1-0.dll	908		_o_free
api-ms-win-crt-private-l1-1-0.dll	944		_o_iswdigit
api-ms-win-crt-private-l1-1-0.dll	983		_o_malloc
api-ms-win-crt-private-l1-1-0.dll	1077		_o_terminate
api-ms-win-crt-private-l1-1-0.dll	1084		_o_toupper
api-ms-win-crt-private-l1-1-0.dll	42		__std_terminate
api-ms-win-crt-private-l1-1-0.dll	18		__CxxFrameHandler3
api-ms-win-crt-private-l1-1-0.dll	1		_CxxThrowException
api-ms-win-crt-private-l1-1-0.dll	95		_o___std_exception_destroy
api-ms-win-crt-private-l1-1-0.dll	94		_o___std_exception_copy
api-ms-win-crt-private-l1-1-0.dll	12		__C_specific_handler
api-ms-win-crt-private-l1-1-0.dll	112		_o___stdio_common_vswprintf
api-ms-win-crt-private-l1-1-0.dll	1121		memcmp
api-ms-win-crt-private-l1-1-0.dll	83		_o___p__commode
api-ms-win-crt-private-l1-1-0.dll	1122		memcpy
api-ms-win-crt-private-l1-1-0.dll	1123		memmove
api-ms-win-core-com-l1-1-0.dll	7		CoCreateFreeThreadedMarshaler
api-ms-win-core-com-l1-1-0.dll	73		CoWaitForMultipleHandles
api-ms-win-core-com-l1-1-0.dll	80		PropVariantClear
api-ms-win-core-com-l1-1-0.dll	67		CoTaskMemFree
api-ms-win-core-com-l1-1-0.dll	66		CoTaskMemAlloc
api-ms-win-core-com-l1-1-0.dll	9		CoCreateInstance
api-ms-win-core-com-l1-1-0.dll	40		CoInitializeEx
api-ms-win-core-com-l1-1-0.dll	8		CoCreateGuid
api-ms-win-core-com-l1-1-0.dll	70		CoUninitialize
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	20		PathFileExistsW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	22		PathFindExtensionW
api-ms-win-core-shlwapi-legacy-l1-1-0.dll	34		PathIsFileSpecW
api-ms-win-shcore-obsolete-l1-1-0.dll	2		SHStrDupW
api-ms-win-shcore-path-l1-1-0.dll		170
api-ms-win-shcore-scaling-l1-1-1.dll			GetDpiForMonitor
api-ms-win-core-rtlsupport-l1-1-0.dll	1576		RtlVirtualUnwind
api-ms-win-core-rtlsupport-l1-1-0.dll	755		RtlCaptureContext
api-ms-win-core-rtlsupport-l1-1-0.dll	1257		RtlLookupFunctionEntry
api-ms-win-core-errorhandling-l1-1-0.dll	7		RaiseException
api-ms-win-core-errorhandling-l1-1-0.dll	15		SetUnhandledExceptionFilter
api-ms-win-core-errorhandling-l1-1-0.dll	17		UnhandledExceptionFilter
api-ms-win-core-processthreads-l1-1-0.dll	79		TerminateProcess
api-ms-win-core-processthreads-l1-1-1.dll	27		GetProcessMitigationPolicy
api-ms-win-core-processthreads-l1-1-1.dll	47		IsProcessorFeaturePresent
api-ms-win-core-synch-l1-1-0.dll	25		InitializeCriticalSectionAndSpinCount
api-ms-win-core-synch-l1-1-0.dll	41		SetEvent
api-ms-win-core-synch-l1-1-0.dll	39		ResetEvent
api-ms-win-core-synch-l1-1-0.dll	5		CreateEventExW
api-ms-win-core-synch-l1-1-0.dll	6		CreateEventW
api-ms-win-core-profile-l1-1-0.dll			QueryPerformanceCounter
api-ms-win-core-sysinfo-l1-1-0.dll	26		GetTickCount
api-ms-win-core-sysinfo-l1-1-0.dll	22		GetSystemTimeAsFileTime
api-ms-win-core-interlocked-l1-1-0.dll			InitializeSListHead
api-ms-win-core-libraryloader-l1-2-0.dll	24		LoadLibraryExW
api-ms-win-core-winrt-string-l1-1-0.dll	12		WindowsDeleteString
api-ms-win-core-winrt-string-l1-1-0.dll	11		WindowsCreateStringReference
api-ms-win-core-winrt-string-l1-1-0.dll	16		WindowsGetStringRawBuffer
api-ms-win-core-winrt-string-l1-1-0.dll	10		WindowsCreateString
api-ms-win-core-winrt-error-l1-1-0.dll	18		SetRestrictedErrorInfo
api-ms-win-core-winrt-l1-1-0.dll	3		RoInitialize
api-ms-win-core-winrt-l1-1-0.dll	1		RoGetActivationFactory
api-ms-win-core-winrt-l1-1-0.dll	7		RoUninitialize
api-ms-win-core-winrt-error-l1-1-1.dll	6		RoGetMatchingRestrictedErrorInfo
api-ms-win-eventing-provider-l1-1-0.dll	2		EventProviderEnabled
api-ms-win-core-synch-l1-2-0.dll	45		Sleep
COMCTL32.dll	12		CreateStatusWindowW
COMCTL32.dll		345

StringTable 040904B0

CompanyName	Microsoft Corporation
FileDescription	Notepad
FileVersion	10.0.19041.746 (WinBuild.160101.0800)
InternalName	Notepad
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	NOTEPAD.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	10.0.19041.746

VS_FIXEDFILEINFO

FileVersion	10.0.19041.746
ProductVersion	10.0.19041.746
StrucVersion	0x10000
FileFlagsMask	0x3f
FileFlags	0
FileOS	0x40004
FileType	1
FileSubtype	0

show previews

offset	size	type	comment
15c1	15	HTM		#
15d0	196656	BIN	overlay data past EOF	#

offset:( 0x )size:( 0x )hotkeys:-=[]<>, offset/size fields are also editable

Please donate some bucks to keep this site up and running:
Ko-fi	Support Me on Ko-fi
Yandex.Money
Thank you!

[?] can't find file_offset of VA 0x312b8

notepad.exe-

MZ Header

Rich Header

DOS stub

PE Header

Packer / Compiler

Sections

Data Directory

TLS

StringTable 040904B0

VS_FIXEDFILEINFO

notepad.exe
-