| filename | notepad.exe | |
|---|---|---|
| size | 202240 (0x31600) | |
| md5 | 423d3ade2f14572c5bd5f546973eb493 | |
| type | PE32+ executable (GUI) x86-64, for MS Windows | |
| mimetype | application/x-dosexec | |
| clamav | scan pending | |
| virustotal | → scan with virustotal.com | |
| histogram | ||
MZ Header
| signature | MZ |
| bytes_in_last_block | 0x90 |
| blocks_in_file | 3 |
| num_relocs | 0 |
| header_paragraphs | 4 |
| min_extra_paragraphs | 0 |
| max_extra_paragraphs | 0xffff |
| ss | 0 |
| sp | 0xb8 |
| checksum | 0 |
| ip | 0 |
| cs | 0 |
| reloc_table_offset | 0x40 |
| overlay_number | 0 |
| reserved0 | 0 |
| oem_id | 0 |
| oem_info | 0 |
| reserved2 | 0 |
| reserved3 | 0 |
| reserved4 | 0 |
| reserved5 | 0 |
| reserved6 | 0 |
| lfanew | 0xf8 |
Rich Header
| lib id | version | times used |
|---|---|---|
| 147 | 30729 | 46 |
| 260 | 27412 | 10 |
| 259 | 27412 | 3 |
| 257 | 27412 | 9 |
| 1 | 0 | 1324 |
| 264 | 27412 | 30 |
| 261 | 27412 | 33 |
| 253 | 27412 | 1 |
| 255 | 27412 | 1 |
| 258 | 27412 | 1 |
DOS stub
00000000: 0e 1f ba 0e 00 b4 09 cd 21 b8 01 4c cd 21 54 68 |........!..L.!Th| 00000010: 69 73 20 70 72 6f 67 72 61 6d 20 63 61 6e 6e 6f |is program canno| 00000020: 74 20 62 65 20 72 75 6e 20 69 6e 20 44 4f 53 20 |t be run in DOS | 00000030: 6d 6f 64 65 2e 0d 0d 0a 24 00 00 00 00 00 00 00 |mode....$.......|
PE Header
Packer / Compiler
Sections
Data Directory
TLS
| raw start | raw end | index | callbks | zero fill | flags | |
|---|---|---|---|---|---|---|
| 0x14002bb30 | 0x14002bb38 | 0x1400312b8 | 0x1400271b8 | 0 | 0x300000 |
| type | name | size | cp | |
|---|---|---|---|---|
| EDPENLIGHTENEDAPPINFOID | MICROSOFTEDPENLIGHTENEDAPPINFO | 2 | 0 | |
| EDPPERMISSIVEAPPINFOID | MICROSOFTEDPPERMISSIVEAPPINFO | 2 | 0 | |
| MUI | #1 | 320 | 0 | |
| VERSION | #1 | 884 | 0 | |
| MANIFEST | #1 | 1199 | 0 |
| module_name | hint | ord | function_name |
|---|---|---|---|
| KERNEL32.dll | 696 | GetProcAddress | |
| KERNEL32.dll | 220 | CreateMutexExW | |
| KERNEL32.dll | 1 | AcquireSRWLockShared | |
| KERNEL32.dll | 276 | DeleteCriticalSection | |
| KERNEL32.dll | 545 | GetCurrentProcessId | |
| KERNEL32.dll | 702 | GetProcessHeap | |
| KERNEL32.dll | 641 | GetModuleHandleW | |
| KERNEL32.dll | 266 | DebugBreak | |
| KERNEL32.dll | 901 | IsDebuggerPresent | |
| KERNEL32.dll | 832 | GlobalFree | |
| KERNEL32.dll | 622 | GetLocaleInfoW | |
| KERNEL32.dll | 206 | CreateFileW | |
| KERNEL32.dll | 1145 | ReadFile | |
| KERNEL32.dll | 1013 | MulDiv | |
| KERNEL32.dll | 544 | GetCurrentProcess | |
| KERNEL32.dll | 480 | GetCommandLineW | |
| KERNEL32.dll | 857 | HeapSetInformation | |
| KERNEL32.dll | 436 | FreeLibrary | |
| KERNEL32.dll | 393 | FindFirstFileW | |
| KERNEL32.dll | 382 | FindClose | |
| KERNEL32.dll | 157 | CompareStringOrdinal | |
| KERNEL32.dll | 977 | LocalAlloc | |
| KERNEL32.dll | 982 | LocalFree | |
| KERNEL32.dll | 429 | FoldStringW | |
| KERNEL32.dll | 637 | GetModuleFileNameW | |
| KERNEL32.dll | 801 | GetUserDefaultUILanguage | |
| KERNEL32.dll | 619 | GetLocalTime | |
| KERNEL32.dll | 555 | GetDateFormatW | |
| KERNEL32.dll | 790 | GetTimeFormatW | |
| KERNEL32.dll | 1553 | WideCharToMultiByte | |
| KERNEL32.dll | 1573 | WriteFile | |
| KERNEL32.dll | 591 | GetFileAttributesW | |
| KERNEL32.dll | 984 | LocalLock | |
| KERNEL32.dll | 443 | GetACP | |
| KERNEL32.dll | 989 | LocalUnlock | |
| KERNEL32.dll | 281 | DeleteFileW | |
| KERNEL32.dll | 1312 | SetEndOfFile | |
| KERNEL32.dll | 588 | GetFileAttributesExW | |
| KERNEL32.dll | 593 | GetFileInformationByHandle | |
| KERNEL32.dll | 203 | CreateFileMappingW | |
| KERNEL32.dll | 997 | MapViewOfFile | |
| KERNEL32.dll | 1014 | MultiByteToWideChar | |
| KERNEL32.dll | 985 | LocalReAlloc | |
| KERNEL32.dll | 1475 | UnmapViewOfFile | |
| KERNEL32.dll | 611 | GetFullPathNameW | |
| KERNEL32.dll | 987 | LocalSize | |
| KERNEL32.dll | 730 | GetStartupInfoW | |
| KERNEL32.dll | 1610 | lstrcmpiW | |
| KERNEL32.dll | 400 | FindNLSString | |
| KERNEL32.dll | 836 | GlobalLock | |
| KERNEL32.dll | 843 | GlobalUnlock | |
| KERNEL32.dll | 825 | GlobalAlloc | |
| KERNEL32.dll | 562 | GetDiskFreeSpaceExW | |
| KERNEL32.dll | 189 | CreateDirectoryW | |
| KERNEL32.dll | 1193 | RegisterApplicationRestart | |
| KERNEL32.dll | 238 | CreateSemaphoreExW | |
| KERNEL32.dll | 249 | CreateThreadpoolTimer | |
| KERNEL32.dll | 1209 | ReleaseSRWLockShared | |
| KERNEL32.dll | 1400 | SetThreadpoolTimer | |
| KERNEL32.dll | 137 | CloseHandle | |
| KERNEL32.dll | 1046 | OpenSemaphoreW | |
| KERNEL32.dll | 1515 | WaitForSingleObjectEx | |
| KERNEL32.dll | AcquireSRWLockExclusive | ||
| KERNEL32.dll | 147 | CloseThreadpoolTimer | |
| KERNEL32.dll | 1054 | OutputDebugStringW | |
| KERNEL32.dll | 1208 | ReleaseSRWLockExclusive | |
| KERNEL32.dll | 618 | GetLastError | |
| KERNEL32.dll | 432 | FormatMessageW | |
| KERNEL32.dll | 1206 | ReleaseMutex | |
| KERNEL32.dll | 549 | GetCurrentThreadId | |
| KERNEL32.dll | 1514 | WaitForSingleObject | |
| KERNEL32.dll | 1517 | WaitForThreadpoolTimerCallbacks | |
| KERNEL32.dll | 876 | InitializeCriticalSectionEx | |
| KERNEL32.dll | 964 | LeaveCriticalSection | |
| KERNEL32.dll | 640 | GetModuleHandleExW | |
| KERNEL32.dll | 1210 | ReleaseSemaphore | |
| KERNEL32.dll | 312 | EnterCriticalSection | |
| KERNEL32.dll | 1345 | SetLastError | |
| KERNEL32.dll | 849 | HeapAlloc | |
| KERNEL32.dll | 853 | HeapFree | |
| KERNEL32.dll | 1231 | ResolveDelayLoadedAPI | |
| KERNEL32.dll | 273 | DelayLoadFailureHook | |
| KERNEL32.dll | 636 | GetModuleFileNameA | |
| GDI32.dll | 52 | CreateDCW | |
| GDI32.dll | 927 | StartPage | |
| GDI32.dll | 925 | StartDocW | |
| GDI32.dll | 870 | SetAbortProc | |
| GDI32.dll | 384 | DeleteDC | |
| GDI32.dll | 398 | EndDoc | |
| GDI32.dll | AbortDoc | ||
| GDI32.dll | 401 | EndPage | |
| GDI32.dll | 727 | GetTextMetricsW | |
| GDI32.dll | 876 | SetBkMode | |
| GDI32.dll | 743 | LPtoDP | |
| GDI32.dll | 921 | SetWindowExtEx | |
| GDI32.dll | 917 | SetViewportExtEx | |
| GDI32.dll | 897 | SetMapMode | |
| GDI32.dll | 719 | GetTextExtentPoint32W | |
| GDI32.dll | 934 | TextOutW | |
| GDI32.dll | 455 | EnumFontsW | |
| GDI32.dll | 725 | GetTextFaceW | |
| GDI32.dll | 868 | SelectObject | |
| GDI32.dll | 387 | DeleteObject | |
| GDI32.dll | 67 | CreateFontIndirectW | |
| GDI32.dll | 635 | GetDeviceCaps | |
| USER32.dll | 343 | GetFocus | |
| USER32.dll | 687 | PostMessageW | |
| USER32.dll | 375 | GetMenu | |
| USER32.dll | 67 | CheckMenuItem | |
| USER32.dll | 450 | GetSubMenu | |
| USER32.dll | 233 | EnableMenuItem | |
| USER32.dll | 909 | ShowWindow | |
| USER32.dll | 322 | GetDC | |
| USER32.dll | 764 | ReleaseDC | |
| USER32.dll | 808 | SetCursor | |
| USER32.dll | 340 | GetDpiForWindow | |
| USER32.dll | 795 | SetActiveWindow | |
| USER32.dll | 615 | LoadStringW | |
| USER32.dll | 167 | DefWindowProcW | |
| USER32.dll | 565 | IsIconic | |
| USER32.dll | 823 | SetFocus | |
| USER32.dll | 688 | PostQuitMessage | |
| USER32.dll | 181 | DestroyWindow | |
| USER32.dll | 644 | MessageBeep | |
| USER32.dll | 344 | GetForegroundWindow | |
| USER32.dll | 331 | GetDlgCtrlID | |
| USER32.dll | 891 | SetWindowPos | |
| USER32.dll | 730 | RedrawWindow | |
| USER32.dll | 361 | GetKeyboardLayout | |
| USER32.dll | 52 | CharNextW | |
| USER32.dll | 879 | SetWinEventHook | |
| USER32.dll | 393 | GetMessageW | |
| USER32.dll | 939 | TranslateAcceleratorW | |
| USER32.dll | 561 | IsDialogMessageW | |
| USER32.dll | 941 | TranslateMessage | |
| USER32.dll | 189 | DispatchMessageW | |
| USER32.dll | 944 | UnhookWinEvent | |
| USER32.dll | 896 | SetWindowTextW | |
| USER32.dll | 669 | OpenClipboard | |
| USER32.dll | 558 | IsClipboardFormatAvailable | |
| USER32.dll | 79 | CloseClipboard | |
| USER32.dll | 820 | SetDlgItemTextW | |
| USER32.dll | 335 | GetDlgItemTextW | |
| USER32.dll | 242 | EndDialog | |
| USER32.dll | 783 | SendDlgItemMessageW | |
| USER32.dll | 861 | SetScrollPos | |
| USER32.dll | 546 | InvalidateRect | |
| USER32.dll | 967 | UpdateWindow | |
| USER32.dll | 494 | GetWindowPlacement | |
| USER32.dll | 890 | SetWindowPlacement | |
| USER32.dll | 63 | CharUpperW | |
| USER32.dll | 454 | GetSystemMenu | |
| USER32.dll | 594 | LoadAcceleratorsW | |
| USER32.dll | 889 | SetWindowLongW | |
| USER32.dll | 118 | CreateWindowExW | |
| USER32.dll | 657 | MonitorFromWindow | |
| USER32.dll | 762 | RegisterWindowMessageW | |
| USER32.dll | 600 | LoadCursorW | |
| USER32.dll | 734 | RegisterClassExW | |
| USER32.dll | 502 | GetWindowTextLengthW | |
| USER32.dll | 489 | GetWindowLongW | |
| USER32.dll | 683 | PeekMessageW | |
| USER32.dll | 503 | GetWindowTextW | |
| USER32.dll | 239 | EnableWindow | |
| USER32.dll | 106 | CreateDialogParamW | |
| USER32.dll | 221 | DrawTextExW | |
| USER32.dll | 602 | LoadIconW | |
| USER32.dll | 604 | LoadImageW | |
| USER32.dll | 186 | DialogBoxParamW | |
| USER32.dll | 872 | SetThreadDpiAwarenessContext | |
| USER32.dll | 792 | SendMessageW | |
| USER32.dll | 658 | MoveWindow | |
| USER32.dll | 307 | GetClientRect | |
| USER32.dll | 652 | MessageBoxW | |
| api-ms-win-crt-string-l1-1-0.dll | 131 | memset | |
| api-ms-win-crt-string-l1-1-0.dll | 169 | wcsnlen | |
| api-ms-win-crt-string-l1-1-0.dll | 158 | wcscmp | |
| api-ms-win-crt-runtime-l1-1-0.dll | 21 | _c_exit | |
| api-ms-win-crt-runtime-l1-1-0.dll | 61 | _register_thread_local_exe_atexit_callback | |
| api-ms-win-crt-runtime-l1-1-0.dll | 55 | _initterm_e | |
| api-ms-win-crt-runtime-l1-1-0.dll | 54 | _initterm | |
| api-ms-win-crt-private-l1-1-0.dll | 145 | _o__callnewh | |
| api-ms-win-crt-private-l1-1-0.dll | 147 | _o__cexit | |
| api-ms-win-crt-private-l1-1-0.dll | 159 | _o__configthreadlocale | |
| api-ms-win-crt-private-l1-1-0.dll | 161 | _o__configure_wide_argv | |
| api-ms-win-crt-private-l1-1-0.dll | 167 | _o__crt_atexit | |
| api-ms-win-crt-private-l1-1-0.dll | 192 | _o__errno | |
| api-ms-win-crt-private-l1-1-0.dll | 199 | _o__exit | |
| api-ms-win-crt-private-l1-1-0.dll | 281 | _o__get_wide_winmain_command_line | |
| api-ms-win-crt-private-l1-1-0.dll | 317 | _o__initialize_onexit_table | |
| api-ms-win-crt-private-l1-1-0.dll | 318 | _o__initialize_wide_environment | |
| api-ms-win-crt-private-l1-1-0.dll | 319 | _o__invalid_parameter_noinfo | |
| api-ms-win-crt-private-l1-1-0.dll | 579 | _o__purecall | |
| api-ms-win-crt-private-l1-1-0.dll | 593 | _o__register_onexit_function | |
| api-ms-win-crt-private-l1-1-0.dll | 602 | _o__seh_filter_exe | |
| api-ms-win-crt-private-l1-1-0.dll | 604 | _o__set_app_type | |
| api-ms-win-crt-private-l1-1-0.dll | 607 | _o__set_fmode | |
| api-ms-win-crt-private-l1-1-0.dll | 610 | _o__set_new_mode | |
| api-ms-win-crt-private-l1-1-0.dll | 717 | _o__wcsicmp | |
| api-ms-win-crt-private-l1-1-0.dll | 823 | _o__wtol | |
| api-ms-win-crt-private-l1-1-0.dll | 877 | _o_exit | |
| api-ms-win-crt-private-l1-1-0.dll | 908 | _o_free | |
| api-ms-win-crt-private-l1-1-0.dll | 944 | _o_iswdigit | |
| api-ms-win-crt-private-l1-1-0.dll | 983 | _o_malloc | |
| api-ms-win-crt-private-l1-1-0.dll | 1077 | _o_terminate | |
| api-ms-win-crt-private-l1-1-0.dll | 1084 | _o_toupper | |
| api-ms-win-crt-private-l1-1-0.dll | 42 | __std_terminate | |
| api-ms-win-crt-private-l1-1-0.dll | 18 | __CxxFrameHandler3 | |
| api-ms-win-crt-private-l1-1-0.dll | 1 | _CxxThrowException | |
| api-ms-win-crt-private-l1-1-0.dll | 95 | _o___std_exception_destroy | |
| api-ms-win-crt-private-l1-1-0.dll | 94 | _o___std_exception_copy | |
| api-ms-win-crt-private-l1-1-0.dll | 12 | __C_specific_handler | |
| api-ms-win-crt-private-l1-1-0.dll | 112 | _o___stdio_common_vswprintf | |
| api-ms-win-crt-private-l1-1-0.dll | 1121 | memcmp | |
| api-ms-win-crt-private-l1-1-0.dll | 83 | _o___p__commode | |
| api-ms-win-crt-private-l1-1-0.dll | 1122 | memcpy | |
| api-ms-win-crt-private-l1-1-0.dll | 1123 | memmove | |
| api-ms-win-core-com-l1-1-0.dll | 7 | CoCreateFreeThreadedMarshaler | |
| api-ms-win-core-com-l1-1-0.dll | 73 | CoWaitForMultipleHandles | |
| api-ms-win-core-com-l1-1-0.dll | 80 | PropVariantClear | |
| api-ms-win-core-com-l1-1-0.dll | 67 | CoTaskMemFree | |
| api-ms-win-core-com-l1-1-0.dll | 66 | CoTaskMemAlloc | |
| api-ms-win-core-com-l1-1-0.dll | 9 | CoCreateInstance | |
| api-ms-win-core-com-l1-1-0.dll | 40 | CoInitializeEx | |
| api-ms-win-core-com-l1-1-0.dll | 8 | CoCreateGuid | |
| api-ms-win-core-com-l1-1-0.dll | 70 | CoUninitialize | |
| api-ms-win-core-shlwapi-legacy-l1-1-0.dll | 20 | PathFileExistsW | |
| api-ms-win-core-shlwapi-legacy-l1-1-0.dll | 22 | PathFindExtensionW | |
| api-ms-win-core-shlwapi-legacy-l1-1-0.dll | 34 | PathIsFileSpecW | |
| api-ms-win-shcore-obsolete-l1-1-0.dll | 2 | SHStrDupW | |
| api-ms-win-shcore-path-l1-1-0.dll | 170 | ||
| api-ms-win-shcore-scaling-l1-1-1.dll | GetDpiForMonitor | ||
| api-ms-win-core-rtlsupport-l1-1-0.dll | 1576 | RtlVirtualUnwind | |
| api-ms-win-core-rtlsupport-l1-1-0.dll | 755 | RtlCaptureContext | |
| api-ms-win-core-rtlsupport-l1-1-0.dll | 1257 | RtlLookupFunctionEntry | |
| api-ms-win-core-errorhandling-l1-1-0.dll | 7 | RaiseException | |
| api-ms-win-core-errorhandling-l1-1-0.dll | 15 | SetUnhandledExceptionFilter | |
| api-ms-win-core-errorhandling-l1-1-0.dll | 17 | UnhandledExceptionFilter | |
| api-ms-win-core-processthreads-l1-1-0.dll | 79 | TerminateProcess | |
| api-ms-win-core-processthreads-l1-1-1.dll | 27 | GetProcessMitigationPolicy | |
| api-ms-win-core-processthreads-l1-1-1.dll | 47 | IsProcessorFeaturePresent | |
| api-ms-win-core-synch-l1-1-0.dll | 25 | InitializeCriticalSectionAndSpinCount | |
| api-ms-win-core-synch-l1-1-0.dll | 41 | SetEvent | |
| api-ms-win-core-synch-l1-1-0.dll | 39 | ResetEvent | |
| api-ms-win-core-synch-l1-1-0.dll | 5 | CreateEventExW | |
| api-ms-win-core-synch-l1-1-0.dll | 6 | CreateEventW | |
| api-ms-win-core-profile-l1-1-0.dll | QueryPerformanceCounter | ||
| api-ms-win-core-sysinfo-l1-1-0.dll | 26 | GetTickCount | |
| api-ms-win-core-sysinfo-l1-1-0.dll | 22 | GetSystemTimeAsFileTime | |
| api-ms-win-core-interlocked-l1-1-0.dll | InitializeSListHead | ||
| api-ms-win-core-libraryloader-l1-2-0.dll | 24 | LoadLibraryExW | |
| api-ms-win-core-winrt-string-l1-1-0.dll | 12 | WindowsDeleteString | |
| api-ms-win-core-winrt-string-l1-1-0.dll | 11 | WindowsCreateStringReference | |
| api-ms-win-core-winrt-string-l1-1-0.dll | 16 | WindowsGetStringRawBuffer | |
| api-ms-win-core-winrt-string-l1-1-0.dll | 10 | WindowsCreateString | |
| api-ms-win-core-winrt-error-l1-1-0.dll | 18 | SetRestrictedErrorInfo | |
| api-ms-win-core-winrt-l1-1-0.dll | 3 | RoInitialize | |
| api-ms-win-core-winrt-l1-1-0.dll | 1 | RoGetActivationFactory | |
| api-ms-win-core-winrt-l1-1-0.dll | 7 | RoUninitialize | |
| api-ms-win-core-winrt-error-l1-1-1.dll | 6 | RoGetMatchingRestrictedErrorInfo | |
| api-ms-win-eventing-provider-l1-1-0.dll | 2 | EventProviderEnabled | |
| api-ms-win-core-synch-l1-2-0.dll | 45 | Sleep | |
| COMCTL32.dll | 12 | CreateStatusWindowW | |
| COMCTL32.dll | 345 |
StringTable 040904B0
| CompanyName | Microsoft Corporation |
| FileDescription | Notepad |
| FileVersion | 10.0.19041.746 (WinBuild.160101.0800) |
| InternalName | Notepad |
| LegalCopyright | © Microsoft Corporation. All rights reserved. |
| OriginalFilename | NOTEPAD.EXE |
| ProductName | Microsoft® Windows® Operating System |
| ProductVersion | 10.0.19041.746 |
VS_FIXEDFILEINFO
| FileVersion | 10.0.19041.746 |
| ProductVersion | 10.0.19041.746 |
| StrucVersion | 0x10000 |
| FileFlagsMask | 0x3f |
| FileFlags | 0 |
| FileOS | 0x40004 |
| FileType | 1 |
| FileSubtype | 0 |
 |
| Please donate some bucks to keep this site up and running: | |
| Ko-fi | |
|---|---|
| Yandex.Money | |
| Thank you! | |
[?] can't find file_offset of VA 0x312b8