| 文件名 | Notepad++Portable.exe |
| 文件类型 |
Win32 EXE
|
| 魔术字节 | PE32 executable (GUI) Intel 80386, for MS Windows |
| SSDEEP 哈希 |
6144:dEUXqVQzB6fx2CxwXL/X8Va/kVGMTHG4NSS3ZgdZfRC:dERVQzUYX8Va/kVGWmgSSif4
|
| 扫描器版本 | 1.0.153.174 |
| 数据库版本 | 2024-01-02 22:02:18 UTC |
被 2 个安全引擎检测到 - 需要谨慎
| 哈希类型 | 值 | 操作 |
|---|---|---|
| MD5 |
f7053f8e27ae7d4702c17c444bce05a1
|
|
| SHA1 |
8dabd8c0565ae4ab5ba9888dc0cb26102550b08a
|
|
| SHA256 |
07b518a3cad292ad8b276cde9a2d97daa07ab13c557cff04e159f7cde27d86c3
|
|
| SHA512 |
2e9b51efe4d41b2e9320098dee6275f280963e0435845e745ea03a3d711b688a785a6fbbf41c0dece4f8d1930328e84ee4973abac2a16576a33faf74185653e5
|
|
| ImpHash |
32f3282581436269b3a75b6675fe3e08
|
| 图标 |
哈希: 3c0cf85399bbe244c785acb76818392b
模糊: 1853f630ff8347b4895c5496d9fcb386 dHash: 1abab2e2726ef6fe |
| 映像基址 | 0x00400000 |
| 入口点 | 0x004039e3 |
| 编译时间 | 2012-02-24 19:19:59 |
| 校验和 | 0x0005a144 (实际: 0x0005a144) |
| 操作系统版本 | 5.0 |
| PEiD 签名 |
PE32 executable (GUI) Intel 80386, for MS Windows
|
| 数字签名 | OK |
| 导入 |
8 库
KERNEL32, USER32, GDI32, SHELL32, ADVAPI32, COMCTL32, ole32, VERSION |
| 导出 | 0 函数 |
| 资源 | 26 资源 |
| 节 | 6 节 |
| AAA Certificate Services | Sectigo Limited (GB) |
| Sectigo Public Code Signing Root R46 | Sectigo Limited (GB) |
| Sectigo Public Code Signing CA R36 | Rare Ideas, LLC (US) |
| Comments | A build of the PortableApps.com Launcher for Notepad++ Portable, allowing it to be run from a removable drive. For additional details, visit PortableApps.com |
| CompanyName | PortableApps.com |
| FileDescription | Notepad++ Portable (PortableApps.com Launcher) |
| FileVersion | 2.2.2.1 |
| InternalName | PortableApps.com Launcher |
| LegalCopyright | PortableApps.com |
| LegalTrademarks | PortableApps.com is a Trademark of Rare Ideas, LLC. |
| OriginalFilename | Notepad++Portable.exe |
| ProductName | Notepad++ Portable |
| ProductVersion | 2.2.2.1 |
| Translation | 0x0000 0x04e6 |
| 名称 | 虚拟地址 | 虚拟大小 | 原始大小 | 熵 | 特征 | MD5 |
|---|---|---|---|---|---|---|
.text |
0x00001000 |
28,432 bytes | 28,672 bytes | 6.50 (压缩) |
IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ
|
F569E353AF0ED51BF4C216FAA9BED4E7 |
.rdata |
0x00008000 |
10,898 bytes | 11,264 bytes | 4.39 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
91EEE43954E068E650F7B73A8B0E6915 |
.data |
0x0000b000 |
425,660 bytes | 512 bytes | 1.47 (正常) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
DB9F7ACBF1C3DDFE255077B699955DFA |
.ndata |
0x00073000 |
1,331,200 bytes | 0 bytes | 0.00 (正常) |
IMAGE_SCN_CNT_UNINITIALIZED_DATA|IMAGE_SCN_MEM_READ|IMAGE_SCN_MEM_WRITE
|
D41D8CD98F00B204E9800998ECF8427E |
.rsrc |
0x001b8000 |
176,304 bytes | 176,640 bytes | 6.67 (压缩) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ
|
4F57AAACEA80FD64D11756DD060BE381 |
.reloc |
0x001e4000 |
3,978 bytes | 4,096 bytes | 7.90 (打包/加密) |
IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ
|
6DB829C150AF42D237FF780FED331475 |
1 检测到高熵(≥7.5)的节 - 可能存在打包/加密
2 检测到较高熵(≥6.5)的节 - 可能存在压缩
| 资源类型 | 数量 | 总大小 | 百分比 |
|---|---|---|---|
| RT_ICON | 8 | 169,626 字节 | |
| RT_DIALOG | 15 | 2,868 字节 | |
| RT_GROUP_ICON | 1 | 118 字节 | |
| RT_VERSION | 1 | 1,324 字节 | |
| RT_MANIFEST | 1 | 957 字节 |
| 主题 |
Sectigo Public Code Signing Root R46 Sectigo Limited GB |
| 颁发者 | AAA Certificate Services |
| 序列号 | 97015870309959729927281967672979788822 |
| 主题 |
Sectigo Public Code Signing CA R36 Sectigo Limited GB |
| 颁发者 | Sectigo Public Code Signing Root R46 |
| 序列号 | 130417131954583740712891216934480190474 |
| 主题 |
Rare Ideas, LLC Rare Ideas, LLC US |
| 颁发者 | Sectigo Public Code Signing CA R36 |
| 序列号 | 85539958276852660757318134793058736270 |
OK
Gridinsoft Anti-Malware 拥有更强大的病毒扫描引擎。我们建议使用它来更准确地诊断受感染的系统。这个简短的指南将帮助您安装我们的旗舰产品以进行更准确的诊断:
下载反恶意软件此文件看起来是干净的,但定期的安全维护很重要
