Manalyze report for 2f82623f9523c0d167862cad0eff6806

Summary

Architecture	`IMAGE_FILE_MACHINE_AMD64`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	2035-Sep-23 13:23:06
Detected languages	English - United States
Debug artifacts	calc.pdb
CompanyName	Microsoft Corporation
FileDescription	Windows Calculator
FileVersion	`10.0.22621.1 (WinBuild.160101.0800)`
InternalName	CALC
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	CALC.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion	`10.0.22621.1`

Plugin Output

Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: ShellExecuteW`
Safe	VirusTotal score: 0/74 (Scanned on 2024-07-15 07:26:54)	`All the AVs think this file is safe.`

Hashes

MD5	`2f82623f9523c0d167862cad0eff6806`
SHA1	`5d77804b87735e66d7d1e263c31c4ef010f16153`
SHA256	`9c2c8a8588fe6db09c09337e78437cb056cd557db1bcf5240112cbfb7b600efb`
SHA3	`8fe9eeb7ff266fc62db8487759db208b0ba044759856b7f8b98f7ad5b410d12e`
SSDeep	`384:OtF1XO9GxgL7ol+WSvYWCiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiLiiiiiri:QOOgL7E4r`
Imports Hash	`8eeaa9499666119d13b3f44ecd77a729`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0xf8`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_AMD64`
NumberofSections	`6`
TimeDateStamp	2035-Sep-23 13:23:06
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xf0`
Characteristics	`IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LARGE_ADDRESS_AWARE`

Image Optional Header

Magic	`PE32+`
LinkerVersion	`14.0`
SizeOfCode	`0x1000`
SizeOfInitializedData	`0x9000`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x0000000000001750 (Section: .text)`
BaseOfCode	`0x1000`
ImageBase	`0x140000000`
SectionAlignment	`0x1000`
FileAlignment	`0x1000`
OperatingSystemVersion	`A.0`
ImageVersion	`A.0`
SubsystemVersion	`A.0`
Win32VersionValue	`0`
SizeOfImage	`0xb000`
SizeOfHeaders	`0x1000`
Checksum	`0xe569`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
DllCharacteristics	`IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE` `IMAGE_DLLCHARACTERISTICS_GUARD_CF` `IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA` `IMAGE_DLLCHARACTERISTICS_NX_COMPAT` `IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE`
SizeofStackReserve	`0x80000`
SizeofStackCommit	`0x2000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`5fa9d4f71e248bcaf57708835ce91c03`
SHA1	`08ed6c18c9c2b0024256d81cfc81a83723fda0f2`
SHA256	`e0d30716026822e847c01770c9d7b707b4fa4d4a3fb4f4aee8c5dd83f3be8637`
SHA3	`c33b3c3a82eec38e4fa437e7bb0d0da5f8c00c320f2015b1b24d7f53b866b356`
VirtualSize	`0xc50`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x1000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`5.05283`

.rdata

MD5	`4658347668b5166085216939a591e880`
SHA1	`adc021ec442f63e679f57d86b04332163c50fb33`
SHA256	`61214f41e33a70fd25b5ce502c16d67297267b225df526132255b8e81d6a806c`
SHA3	`40532240a1496d712344e27892552702a9c5ac9d4d39ea868618da07842ffe51`
VirtualSize	`0xdae`
VirtualAddress	`0x2000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x2000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.82359`

.data

MD5	`3b1f3fed456d30dac2f4cd93aeb907c8`
SHA1	`4e887016fa4f37fcb57eeadd0751f70f78a1e15b`
SHA256	`58ff52f7ef05c9039850974715bfad2135df9b743027921c457b9cf26e60c878`
SHA3	`c4ff0f83e60ebb3ceb8ae0473fc6edd6904fc95fedecf9d025f0fec0952dedc1`
VirtualSize	`0x6c0`
VirtualAddress	`0x3000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x3000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`0.0613641`

.pdata

MD5	`0411bd194ad091324976a9ac16f7887f`
SHA1	`b4971aa4f9bbb7248c19d9acc38daf4ccd91a598`
SHA256	`51dabc0322739e9abb6cf52b3c141ece0d1e809e394132f2b93a67621ca8ab90`
SHA3	`b2f797da689d02105cfc92c712749a83829b8c448518aef5b082935a26792293`
VirtualSize	`0xfc`
VirtualAddress	`0x4000`
SizeOfRawData	`0x1000`
PointerToRawData	`0x4000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`0.341539`

.rsrc

MD5	`5f6a43c58dbe72a030b15f7a4b99da27`
SHA1	`c17e20a9fe11294041ab8fa6e3fc0ff32dfeb8b3`
SHA256	`b155a7635563e1b0685a31ad685734ca98421d6c33ab17d5c411e01619f44b8c`
SHA3	`aee2c0381e76492d19b3ff2eee3f29ffc7f2dc0adb34ffc42f03d4f105ee32ad`
VirtualSize	`0x4710`
VirtualAddress	`0x5000`
SizeOfRawData	`0x5000`
PointerToRawData	`0x5000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`2.80318`

.reloc

MD5	`0735784a8a2d1fd4cef66bb459d1c7e5`
SHA1	`1c26d81237c24d6edf42d7f5eed927fd796824e2`
SHA256	`834a0bcecfd943d17a4bfda3750afeb14ef19233c57ce3031fa2be8eabd53e77`
SHA3	`373a9e20ff36f52f9d6fadb51bccb9c203ad42f7bbd46a2d34afba0654164bb6`
VirtualSize	`0x3c`
VirtualAddress	`0xa000`
SizeOfRawData	`0x1000`
PointerToRawData	`0xa000`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_DISCARDABLE` `IMAGE_SCN_MEM_READ`
Entropy	`0.124352`

Imports

SHELL32.dll	`ShellExecuteW`
KERNEL32.dll	`GetCurrentThreadId` `GetSystemTimeAsFileTime` `GetTickCount` `RtlCaptureContext` `GetCurrentProcessId` `RtlVirtualUnwind` `UnhandledExceptionFilter` `SetUnhandledExceptionFilter` `GetCurrentProcess` `TerminateProcess` `QueryPerformanceCounter` `RtlLookupFunctionEntry`
msvcrt.dll	`__setusermatherr` `_initterm` `__C_specific_handler` `_wcmdln` `_fmode` `_commode` `?terminate@@YAXXZ` `_cexit` `__wgetmainargs` `_amsg_exit` `_XcptFilter` `exit` `__set_app_type` `_exit`
ADVAPI32.dll	`EventSetInformation` `EventWriteTransfer` `EventRegister`
api-ms-win-core-synch-l1-2-0.dll	`Sleep`
api-ms-win-core-processthreads-l1-1-0.dll	`GetStartupInfoW`
api-ms-win-core-libraryloader-l1-2-0.dll	`GetModuleHandleW`

Delayed Imports

1

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x468`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.39967`
MD5	`339d6ef766e3e959cb6a80c5a0006077`
SHA1	`b953e464da91872d0e33ee62b2648a6836b520d4`
SHA256	`c95bb5bd0d39255df7889d6b29c46dabc694834accba3e64e6559bcf6cc042ee`
SHA3	`59f83702753d5be567c4e6d5b3c375fd43bd3b22919c338ec346c84d783a21e8`

2

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x218`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.38778`
Detected Filetype	PNG graphic file
MD5	`84ae61b758be82a627ebbd846f988d34`
SHA1	`cb714a3334049b3fe631469a3bca8398c16e4e6e`
SHA256	`3e6c7cc4bd5870acb414f9bec4602e4737483fe14947306e0eae8fc3cbccb8f0`
SHA3	`876fb905f537617ca7012b0fb4b2c1fceeb20d950700245a82ea227ae28dd935`

3

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x10a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.75044`
MD5	`762ddcf4fb3a4f57a4a1849b47324a2c`
SHA1	`d8aac2dca042e8221d7d02a8af8dc65fae11b6f4`
SHA256	`0ac0f42771fc0d2245c369f1e8277ba0a3ffe4c78b15093206bdb243aa65b2c5`
SHA3	`907930b5178ab04b81827056daa4f7c7c8629ccfcce1d4212ea1715c9a50118e`

4

Type	`RT_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x25a8`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`1.16135`
MD5	`9ee2a3afd25682b394fe54b6db182103`
SHA1	`8f014d438011dd0d9947d967842351042a493e56`
SHA256	`d4617e344732a0cf6bc6e8807f77cab668009342ab158cd9ac88d9877de318d9`
SHA3	`cb1b5b03e89766b7d076cf7bb3e349119943a9f3919e168b492139e3cff9b20d`

IDI_CALC_ICON

Type	`RT_GROUP_ICON`
Language	English - United States
Codepage	UNKNOWN
Size	`0x3e`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`2.41382`
Detected Filetype	Icon file
MD5	`0a3aabb4ec6e9901a7e2d57c8b6407c2`
SHA1	`4a03b455ceefcdd8468d8a9c2128ce6193275987`
SHA256	`f4813285cef4f96b09578dc599d989c780fc042bc747f26acc9690aefdb73133`
SHA3	`61cb31e1103c73d4e2b89849731e427f0b1702b9a1ff07b991061ccb08bd9d42`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x384`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`3.44344`
MD5	`bb1535981d5a622804c9efceb1abe420`
SHA1	`c4b06725f862b434d612b308f7e78059d5dc1e58`
SHA256	`fd5c1d93127421fddb1ad30092e902091e6394ef7ff377590c95b6c8ee06becd`
SHA3	`bea7bf14821229794a196130e447a3d250090ccc11708f8bd033da72b16fa543`

1 (#3)

Type	`RT_MANIFEST`
Language	English - United States
Codepage	UNKNOWN
Size	`0x491`
TimeDateStamp	1980-Jan-01 00:00:00
Entropy	`4.96894`
MD5	`ff8bb01700c4ca8639b7077a96159295`
SHA1	`af31428842b7554e1200c33e2a71ede38b5c5ded`
SHA256	`9c32df4118c1601d8d06e8a8bbd1ae72202fa81d429ede9218bdb9b8ca7743f2`
SHA3	`e12148aca1f918cddfbb056629d7c5e546ef351d7df82f84d137a16126cdeee3`

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	10.0.22621.1
ProductVersion	10.0.22621.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT` `VOS_NT_WINDOWS32` `VOS_WINCE` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName	Microsoft Corporation
FileDescription	Windows Calculator
FileVersion (#2)	10.0.22621.1 (WinBuild.160101.0800)
InternalName	CALC
LegalCopyright	© Microsoft Corporation. All rights reserved.
OriginalFilename	CALC.EXE
ProductName	Microsoft® Windows® Operating System
ProductVersion (#2)	10.0.22621.1

Resource LangID	English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics	`0`
TimeDateStamp	2035-Sep-23 13:23:06
Version	`0.0`
SizeofData	`33`
AddressOfRawData	`0x24fc`
PointerToRawData	`0x24fc`
Referenced File	calc.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics	`0`
TimeDateStamp	2035-Sep-23 13:23:06
Version	`0.0`
SizeofData	`672`
AddressOfRawData	`0x2520`
PointerToRawData	`0x2520`

UNKNOWN

Characteristics	`0`
TimeDateStamp	2035-Sep-23 13:23:06
Version	`0.0`
SizeofData	`36`
AddressOfRawData	`0x27c0`
PointerToRawData	`0x27c0`

TLS Callbacks

Load Configuration

Size	`0x140`
TimeDateStamp	`1970-Jan-01 00:00:00`
Version	`0.0`
GlobalFlagsClear	`(EMPTY)`
GlobalFlagsSet	`(EMPTY)`
CriticalSectionDefaultTimeout	`0`
DeCommitFreeBlockThreshold	`0`
DeCommitTotalFreeThreshold	`0`
LockPrefixTable	`0`
MaximumAllocationSize	`0`
VirtualMemoryThreshold	`0`
ProcessAffinityMask	`0`
ProcessHeapFlags	`(EMPTY)`
CSDVersion	`0`
Reserved1	`0`
EditList	`0`
SecurityCookie	`0x140003040`
GuardCFCheckFunctionPointer	`5368717968`
GuardCFDispatchFunctionPointer	`0`
GuardCFFunctionTable	`0`
GuardCFFunctionCount	`0`
GuardFlags	`(EMPTY)`
CodeIntegrity.Flags	`0`
CodeIntegrity.Catalog	`0`
CodeIntegrity.CatalogOffset	`0`
CodeIntegrity.Reserved	`0`
GuardAddressTakenIatEntryTable	`0`
GuardAddressTakenIatEntryCount	`0`
GuardLongJumpTargetTable	`0`
GuardLongJumpTargetCount	`0`

RICH Header

XOR Key	`0xaac3177c`
Unmarked objects	`0`
Imports (VS2008 SP1 build 30729)	`6`
Total imports	`40`
Imports (30795)	`9`
C objects (30795)	`18`
ASM objects (30795)	`3`
C objects (LTCG) (30795)	`3`
C++ objects (30795)	`2`
Resource objects (30795)	`1`
Linker (30795)	`1`

2f82623f9523c0d167862cad0eff6806

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.pdata

.rsrc

.reloc

Imports

Delayed Imports

1

2

3

4

IDI_CALC_ICON

1 (#2)

1 (#3)

Version Info

IMAGE_DEBUG_TYPE_CODEVIEW

IMAGE_DEBUG_TYPE_POGO

UNKNOWN

TLS Callbacks

Load Configuration

RICH Header

Errors