80b28e17511c6e648c89766b9f0c7050

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1995-Jun-30 01:31:07
Detected languages Russian - Russia
CompanyName Microsoft Corporation
FileDescription Калькулятор для Windows
FileVersion 4.00.950
InternalName CALC
LegalCopyright Copyright © Microsoft Corp. 1991-1995
OriginalFilename CALC.EXE
ProductName Операционная система Microsoft® Windows®
ProductVersion 4.00.950

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Reads the contents of the clipboard:
  • GetClipboardData
Suspicious The PE header may have been manually modified. The resource timestamps differ from the PE header:
  • 1980-Mar-18 06:25:46
Malicious VirusTotal score: 5/66 (Scanned on 2017-12-01 18:04:53) Bkav: W32.ZombXL.Worm
CMC: Virus.Win32.Orez!O
Cylance: Unsafe
Jiangmin: Worm/Bagif.an
Webroot: W32.Malware.Gen

Hashes

MD5 80b28e17511c6e648c89766b9f0c7050
SHA1 b9394649c4024429850bc09b5f927d3f6e0d36b8
SHA256 e3b2a81a45407acb0e292860c6f3ef6c545daa1f373e99d0f15170c63aa8286f
SHA3 e499e73719b7c10c42d7858424c69d34a4e7b617fe3c55e70a3bb4cb2968aad3
SSDeep 1536:GkEqFY6xgFoB7qUbMUtatrMaOqSvryicFYFaze:GmYc4zMcSvr6YFaze
Imports Hash 9a6eb1696d2af8df0f91d695f9f57243

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 1995-Jun-30 01:31:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x9800
SizeOfInitializedData 0x4c00
SizeOfUninitializedData 0xa00
AddressOfEntryPoint 0x0000534E (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x13000
SizeOfHeaders 0x400
Checksum 0x13b55
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a94dfbf6ffe4afa2f1fca71b6bfbf3c3
SHA1 cc851d846e8d668d3fa747f5c4a40d4b82160936
SHA256 0b58eab63b4ae991184ea8ceaf740eedeeee20050f1f6e59b64bc31adc3597b1
SHA3 2e6cda2e5f2747594e29e0647184faf2adc83536f9c67530052fa068604c4c12
VirtualSize 0x96b0
VirtualAddress 0x1000
SizeOfRawData 0x9800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.52917

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 a7ffc6f8bf1ed76651c14756a061d662f580ff4de43b49fa82d80a4b80f8434a
VirtualSize 0x94c
VirtualAddress 0xb000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data

MD5 3584278530813708de351421ed650e37
SHA1 a9ec67467a83e9e9a11166f0da3ba6d614eb6dfd
SHA256 11e9c987c99ae0aa14d3833ec2ca30da286a1331764e030a0bac53dd18e89ed2
SHA3 1ca5e5e5de4fbfa27225269066759376ddab399cea7cda1095a5f22b5db80a9f
VirtualSize 0x1700
VirtualAddress 0xc000
SizeOfRawData 0x1800
PointerToRawData 0x9c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.48457

.idata

MD5 d061332c309fec9f3c7cd8316965db18
SHA1 3dbdc6d1bd761a9de5fe402f2b09de96e528bcd5
SHA256 1eaeaebd696008235fde617ad8797dfe7a9f0c44c0cb6874f75034baf9620208
SHA3 fb154d46b69eca9881491df794787107c539242bb2656b237d09132712011790
VirtualSize 0xb64
VirtualAddress 0xe000
SizeOfRawData 0xc00
PointerToRawData 0xb400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.6266

.rsrc

MD5 28384636727610cbe3ef20dd61eff5dd
SHA1 72ffc13782a7a4474f7eb5caad51532f9b01df04
SHA256 ba0bb49632be1f629410d3255c7597e671499077c06cf7dc93a6d1ca5cd26f75
SHA3 f4ce02f86baaf67190443e66ed960db3a05e132276491562e287c6dfa69fa280
VirtualSize 0x2000
VirtualAddress 0xf000
SizeOfRawData 0x1600
PointerToRawData 0xc000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.04383

.reloc

MD5 e4d47ec34b2129694826698eb51e7d3a
SHA1 2b5511835582a2771cd55d0cf8b2b636c0e2bd55
SHA256 0c8f10f2ff83a68c2f6ca21981d96053d8fcff57af2884a08c893635c8fed494
SHA3 fb29af048cf56204c7408cd3767075afd1b9edc52203d9d2bfbb137d1050484f
VirtualSize 0x1040
VirtualAddress 0x11000
SizeOfRawData 0x1200
PointerToRawData 0xd600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.10872

Imports

SHELL32.dll ShellAboutA
KERNEL32.dll GlobalUnlock
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalCompact
GlobalFree
GlobalLock
lstrlenA
lstrcatA
WriteProfileStringA
GetModuleHandleA
GetStartupInfoA
GetEnvironmentStrings
GetCommandLineA
Sleep
lstrcmpA
GetProfileStringA
UnhandledExceptionFilter
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
VirtualFree
VirtualAlloc
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetLastError
LocalAlloc
LocalReAlloc
lstrcpyA
GetProfileIntA
GetTickCount
LocalFree
GetVersion
ExitProcess
RtlUnwind
USER32.dll WinHelpA
GetDC
GetWindowRect
CreateDialogParamA
CheckRadioButton
LoadStringA
RegisterClassExA
GetSysColorBrush
LoadCursorA
LoadIconA
SetDlgItemTextA
GetDlgItem
FillRect
SetRect
CheckMenuItem
GetSubMenu
GetMenu
SetWindowPos
MapDialogRect
InvalidateRect
SetFocus
IsIconic
GetSysColor
DestroyMenu
TrackPopupMenuEx
LoadMenuA
ReleaseCapture
SetCapture
GetDlgCtrlID
EnableMenuItem
IsClipboardFormatAvailable
ReleaseDC
ScreenToClient
DestroyWindow
PostQuitMessage
DefWindowProcA
MessageBeep
GetWindowTextA
DrawFrameControl
GetClientRect
ShowCursor
SetCursor
EndPaint
DrawEdge
BeginPaint
CloseClipboard
CharUpperA
GetClipboardData
OpenClipboard
SetWindowTextA
EnableWindow
CheckDlgButton
ShowWindow
UpdateWindow
CreateWindowExA
SendMessageA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
IsDialogMessageA
DispatchMessageA
MessageBoxA
GDI32.dll GetStockObject
GetDeviceCaps
GetTextMetricsA
SetTextColor
SetBkColor
TextOutA
GetTextExtentPointA
SetBkMode
SelectObject
DeleteObject

Delayed Imports

1

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x2e8
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 2.89797
MD5 173be46d8f9aa32da27e22e6889420f6
SHA1 d0467fc674836f0daa18828a8969a7a1d145ca98
SHA256 2a7478f509e6def199c40fc76cafd591670297669e6034c719405dfd4c2fa643
SHA3 4976a763ec6782725b7bbf75c42ba8c7ed6bd1ff4dc0ecc6b5b5dd31108b3405

2

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x128
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 2.99139
MD5 2d6f0d39f662a91bf0dfb521e1b8d743
SHA1 3ad7e68b9af2cba7508f6cc58969dd3d3967f8d1
SHA256 bdd40f9c653f0d438b46ec4e04230f25bcfa92387ab3a5f121ea5ba8645c0781
SHA3 f0f06da9b2cb025e84b71d2f53784dc5c5fdf8e60372f27aa70504fab31ce5f4

SM

Type RT_MENU
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x100
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 3.76904
MD5 93d49954d4935839735f237e12bc35b5
SHA1 94e85fcde41d51ad610677c887f1b8cbf5a4f72c
SHA256 c65b9439be60f23fd3f72c645d449e700e117514a4b25df508308cc84932de3e
SHA3 64ac8274e431843878e127c59a22f377ff7b8e69dd3e9a257d068cc8cf4d2f21

4

Type RT_MENU
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x30
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 2.87092
MD5 f1dc8d6c78074216c70e0445d21aa2b1
SHA1 41a561c432a5ff359aaa0037bdcf2dbc9f912de7
SHA256 c7e769ea8f34b13026a9bb17f3070ca014b12c42ef50e785b4edc9dafc6bfd5e
SHA3 7f5f960a4a05c014ba1c16dbbe1e5062fa7644f8208c1b83add851dbb23f51ac

SB

Type RT_DIALOG
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x130
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 3.386
MD5 713ac0772c00012f2d7436e799a434ea
SHA1 b5125c31896783f239fa4d8d7ba320ad67c12d21
SHA256 0a668d77d2fd99d809c2cdfb4ff1a6f2effa36701fdd9f0c7c15d542bffed9df
SHA3 8d876b02c4a8be67eef1ea23d046f6022e0e2435783aaf58ccb8cf1bb4f7ef80

SC

Type RT_DIALOG
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x1fc
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 3.27
MD5 5a18b3d7e2faa1f6b80414e8665b6fd7
SHA1 ffab505e302179eba9d557b4cdfd64057d0aad50
SHA256 90cc4e76206a14e3a7a820b7401d053ce48dbfa1b00175f828da5b1f48c5ac76
SHA3 d115b4c08a754f6f55c9909b4a866debcc8e2b16e06a481b065193ebc5b2133f

1 (#2)

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x74
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 3.14343
MD5 896cc435bde0032af81a96ad740da932
SHA1 44cc17e93b6ecab730c01b9fa360af1a5fbfe3ee
SHA256 72eb6739bb46f5b5ac237304d654b5283d968f54f81fc0be31617f94516eb4d2
SHA3 e5826147d5691c7a5a9deede6752fbe2a05e880c5862f218ec01dc30c7759b74

2 (#2)

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x58
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 3.02265
MD5 f688dca8d7a637816ac2039868dbebde
SHA1 d214ac3741c993e33c02f107e8a733ce60976d8e
SHA256 5ea3eccac25cf59b8b66802738db5106a26e0b1eed9fd5a62744ae0aa26711ff
SHA3 425006242905c82146127f325d490e37cefa9781cde614e3bcf31d3eeb4988c9

3

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x50
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 2.904
MD5 213f3c4125bb644a292551dbc4376621
SHA1 8f08a657244f66450c5a5babc2ec82d3d75dd47d
SHA256 7fa8166e490837d0a2ceaf3bea1c1b0171029a7da83151f23c3ca0daa431abb8
SHA3 c1e90de578ee0a545a620f370f16b04f07ba01a5bdfdfd71104f158127f4423a

4 (#2)

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x78
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 3.32565
MD5 4d28338e186613221b0214e5bd75bd91
SHA1 92cf4d47fc212878866ddaf0430711cc4be14b2c
SHA256 fe0c2120cce3a35db2e74000dc2eadec2fb02a7af75e79d8ce7fd9712ca183b6
SHA3 1f48972da59f67e00627b4245a1f300fc7cafe23780ae5d63b554db9094ced17

5

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x2b8
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 4.01518
MD5 b57ec70f30c5d9a934e195e116d9e7c1
SHA1 bfb9adcebca45c3d2b51f7030433fe12e60f5535
SHA256 00b7a11c85ce05c6bafb8838ea1f8dba8854e87dd5df63b5702a1578e09660db
SHA3 fc5ede762a2f2a783a7739a03d6421bc6d7371738c0470aaf3c2cedcb01193c5

SA

Type RT_ACCELERATOR
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x260
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 2.79109
MD5 2b5d9086197d6e193b0bea2d04b13428
SHA1 22444cd65488885b6f486f40284db28ab05aba04
SHA256 4f6dd020e30c1f205dec77343d2ba668370c64e06bbb363a3730e5247e20aa49
SHA3 8a169118e88b2ffdf757b138585b949680b3fe8f02b624e245a6a9904a2b88ea

SC (#2)

Type RT_GROUP_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x22
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 2.37086
Detected Filetype Icon file
MD5 d59e0d372ea5fd8c1f4de744376a6af4
SHA1 6883ce60e71a83424db0b41d0ab6bf61080e3de2
SHA256 b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b
SHA3 5e39df982879204dd9f129a37d1e1c2ff906e88de9ae01b4418db5e8455e7ae1

1 (#3)

Type RT_VERSION
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x340
TimeDateStamp 1980-Mar-18 06:25:46
Entropy 3.67488
MD5 89116e1d5989a427830569c5b5f432a3
SHA1 062ccc08a439942ee414e77502d42ae0873fff64
SHA256 57c95336fa66c3497bd71a71751a7ba161473dd4887a2f59589bba2f9c219ad7
SHA3 607509ab5df7bd7b7d66767b2e1f84fb8072e098e32f0a7564c8c19db8283744

String Table contents

Sta
Ave
Sum
s
Dat
F-E
dms
sin
cos
tan
(
Exp
x^y
x^3
x^2
)
ln
log
n!
1/x
MC
MR
MS
M+
PI
7
4
1
0
A
8
5
2
+/-
B
9
6
3
.
C
/
*
-
+
D
Mod
Or
Lsh
sqrt
%
1/x
=
E
And
Xor
Not
Int
F
C
CE
Back
Dword
Word
Byte
Deg
Rad
Grad
Деление на нуль невозможно.
Неверный аргумент функции.
Значение не определено.
Результат слишком велик.
Результат слишком мал.
calc.hlp
Не удается открыть буфер.
Недостаточно памяти для данных.
Закройте одну или несколько программ и повторите попытку.
stat
Калькулятор
Разработал для Microsoft
Kraig Brockschmidt
Недостаточно памяти

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.0.0.950
ProductVersion 4.0.0.950
FileFlags (EMPTY)
FileOs VOS_DOS
VOS_DOS_WINDOWS16
VOS_DOS_WINDOWS32
VOS_OS232
VOS_OS232_PM32
VOS_WINCE
VOS__PM32
VOS__WINDOWS16
FileType VFT_APP
Language Russian - Russia
CompanyName Microsoft Corporation
FileDescription Калькулятор для Windows
FileVersion (#2) 4.00.950
InternalName CALC
LegalCopyright Copyright © Microsoft Corp. 1991-1995
OriginalFilename CALC.EXE
ProductName Операционная система Microsoft® Windows®
ProductVersion (#2) 4.00.950
Resource LangID Russian - Russia

TLS Callbacks

Load Configuration

RICH Header

Errors

[*] Warning: Section .bss has a size of 0!
<-- -->