80b28e17511c6e648c89766b9f0c7050

Summary

Architecture IMAGE_FILE_MACHINE_I386
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 1995-Jun-30 01:31:07
Detected languages Russian - Russia
CompanyName Microsoft Corporation
FileDescription Калькулятор для Windows
FileVersion 4.00.950
InternalName CALC
LegalCopyright Copyright © Microsoft Corp. 1991-1995
OriginalFilename CALC.EXE
ProductName Операционная система Microsoft® Windows®
ProductVersion 4.00.950

Plugin Output

Info The PE contains common functions which appear in legitimate applications. Reads the contents of the clipboard:
  • GetClipboardData
Malicious VirusTotal score: 5/66 (Scanned on 2017-12-01 18:04:53) Bkav: W32.ZombXL.Worm
CMC: Virus.Win32.Orez!O
Cylance: Unsafe
Jiangmin: Worm/Bagif.an
Webroot: W32.Malware.Gen

Hashes

MD5 80b28e17511c6e648c89766b9f0c7050
SHA1 b9394649c4024429850bc09b5f927d3f6e0d36b8
SHA256 e3b2a81a45407acb0e292860c6f3ef6c545daa1f373e99d0f15170c63aa8286f
SHA3 24cbad161f9a6f59a776a760e5e4f2a2ddec8248fdfd35320ca677a688ca8d39
SSDeep 1536:GkEqFY6xgFoB7qUbMUtatrMaOqSvryicFYFaze:GmYc4zMcSvr6YFaze
Imports Hash 9a6eb1696d2af8df0f91d695f9f57243

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x80

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_I386
NumberofSections 6
TimeDateStamp 1995-Jun-30 01:31:07
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xe0
Characteristics IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED

Image Optional Header

Magic PE32
LinkerVersion 2.0
SizeOfCode 0x9800
SizeOfInitializedData 0x4c00
SizeOfUninitializedData 0xa00
AddressOfEntryPoint 0x534e (Section: .text)
BaseOfCode 0x1000
BaseOfData 0xb000
ImageBase 0x400000
SectionAlignment 0x1000
FileAlignment 0x200
OperatingSystemVersion 1.0
ImageVersion 0.0
SubsystemVersion 4.0
Win32VersionValue 0
SizeOfImage 0x13000
SizeOfHeaders 0x400
Checksum 0x13b55
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics (EMPTY)
SizeofStackReserve 0x100000
SizeofStackCommit 0x1000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 a94dfbf6ffe4afa2f1fca71b6bfbf3c3
SHA1 cc851d846e8d668d3fa747f5c4a40d4b82160936
SHA256 0b58eab63b4ae991184ea8ceaf740eedeeee20050f1f6e59b64bc31adc3597b1
SHA3 cdea939bfe95bd1c0977cbf3a6f8e3529eb3bc82b5c65c36ccd847e355de6fc0
VirtualSize 0x96b0
VirtualAddress 0x1000
SizeOfRawData 0x9800
PointerToRawData 0x400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 6.52917

.bss

MD5 d41d8cd98f00b204e9800998ecf8427e
SHA1 da39a3ee5e6b4b0d3255bfef95601890afd80709
SHA256 e3b0c44298fc1c149afbf4c8996fb92427ae41e4649b934ca495991b7852b855
SHA3 c5d2460186f7233c927e7db2dcc703c0e500b653ca82273b7bfad8045d85a470
VirtualSize 0x94c
VirtualAddress 0xb000
SizeOfRawData 0
PointerToRawData 0
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0

.data

MD5 3584278530813708de351421ed650e37
SHA1 a9ec67467a83e9e9a11166f0da3ba6d614eb6dfd
SHA256 11e9c987c99ae0aa14d3833ec2ca30da286a1331764e030a0bac53dd18e89ed2
SHA3 9449e984805375feea8f030e57c01a43f3df49c42d4d2d896f9f42e91f2326a3
VirtualSize 0x1700
VirtualAddress 0xc000
SizeOfRawData 0x1800
PointerToRawData 0x9c00
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 4.48457

.idata

MD5 d061332c309fec9f3c7cd8316965db18
SHA1 3dbdc6d1bd761a9de5fe402f2b09de96e528bcd5
SHA256 1eaeaebd696008235fde617ad8797dfe7a9f0c44c0cb6874f75034baf9620208
SHA3 77fad6b5a4dbe01fb502a5373133baa624b779baa6085e51ebae4afb4f4c0bef
VirtualSize 0xb64
VirtualAddress 0xe000
SizeOfRawData 0xc00
PointerToRawData 0xb400
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 5.6266

.rsrc

MD5 28384636727610cbe3ef20dd61eff5dd
SHA1 72ffc13782a7a4474f7eb5caad51532f9b01df04
SHA256 ba0bb49632be1f629410d3255c7597e671499077c06cf7dc93a6d1ca5cd26f75
SHA3 b3884da652e882ebd6945f63f051abe6dfcc5f84fe09faeb45477ece7859d2c7
VirtualSize 0x2000
VirtualAddress 0xf000
SizeOfRawData 0x1600
PointerToRawData 0xc000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.04383

.reloc

MD5 e4d47ec34b2129694826698eb51e7d3a
SHA1 2b5511835582a2771cd55d0cf8b2b636c0e2bd55
SHA256 0c8f10f2ff83a68c2f6ca21981d96053d8fcff57af2884a08c893635c8fed494
SHA3 c940d9e3a3546316fb58b682212c8f64acda9b9e6f8b010211a6bca60c040972
VirtualSize 0x1040
VirtualAddress 0x11000
SizeOfRawData 0x1200
PointerToRawData 0xd600
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 6.10872

Imports

SHELL32.dll ShellAboutA
KERNEL32.dll GlobalUnlock
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalCompact
GlobalFree
GlobalLock
lstrlenA
lstrcatA
WriteProfileStringA
GetModuleHandleA
GetStartupInfoA
GetEnvironmentStrings
GetCommandLineA
Sleep
lstrcmpA
GetProfileStringA
UnhandledExceptionFilter
GetModuleFileNameA
GetACP
GetOEMCP
GetCPInfo
GetStdHandle
GetFileType
VirtualFree
VirtualAlloc
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
GetLastError
LocalAlloc
LocalReAlloc
lstrcpyA
GetProfileIntA
GetTickCount
LocalFree
GetVersion
ExitProcess
RtlUnwind
USER32.dll WinHelpA
GetDC
GetWindowRect
CreateDialogParamA
CheckRadioButton
LoadStringA
RegisterClassExA
GetSysColorBrush
LoadCursorA
LoadIconA
SetDlgItemTextA
GetDlgItem
FillRect
SetRect
CheckMenuItem
GetSubMenu
GetMenu
SetWindowPos
MapDialogRect
InvalidateRect
SetFocus
IsIconic
GetSysColor
DestroyMenu
TrackPopupMenuEx
LoadMenuA
ReleaseCapture
SetCapture
GetDlgCtrlID
EnableMenuItem
IsClipboardFormatAvailable
ReleaseDC
ScreenToClient
DestroyWindow
PostQuitMessage
DefWindowProcA
MessageBeep
GetWindowTextA
DrawFrameControl
GetClientRect
ShowCursor
SetCursor
EndPaint
DrawEdge
BeginPaint
CloseClipboard
CharUpperA
GetClipboardData
OpenClipboard
SetWindowTextA
EnableWindow
CheckDlgButton
ShowWindow
UpdateWindow
CreateWindowExA
SendMessageA
LoadAcceleratorsA
GetMessageA
TranslateAcceleratorA
TranslateMessage
IsDialogMessageA
DispatchMessageA
MessageBoxA
GDI32.dll GetStockObject
GetDeviceCaps
GetTextMetricsA
SetTextColor
SetBkColor
TextOutA
GetTextExtentPointA
SetBkMode
SelectObject
DeleteObject

Delayed Imports

1

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x2e8
Entropy 2.89797
MD5 173be46d8f9aa32da27e22e6889420f6
SHA1 d0467fc674836f0daa18828a8969a7a1d145ca98
SHA256 2a7478f509e6def199c40fc76cafd591670297669e6034c719405dfd4c2fa643
SHA3 b52113c272ed16b707ce02caec023df52a98e150e4af0afc2fffdcd34144e4cd

2

Type RT_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x128
Entropy 2.99139
MD5 2d6f0d39f662a91bf0dfb521e1b8d743
SHA1 3ad7e68b9af2cba7508f6cc58969dd3d3967f8d1
SHA256 bdd40f9c653f0d438b46ec4e04230f25bcfa92387ab3a5f121ea5ba8645c0781
SHA3 0e3b54f14266db54d05fd44d04d08988ac37e9b0646ee66540c839137b78f315

SM

Type RT_MENU
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x100
Entropy 3.76904
MD5 93d49954d4935839735f237e12bc35b5
SHA1 94e85fcde41d51ad610677c887f1b8cbf5a4f72c
SHA256 c65b9439be60f23fd3f72c645d449e700e117514a4b25df508308cc84932de3e
SHA3 b1767f05af74c7844b9c8a5f10888a1c7f2c484f90b9e5b1b532a2dd25410d27

4

Type RT_MENU
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x30
Entropy 2.87092
MD5 f1dc8d6c78074216c70e0445d21aa2b1
SHA1 41a561c432a5ff359aaa0037bdcf2dbc9f912de7
SHA256 c7e769ea8f34b13026a9bb17f3070ca014b12c42ef50e785b4edc9dafc6bfd5e
SHA3 8e0294b7bbc077eaf9d331bb7edec9c183ddf863ad53dbe7ee185732ba7e0f5c

SB

Type RT_DIALOG
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x130
Entropy 3.386
MD5 713ac0772c00012f2d7436e799a434ea
SHA1 b5125c31896783f239fa4d8d7ba320ad67c12d21
SHA256 0a668d77d2fd99d809c2cdfb4ff1a6f2effa36701fdd9f0c7c15d542bffed9df
SHA3 0fea609111fbf65c1b8131aac1935e3eb71e31153d887111b2f35b3ca5036641

SC

Type RT_DIALOG
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x1fc
Entropy 3.27
MD5 5a18b3d7e2faa1f6b80414e8665b6fd7
SHA1 ffab505e302179eba9d557b4cdfd64057d0aad50
SHA256 90cc4e76206a14e3a7a820b7401d053ce48dbfa1b00175f828da5b1f48c5ac76
SHA3 4da255c469b9ee068dd289f0211b7bd33fd8e622ccfe7d912da2fad6443c10d1

1 (#2)

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x74
Entropy 3.14343
MD5 896cc435bde0032af81a96ad740da932
SHA1 44cc17e93b6ecab730c01b9fa360af1a5fbfe3ee
SHA256 72eb6739bb46f5b5ac237304d654b5283d968f54f81fc0be31617f94516eb4d2
SHA3 3bd88bdfd90b78ab61553739b33989d78971b632f9b384aa4ebee91747bb6a4e

2 (#2)

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x58
Entropy 3.02265
MD5 f688dca8d7a637816ac2039868dbebde
SHA1 d214ac3741c993e33c02f107e8a733ce60976d8e
SHA256 5ea3eccac25cf59b8b66802738db5106a26e0b1eed9fd5a62744ae0aa26711ff
SHA3 2b2b4d374a0f97f1a1dcdf3c812cab4d96bde70070af417c8dcb737882570bcb

3

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x50
Entropy 2.904
MD5 213f3c4125bb644a292551dbc4376621
SHA1 8f08a657244f66450c5a5babc2ec82d3d75dd47d
SHA256 7fa8166e490837d0a2ceaf3bea1c1b0171029a7da83151f23c3ca0daa431abb8
SHA3 7e0595e176066a385a1fc071821ba5d4be5684e350630899edb3d74b13fd3eb6

4 (#2)

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x78
Entropy 3.32565
MD5 4d28338e186613221b0214e5bd75bd91
SHA1 92cf4d47fc212878866ddaf0430711cc4be14b2c
SHA256 fe0c2120cce3a35db2e74000dc2eadec2fb02a7af75e79d8ce7fd9712ca183b6
SHA3 c8eb1201a5456607e350cf025a5dae775ba16e5f13af9716c08847ac29182f49

5

Type RT_STRING
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x2b8
Entropy 4.01518
MD5 b57ec70f30c5d9a934e195e116d9e7c1
SHA1 bfb9adcebca45c3d2b51f7030433fe12e60f5535
SHA256 00b7a11c85ce05c6bafb8838ea1f8dba8854e87dd5df63b5702a1578e09660db
SHA3 a6d8e3459ddc510a8439af6c5e84c50d91f8f5678b5195716d8cee759a2470ef

SA

Type RT_ACCELERATOR
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x260
Entropy 2.79109
MD5 2b5d9086197d6e193b0bea2d04b13428
SHA1 22444cd65488885b6f486f40284db28ab05aba04
SHA256 4f6dd020e30c1f205dec77343d2ba668370c64e06bbb363a3730e5247e20aa49
SHA3 63724490748ab319eae6d89f2701d61e809047ebf3e774dd9624e38131a0dd98

SC (#2)

Type RT_GROUP_ICON
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x22
Entropy 2.37086
Detected Filetype Icon file
MD5 d59e0d372ea5fd8c1f4de744376a6af4
SHA1 6883ce60e71a83424db0b41d0ab6bf61080e3de2
SHA256 b10e28a32eddb2ab20a46ceae59d9c0786911eb20f0c8dd2a28421f226ea2b8b
SHA3 89249711aa1eddca75b5bffe81dc1d2d2c878043c57f3957949f133e23ef9c30

1 (#3)

Type RT_VERSION
Language Russian - Russia
Codepage Latin 1 / Western European
Size 0x340
Entropy 3.67488
MD5 89116e1d5989a427830569c5b5f432a3
SHA1 062ccc08a439942ee414e77502d42ae0873fff64
SHA256 57c95336fa66c3497bd71a71751a7ba161473dd4887a2f59589bba2f9c219ad7
SHA3 f672313ac69a6927837186a1a9872743b4e25b93475ef631686716adb18d6687

String Table contents

Sta
Ave
Sum
s
Dat
F-E
dms
sin
cos
tan
(
Exp
x^y
x^3
x^2
)
ln
log
n!
1/x
MC
MR
MS
M+
PI
7
4
1
0
A
8
5
2
+/-
B
9
6
3
.
C
/
*
-
+
D
Mod
Or
Lsh
sqrt
%
1/x
=
E
And
Xor
Not
Int
F
C
CE
Back
Dword
Word
Byte
Deg
Rad
Grad
Деление на нуль невозможно.
Неверный аргумент функции.
Значение не определено.
Результат слишком велик.
Результат слишком мал.
calc.hlp
Не удается открыть буфер.
Недостаточно памяти для данных.
Закройте одну или несколько программ и повторите попытку.
stat
Калькулятор
Разработал для Microsoft
Kraig Brockschmidt
Недостаточно памяти

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 4.0.0.950
ProductVersion 4.0.0.950
FileFlags (EMPTY)
FileOs VOS_DOS
VOS_DOS_WINDOWS16
VOS_DOS_WINDOWS32
VOS_OS232
VOS_OS232_PM32
VOS_WINCE
VOS__PM32
VOS__WINDOWS16
FileType VFT_APP
Language Russian - Russia
CompanyName Microsoft Corporation
FileDescription Калькулятор для Windows
FileVersion (#2) 4.00.950
InternalName CALC
LegalCopyright Copyright © Microsoft Corp. 1991-1995
OriginalFilename CALC.EXE
ProductName Операционная система Microsoft® Windows®
ProductVersion (#2) 4.00.950
Resource LangID Russian - Russia

TLS Callbacks

Load Configuration

Errors

[*] Warning: Section .bss has a size of 0! [*] Warning: Section .bss has a size of 0!