83a0877f33a25dd700490577d338ee304bf8c515b41a809ee79d1b682ba5334b

Summary

Architecture IMAGE_FILE_MACHINE_AMD64
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
Compilation Date 2100-May-10 00:49:47
Detected languages English - United States
TLS Callbacks 1 callback(s) detected.
Debug artifacts calc.pdb
CompanyName Microsoft Corporation
FileDescription Windows Calculator
FileVersion 10.0.26100.8521 (WinBuild.160101.0800)
InternalName CALC
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename CALC.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion 10.0.26100.8521

Plugin Output

Suspicious The PE is possibly packed. Unusual section name found: fothk
Info The PE contains common functions which appear in legitimate applications. Possibly launches other programs:
  • ShellExecuteW
  • CreateProcessA
Suspicious No VirusTotal score. This file has never been scanned on VirusTotal.

Hashes

MD5 6268854b2454ad63b08bade6e209acd4
SHA1 a4f8b5ae7971745ab658cefac1a01674616465d7
SHA256 83a0877f33a25dd700490577d338ee304bf8c515b41a809ee79d1b682ba5334b
SHA3 4ba1f3e9fea916163b6613a3fed02ea2ff3b127f985a0763b0ae8e9a0ce14f71
SSDeep 384:QCvXVUBLxxkI70um+/JbQSWS9YW6iiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiiL:QC/KLjLm+/JbQKD
Imports Hash 0c1e3cae505cc618aa572cdd82bf3483

DOS Header

e_magic MZ
e_cblp 0x90
e_cp 0x3
e_crlc 0
e_cparhdr 0x4
e_minalloc 0
e_maxalloc 0xffff
e_ss 0
e_sp 0xb8
e_csum 0
e_ip 0
e_cs 0
e_ovno 0
e_oemid 0
e_oeminfo 0
e_lfanew 0x100

PE Header

Signature PE
Machine IMAGE_FILE_MACHINE_AMD64
NumberofSections 7
TimeDateStamp 2100-May-10 00:49:47
PointerToSymbolTable 0
NumberOfSymbols 0
SizeOfOptionalHeader 0xf0
Characteristics IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Image Optional Header

Magic PE32+
LinkerVersion 14.0
SizeOfCode 0x2000
SizeOfInitializedData 0x9000
SizeOfUninitializedData 0
AddressOfEntryPoint 0x0000000000001740 (Section: .text)
BaseOfCode 0x1000
ImageBase 0x140000000
SectionAlignment 0x1000
FileAlignment 0x1000
OperatingSystemVersion A.0
ImageVersion A.0
SubsystemVersion A.0
Win32VersionValue 0
SizeOfImage 0xc000
SizeOfHeaders 0x1000
Checksum 0x14cb7
Subsystem IMAGE_SUBSYSTEM_WINDOWS_GUI
DllCharacteristics IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
SizeofStackReserve 0x80000
SizeofStackCommit 0x2000
SizeofHeapReserve 0x100000
SizeofHeapCommit 0x1000
LoaderFlags 0
NumberOfRvaAndSizes 16

.text

MD5 6e5f686d224f151e817ce8cf278029ff
SHA1 649d483f02cdfe0d4b5ba9cc5d13faaaba663524
SHA256 976486d2ed8d2a0fcf84778b33a4d3b45938d37b6bc59bd06a5de0edacdb8c9d
SHA3 482d0071e5126fef9fcf11f13f2454317fc0ec61b9ed586d7951a87178ee4476
VirtualSize 0xd74
VirtualAddress 0x1000
SizeOfRawData 0x1000
PointerToRawData 0x1000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 5.20969

fothk

MD5 3e0748234244ec6a7d0e6ac9f84c6dfd
SHA1 2d5278160f8189e52660e4e51e24a56ba0b37573
SHA256 2b620d3d8efff5854e3a98324d0331e885cb5d169143a84561f8a335ce050b09
SHA3 c969875c6a8894db1bc501771ae5d987976a674a8ca85fc8fe337aa62d16281a
VirtualSize 0x1000
VirtualAddress 0x2000
SizeOfRawData 0x1000
PointerToRawData 0x2000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
Entropy 0.0159202

.rdata

MD5 8c9c49315b864c75dd85df4095772aeb
SHA1 4c08017c3d0602145824a332b28fade79fd5d2da
SHA256 21030477a27e0a2691fcc31848fb247514329c240bc731beb008d87ee36b998e
SHA3 0713d3a038c7b0f4acc6abb60d465d34ccd62ab874e2697ef6616ff78541948b
VirtualSize 0xf02
VirtualAddress 0x3000
SizeOfRawData 0x1000
PointerToRawData 0x3000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 4.01174

.data

MD5 056daf31a291ddb56fa54fbc1a3cc5f2
SHA1 9f67784eddd2202bdbc38ed1ead05ad23a71a8b2
SHA256 97888756e2cc4576c7c52154673f94bad082da5f6918ce52d0a7d251d1100cb0
SHA3 004a68f1783ac67a66f0c06275f00a698fdd216773d54c2ec7ffa1b090023671
VirtualSize 0x6c0
VirtualAddress 0x4000
SizeOfRawData 0x1000
PointerToRawData 0x4000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
Entropy 0.0613641

.pdata

MD5 34ada5ab11d8f832c018dee3a9d6a980
SHA1 620427b425ca78e07f778729501bb0bb1b2b5cb9
SHA256 be576d5ad3dbb50b353f7db446a7092f4b147590bca6654eb001d36ae5f1f292
SHA3 e52bd2b8f42caa3006db449ae65d456f53b71f03993c4108d76cf36c6b98878e
VirtualSize 0x108
VirtualAddress 0x5000
SizeOfRawData 0x1000
PointerToRawData 0x5000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 0.364208

.rsrc

MD5 157a582ef9cb41bde1282f75e735c618
SHA1 78c1bfe617137883443253e22d47ee640f84519f
SHA256 6a8aa35ecf5160b525dbd041a5e986e33eb3d011d054897a73aee62e5d414036
SHA3 a5cdb20c725f3ee0779b28483ca9d13eb5a63e0908e9dc560272e660e5b09e32
VirtualSize 0x4710
VirtualAddress 0x6000
SizeOfRawData 0x5000
PointerToRawData 0x6000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Entropy 2.80545

.reloc

MD5 93ed2808a109d151f054c27a43684c4c
SHA1 89885049303f1f2deb28a5f67c3a1ed482f196c2
SHA256 e3618b6181ac3941562a8808b7cd167640a2d6fbe7d305b9ba0e35b40df1a1a9
SHA3 14f648c77ddfb162e14aea29ac50087a1254589b114ee3f00b5a157b86069aa9
VirtualSize 0x94
VirtualAddress 0xb000
SizeOfRawData 0x1000
PointerToRawData 0xb000
PointerToRelocations 0
PointerToLineNumbers 0
NumberOfLineNumbers 0
NumberOfRelocations 0
Characteristics IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Entropy 0.192154

Imports

SHELL32.dll ShellExecuteW
KERNEL32.dll GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetCurrentProcessId
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
RtlLookupFunctionEntry
msvcrt.dll __setusermatherr
_initterm
__C_specific_handler
memset
_wcmdln
_fmode
_commode
__wgetmainargs
_exit
_amsg_exit
_XcptFilter
exit
?terminate@@YAXXZ
__set_app_type
_cexit
ADVAPI32.dll EventSetInformation
EventWriteTransfer
EventRegister
api-ms-win-core-synch-l1-2-0.dll Sleep
api-ms-win-core-processthreads-l1-1-0.dll GetStartupInfoW
api-ms-win-core-libraryloader-l1-2-0.dll GetModuleHandleW
KERNEL32.dll (#2) GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
RtlCaptureContext
GetCurrentProcessId
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
RtlLookupFunctionEntry

Delayed Imports

1

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x468
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.39967
MD5 339d6ef766e3e959cb6a80c5a0006077
SHA1 b953e464da91872d0e33ee62b2648a6836b520d4
SHA256 c95bb5bd0d39255df7889d6b29c46dabc694834accba3e64e6559bcf6cc042ee
SHA3 59f83702753d5be567c4e6d5b3c375fd43bd3b22919c338ec346c84d783a21e8

2

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x218
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.38778
Detected Filetype PNG graphic file
MD5 84ae61b758be82a627ebbd846f988d34
SHA1 cb714a3334049b3fe631469a3bca8398c16e4e6e
SHA256 3e6c7cc4bd5870acb414f9bec4602e4737483fe14947306e0eae8fc3cbccb8f0
SHA3 876fb905f537617ca7012b0fb4b2c1fceeb20d950700245a82ea227ae28dd935

3

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x10a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.75044
MD5 762ddcf4fb3a4f57a4a1849b47324a2c
SHA1 d8aac2dca042e8221d7d02a8af8dc65fae11b6f4
SHA256 0ac0f42771fc0d2245c369f1e8277ba0a3ffe4c78b15093206bdb243aa65b2c5
SHA3 907930b5178ab04b81827056daa4f7c7c8629ccfcce1d4212ea1715c9a50118e

4

Type RT_ICON
Language English - United States
Codepage UNKNOWN
Size 0x25a8
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 1.16135
MD5 9ee2a3afd25682b394fe54b6db182103
SHA1 8f014d438011dd0d9947d967842351042a493e56
SHA256 d4617e344732a0cf6bc6e8807f77cab668009342ab158cd9ac88d9877de318d9
SHA3 cb1b5b03e89766b7d076cf7bb3e349119943a9f3919e168b492139e3cff9b20d

IDI_CALC_ICON

Type RT_GROUP_ICON
Language English - United States
Codepage UNKNOWN
Size 0x3e
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 2.41382
Detected Filetype Icon file
MD5 0a3aabb4ec6e9901a7e2d57c8b6407c2
SHA1 4a03b455ceefcdd8468d8a9c2128ce6193275987
SHA256 f4813285cef4f96b09578dc599d989c780fc042bc747f26acc9690aefdb73133
SHA3 61cb31e1103c73d4e2b89849731e427f0b1702b9a1ff07b991061ccb08bd9d42

1 (#2)

Type RT_VERSION
Language English - United States
Codepage UNKNOWN
Size 0x384
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 3.50871
MD5 572bdb82a8d5c72593f9c374faaa16ea
SHA1 50bba822b4743d065034e14d293fa81f6d788433
SHA256 bc762c152192dac9471afc6c870959992d7f97d30c5a9fce8db4007680e10231
SHA3 1592010c73134c776fb92c8d854e7f7473377cf527000ef0f49aca2aed19fb37

1 (#3)

Type RT_MANIFEST
Language English - United States
Codepage UNKNOWN
Size 0x491
TimeDateStamp 1980-Jan-01 00:00:00
Entropy 4.96894
MD5 ff8bb01700c4ca8639b7077a96159295
SHA1 af31428842b7554e1200c33e2a71ede38b5c5ded
SHA256 9c32df4118c1601d8d06e8a8bbd1ae72202fa81d429ede9218bdb9b8ca7743f2
SHA3 e12148aca1f918cddfbb056629d7c5e546ef351d7df82f84d137a16126cdeee3

Version Info

Signature 0xfeef04bd
StructVersion 0x10000
FileVersion 10.0.26100.8521
ProductVersion 10.0.26100.8521
FileFlags (EMPTY)
FileOs VOS_DOS_WINDOWS32
VOS_NT
VOS_NT_WINDOWS32
VOS_WINCE
VOS__WINDOWS32
FileType VFT_APP
Language English - United States
CompanyName Microsoft Corporation
FileDescription Windows Calculator
FileVersion (#2) 10.0.26100.8521 (WinBuild.160101.0800)
InternalName CALC
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename CALC.EXE
ProductName Microsoft® Windows® Operating System
ProductVersion (#2) 10.0.26100.8521
Resource LangID English - United States

IMAGE_DEBUG_TYPE_CODEVIEW

Characteristics 0
TimeDateStamp 2100-May-10 00:49:47
Version 0.0
SizeofData 33
AddressOfRawData 0x34fc
PointerToRawData 0x34fc
Referenced File calc.pdb

IMAGE_DEBUG_TYPE_POGO

Characteristics 0
TimeDateStamp 2100-May-10 00:49:47
Version 0.0
SizeofData 688
AddressOfRawData 0x3520
PointerToRawData 0x3520

UNKNOWN

Characteristics 0
TimeDateStamp 2100-May-10 00:49:47
Version 0.0
SizeofData 36
AddressOfRawData 0x37f8
PointerToRawData 0x37f8

UNKNOWN (#2)

Characteristics 0
TimeDateStamp 2100-May-10 00:49:47
Version 0.0
SizeofData 4
AddressOfRawData 0x381c
PointerToRawData 0x381c

TLS Callbacks

StartAddressOfRawData 0
EndAddressOfRawData 0
AddressOfIndex 0
AddressOfCallbacks 0x140003ef2
SizeOfZeroFill 0
Characteristics IMAGE_SCN_TYPE_REG
Callbacks 0x0000000140001CB0

Load Configuration

Size 0x148
TimeDateStamp 1970-Jan-01 00:00:00
Version 0.0
GlobalFlagsClear (EMPTY)
GlobalFlagsSet (EMPTY)
CriticalSectionDefaultTimeout 0
DeCommitFreeBlockThreshold 0
DeCommitTotalFreeThreshold 0
LockPrefixTable 0
MaximumAllocationSize 0
VirtualMemoryThreshold 0
ProcessAffinityMask 0
ProcessHeapFlags (EMPTY)
CSDVersion 0
Reserved1 0
EditList 0
SecurityCookie 0x140004040
GuardCFCheckFunctionPointer 5368722080
GuardCFDispatchFunctionPointer 0
GuardCFFunctionTable 0
GuardCFFunctionCount 0
GuardFlags (EMPTY)
CodeIntegrity.Flags 0
CodeIntegrity.Catalog 0
CodeIntegrity.CatalogOffset 0
CodeIntegrity.Reserved 0
GuardAddressTakenIatEntryTable 0
GuardAddressTakenIatEntryCount 0
GuardLongJumpTargetTable 0
GuardLongJumpTargetCount 0

RICH Header

XOR Key 0xde8e5fa7
Unmarked objects 0
Imports (VS2008 SP1 build 30729) 6
Unmarked objects (#2) 1
Total imports 41
Imports (33145) 9
C objects (33145) 19
ASM objects (33145) 4
C objects (LTCG) (33145) 3
C++ objects (33145) 2
Resource objects (33145) 1
Linker (33145) 1

Errors

Leave a comment

No comments yet.