Manalyze report for 94d48d46cfd9e02146288942226475e9

Summary

Architecture	`IMAGE_FILE_MACHINE_I386`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
Compilation Date	1999-Mar-18 15:48:45
Detected languages	English - United States Russian - Russia
CompanyName
FileDescription	DevCalc MFC Application
FileVersion	`1, 0, 0, 1`
InternalName	DevCalc
LegalCopyright	Copyright (C) 1999
LegalTrademarks
OriginalFilename	DevCalc.EXE
ProductName	DevCalc Application
ProductVersion	`1, 0, 0, 1`

Plugin Output

Info	Matching compiler(s):	`MASM/TASM - sig1(h)` `Microsoft Visual C++`
Info	The PE contains common functions which appear in legitimate applications.	`Possibly launches other programs: WinExec`
Safe	VirusTotal score: 0/57 (Scanned on 2016-06-11 09:28:00)	`All the AVs think this file is safe.`

Hashes

MD5	`94d48d46cfd9e02146288942226475e9`
SHA1	`4fe9b0f464cb8c0189abbda492c49aca1865ab90`
SHA256	`693d880ba9e8930b4da443adb2bdb4d7c0a2ad76d9a97491b65dbafb4fc13eb3`
SHA3	`e2c25526870de8fc78ca96fc47c1e8cf3cef8244646dff11c4a93113e1f59ee3`
SSDeep	`384:p+MLHAyf2f2YerDR7e3Eykrgq4Csg3AYFA+eKDEi4x9qvOj:p+iHAyf2OzrD0U/OvYLWi4x9qvA`
Imports Hash	`8c8346c88623eddd4333b3994f2e1897`

DOS Header

e_magic	`MZ`
e_cblp	`0x90`
e_cp	`0x3`
e_crlc	`0`
e_cparhdr	`0x4`
e_minalloc	`0`
e_maxalloc	`0xffff`
e_ss	`0`
e_sp	`0xb8`
e_csum	`0`
e_ip	`0`
e_cs	`0`
e_ovno	`0`
e_oemid	`0`
e_oeminfo	`0`
e_lfanew	`0x80`

PE Header

Signature	`PE`
Machine	`IMAGE_FILE_MACHINE_I386`
NumberofSections	`5`
TimeDateStamp	1999-Mar-18 15:48:45
PointerToSymbolTable	`0`
NumberOfSymbols	`0`
SizeOfOptionalHeader	`0xe0`
Characteristics	`IMAGE_FILE_32BIT_MACHINE` `IMAGE_FILE_EXECUTABLE_IMAGE` `IMAGE_FILE_LINE_NUMS_STRIPPED` `IMAGE_FILE_LOCAL_SYMS_STRIPPED` `IMAGE_FILE_RELOCS_STRIPPED`

Image Optional Header

Magic	`PE32`
LinkerVersion	`5.0`
SizeOfCode	`0x1e00`
SizeOfInitializedData	`0x4c00`
SizeOfUninitializedData	`0`
AddressOfEntryPoint	`0x00002840 (Section: .text)`
BaseOfCode	`0x1000`
BaseOfData	`0x3000`
ImageBase	`0x400000`
SectionAlignment	`0x1000`
FileAlignment	`0x200`
OperatingSystemVersion	`4.0`
ImageVersion	`0.0`
SubsystemVersion	`4.0`
Win32VersionValue	`0`
SizeOfImage	`0xa000`
SizeOfHeaders	`0x400`
Checksum	`0`
Subsystem	`IMAGE_SUBSYSTEM_WINDOWS_GUI`
SizeofStackReserve	`0x100000`
SizeofStackCommit	`0x1000`
SizeofHeapReserve	`0x100000`
SizeofHeapCommit	`0x1000`
LoaderFlags	`0`
NumberOfRvaAndSizes	`16`

.text

MD5	`327b1ae2fc7d2cfbb55942b794303901`
SHA1	`eb879dc974284b53720cc03146682977e9e22c48`
SHA256	`8ea9343f162c7197a152bda4931b1c2537138167de73707bc4e603ea0861d8f0`
SHA3	`a998ba1997edb081a4cdc238183b8838b4a623aa5950d8c95f0c94509ca4d880`
VirtualSize	`0x1d82`
VirtualAddress	`0x1000`
SizeOfRawData	`0x1e00`
PointerToRawData	`0x400`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_CODE` `IMAGE_SCN_MEM_EXECUTE` `IMAGE_SCN_MEM_READ`
Entropy	`6.1055`

.rdata

MD5	`f43d6bcd86cd03a784422425deb82ce9`
SHA1	`63395115cf57d4bed42b497f70a3e8c0935aa7ec`
SHA256	`d3622be044f821a343622b709cc01087ff25f775aae7f51feb13a065aa8987ea`
SHA3	`16c5f4ca38206b661e36e94712b5f8f702f90a7d88bb68869dfaff32df6b475f`
VirtualSize	`0x4c8`
VirtualAddress	`0x3000`
SizeOfRawData	`0x600`
PointerToRawData	`0x2200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.08342`

.data

MD5	`3b4294549a648c90ecf5c9f72f5132a2`
SHA1	`6242b07ddcc1aacffe05a8f9a25a776e411411ab`
SHA256	`6d4994ba7c5ca0bde94b562528dfdc3a0be365389bfb6b11e6455992bc0c6310`
SHA3	`d9264573c6f39f0d64b964b1d68a64abc3f63dfaa0e5a3f2f609c69b8b5535d8`
VirtualSize	`0x1974`
VirtualAddress	`0x4000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x2800`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`3.10194`

.idata

MD5	`b02753a0cd30bd6b571f90d329cb2f96`
SHA1	`02ea90816a9719ff2a5392a07e9c9ceda0141dc7`
SHA256	`b38a4b599973d389099e1e2028202b7e59f54f38ee6729baf79be2fdf5944c47`
SHA3	`93d3a0b30f9b69f066b4117057472a8a1aca993faac44b1721199788dc251c62`
VirtualSize	`0x86a`
VirtualAddress	`0x6000`
SizeOfRawData	`0xa00`
PointerToRawData	`0x3200`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ` `IMAGE_SCN_MEM_WRITE`
Entropy	`4.61198`

.rsrc

MD5	`78e96a96dfc179188a04876e6b22367c`
SHA1	`c843131afeb21b98865bf3025442a84cfaec3576`
SHA256	`3dff95f357e7971f44ba83a4f5b83b17b4ef09d0c53141b040cddd9575b986ed`
SHA3	`d39e84407dfcf939d870580ddc2e3da17491f94d777feb582127056276a46620`
VirtualSize	`0x2090`
VirtualAddress	`0x7000`
SizeOfRawData	`0x2200`
PointerToRawData	`0x3c00`
PointerToRelocations	`0`
PointerToLineNumbers	`0`
NumberOfLineNumbers	`0`
NumberOfRelocations	`0`
Characteristics	`IMAGE_SCN_CNT_INITIALIZED_DATA` `IMAGE_SCN_MEM_READ`
Entropy	`3.61801`

Imports

MSVCRT.dll	`_CIacos` `tolower` `_controlfp` `_CItanh` `_CIpow` `_except_handler3` `__set_app_type` `__p__fmode` `__p__commode` `_adjust_fdiv` `__setusermatherr` `_initterm` `__getmainargs` `__p__acmdln` `exit` `_XcptFilter` `_exit` `_onexit` `__dllonexit` `sprintf` `_i64toa` `memmove` `__CxxFrameHandler` `_splitpath` `_makepath` `fopen` `fclose` `fread` `fwrite` `??3@YAXPAX@Z` `isalpha` `isdigit` `isxdigit` `_ftol` `sscanf` `strchr` `atof` `_CIfmod` `floor` `_CIcosh` `ceil` `_CIasin` `_CIsinh` `_setmbcp` `_stricmp`
MFC42.DLL	`#4622` `#561` `#815` `#3825` `#3079` `#3830` `#3831` `#2645` `#6453` `#3873` `#470` `#755` `#2379` `#2863` `#540` `#4160` `#800` `#6334` `#3092` `#5981` `#6199` `#2358` `#2301` `#1168` `#1146` `#4234` `#324` `#3597` `#4425` `#4627` `#5277` `#2124` `#2446` `#5261` `#1727` `#5065` `#3749` `#6376` `#4673` `#4274` `#6375` `#4486` `#2554` `#2512` `#5731` `#3922` `#1089` `#5199` `#2396` `#3346` `#5300` `#5302` `#2725` `#4079` `#4698` `#5307` `#5289` `#5714` `#2982` `#3147` `#3259` `#4465` `#3136` `#3262` `#2985` `#3081` `#2976` `#2055` `#4998` `#1576` `#4710` `#4080` `#6052` `#4424` `#3738` `#1775` `#4078` `#641` `#2514` `#2621` `#5265` `#4376` `#4853` `#2385` `#5241` `#4837` `#4441` `#2648` `#4407` `#3798` `#5163` `#6374` `#4353` `#5280`
KERNEL32.dll	`GetStartupInfoA` `GetModuleHandleA` `GetModuleFileNameA` `WinExec`
USER32.dll	`GetSystemMenu` `DrawIcon` `SendMessageA` `LoadIconA` `IsIconic` `PostMessageA` `AppendMenuA` `GetClientRect` `GetSystemMetrics` `EnableWindow`

Delayed Imports

1

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x128`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`2.1558`
MD5	`c47ce0d1fe747dc2b2ce56b4b1c23b5a`
SHA1	`a4fb4e3233ee23e4b8daebd60ccdc8a78844aafa`
SHA256	`e3888926000f032d987e1709bebb71a98a92fab16786416a220fe16eea7dff11`
SHA3	`65fc1b6b281140b8854a17bf4ab34b64251bd86c7732139e6692b230d1bf9bc9`

2

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x2e8`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`2.55273`
MD5	`f628d5db592c4f4c8f9c375137efed67`
SHA1	`a6f71ff5d63c6369ab490ba93babfefac0d47862`
SHA256	`a8b43b01f85ed8ffdb62973da6f36c31445dedafcf59807483bb93d3ba199b51`
SHA3	`4e69714c43a978909dcc51fedf8a451e7f812cdcc8c4950f6973972a3693777f`

3

Type	`RT_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x8a8`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`3.23034`
MD5	`1cf8aeff5a49ce7890837c7dd0189c42`
SHA1	`7d0debdc61982f73a4528bffa112c79d4523fdb3`
SHA256	`2c5d3b0b5972476ff8171829efd3b03799d6965ef960d8d8384e66c75e89d0d7`
SHA3	`702077c9bf3aaf5836c790bfe151e62b3c60080d5ca1ad3da59f5d31700c6ea6`

100

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x224`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`3.5545`
MD5	`3ed3e55445b16de52ce53746bca04a62`
SHA1	`5a671aea664f0c5b3026a15d58707446944f0807`
SHA256	`d3508a8426b1347bfa8e6d220340aa82b4831d6818d6c71e585f9da3beced477`
SHA3	`90411cb3d42c4bf36d526e1ddd0adabc68ed2c3e07accfec8879f9102fd1a4d4`

102

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2b6`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`3.18245`
MD5	`253086c2613a03553cb763b7ada4623b`
SHA1	`f64022065170cb613913168cfc7fd1208fded837`
SHA256	`0535695ae837ee65b3a5799319506074cfd32a1742a706297c1ae3dae51830d6`
SHA3	`6b5d1982448af94fd1aae2c2d103cce31e047978ffb45f27a6c6caa6bcbaad1b`

103

Type	`RT_DIALOG`
Language	English - United States
Codepage	UNKNOWN
Size	`0x952`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`2.89081`
MD5	`e4389f415ca017b084cb5c1a2cb0b449`
SHA1	`fac192e58806555c6c12b9d55d2a08ac29e1c049`
SHA256	`d0c42f9ad68631088f9af1b90745e033de26ce69d8f212a57708798fb0a7aebf`
SHA3	`819681cdbaf2ae99e8c7a7a6ab32d1b636e437c66d29ecc1d9258ccbae639d03`

7

Type	`RT_STRING`
Language	English - United States
Codepage	UNKNOWN
Size	`0x42`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`1.91056`
MD5	`5dee582b783f395e8e9422beb2bdb8c0`
SHA1	`2097ebcc4d70f266d33c05137e0595adb5d5495a`
SHA256	`bfbfa9167bc10009874db01205b84792158142bf9246108d05c06daa2e83b21a`
SHA3	`8b4e4a2367a50cbe5c37c1479529713d5c9e0883356c70519565c7fd837efa9e`

128

Type	`RT_GROUP_ICON`
Language	Russian - Russia
Codepage	UNKNOWN
Size	`0x30`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`2.5943`
Detected Filetype	Icon file
MD5	`ec90aa8704b600b4150cce625b658d6f`
SHA1	`4f5ea13893784288db7c242ca8c72be7faba49b8`
SHA256	`04306ce6a4c8eea0aaf5813629cb12a654b7c348f6f0ba66d860fcb0ff626c92`
SHA3	`585f1151f400278df441eabc64b4c2a72d696e90bd496fcb8e6d605738ee9d8d`

1 (#2)

Type	`RT_VERSION`
Language	English - United States
Codepage	UNKNOWN
Size	`0x2f4`
TimeDateStamp	1999-Mar-18 15:48:45
Entropy	`3.36369`
MD5	`362e3d7d4fac51d4ad37b0b9ec685237`
SHA1	`a60e7b8d1b5fa6ac3a81c847239a4c6b54f2b627`
SHA256	`87f441cf6e6985ba35d8f7dfa104193d706ae3b724e4ce30400bccdfbba4115b`
SHA3	`bcff57cc7d74e6e4ebfaf46da3fd9030fe0b897070542e8ec15f03ae627f93c6`

String Table contents

&About DevCalc...

Version Info

Signature	`0xfeef04bd`
StructVersion	`0x10000`
FileVersion	1.0.0.1
ProductVersion	1.0.0.1
FileFlags	`(EMPTY)`
FileOs	`VOS_DOS_WINDOWS32` `VOS_NT_WINDOWS32` `VOS__WINDOWS32`
FileType	`VFT_APP`
Language	English - United States
CompanyName
FileDescription	DevCalc MFC Application
FileVersion (#2)	1, 0, 0, 1
InternalName	DevCalc
LegalCopyright	Copyright (C) 1999
LegalTrademarks
OriginalFilename	DevCalc.EXE
ProductName	DevCalc Application
ProductVersion (#2)	1, 0, 0, 1

Resource LangID	English - United States

TLS Callbacks

Load Configuration

RICH Header

94d48d46cfd9e02146288942226475e9

Summary

Plugin Output

Hashes

DOS Header

PE Header

Image Optional Header

.text

.rdata

.data

.idata

.rsrc

Imports

Delayed Imports

1

2

3

100

102

103

7

128

1 (#2)

String Table contents

Version Info

TLS Callbacks

Load Configuration

RICH Header

Errors