popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2052-03-17 07:37:19

PDB Path

calc.pdb

PE Imphash

ba072a972fe6c47c8cf7a0347bb0af7a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00001094 0x00001200 5.48911724941
.data 0x00003000 0x00000400 0x00000200 0.24044503451
.idata 0x00004000 0x000004a8 0x00000600 4.06886915216
.rsrc 0x00005000 0x00004708 0x00004800 2.81285871188
.reloc 0x0000a000 0x00000170 0x00000200 4.90847258671

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00007120 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4282795590, next used block 4282795590
RT_ICON 0x00007120 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4282795590, next used block 4282795590
RT_ICON 0x00007120 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4282795590, next used block 4282795590
RT_ICON 0x00007120 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4282795590, next used block 4282795590
RT_GROUP_ICON 0x000096c8 0x0000003e LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x00005670 0x00000384 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000051e0 0x0000048f LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library SHELL32.dll:
0x404038 ShellExecuteW
Library KERNEL32.dll:
0x404014 GetCurrentProcess
0x404018 TerminateProcess
0x404020 GetCurrentProcessId
0x404024 GetCurrentThreadId
0x40402c GetTickCount
Library msvcrt.dll:
0x404058 _amsg_exit
0x40405c __p__fmode
0x404060 __setusermatherr
0x404064 _initterm
0x404068 _wcmdln
0x40406c ?terminate@@YAXXZ
0x404070 _controlfp
0x404074 _exit
0x404078 exit
0x40407c __p__commode
0x404080 _XcptFilter
0x404084 __set_app_type
0x40408c __wgetmainargs
0x404090 _cexit
Library ADVAPI32.dll:
0x404000 EventSetInformation
0x404004 EventWriteTransfer
0x404008 EventRegister
Library api-ms-win-core-synch-l1-2-0.dll:
0x404050 Sleep
Library api-ms-win-core-processthreads-l1-1-0.dll:
0x404048 GetStartupInfoW
Library api-ms-win-core-libraryloader-l1-2-0.dll:
0x404040 GetModuleHandleW
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
CalculatorStarted
CalculatorWinMain
"CalculatorStarted"
MicrosoftCalculator
calc.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$voltmd
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.text$mn
.xdata$x
.data$brc
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
jXh8 @
ShellExecuteW
SHELL32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
KERNEL32.dll
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
EventRegister
EventSetInformation
EventWriteTransfer
ADVAPI32.dll
GetStartupInfoW
GetModuleHandleW
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.Shell.calc"
processorArchitecture="x86"
version="5.1.0.0"
type="win32"/>
<description>Windows Shell</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
</assembly>
0D0H0P0X0
6#6)6.636:6S6`6f6l6
727F7O7b7l7|7
8%8,838:8A8G8S8^8i8n8s8y8
9,959>9S9h9p9
:,:@:S:u:
; ;';s;};
;)<I<Q<W<d<~<
0L0P0l0p0
ms-calculator:
IDI_CALC_ICON
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Windows Calculator
FileVersion
10.0.20348.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
CALC.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.20348.1
VarFileInfo
Translation
Antivirus Signature
Bkav Clean
Lionic Clean
Elastic Clean
DrWeb Clean
MicroWorld-eScan Clean
FireEye Clean
CAT-QuickHeal Clean
McAfee Clean
Cylance Clean
VIPRE Clean
Sangfor Clean
K7AntiVirus Clean
BitDefender Clean
K7GW Clean
Cybereason Clean
BitDefenderTheta Clean
VirIT Clean
Cyren Clean
Symantec Clean
tehtris Clean
ESET-NOD32 Clean
Zoner Clean
TrendMicro-HouseCall Clean
Paloalto Clean
ClamAV Clean
Kaspersky Clean
Alibaba Clean
NANO-Antivirus Clean
ViRobot Clean
Rising Clean
Ad-Aware Clean
TACHYON Clean
Emsisoft Clean
Comodo Clean
F-Secure Clean
Baidu Clean
Zillya Clean
TrendMicro Clean
McAfee-GW-Edition Clean
Trapmine Clean
Sophos Clean
Ikarus Clean
GData Clean
Jiangmin Clean
Webroot Clean
Google Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Clean
Gridinsoft Clean
Arcabit Clean
SUPERAntiSpyware Clean
ZoneAlarm Clean
Microsoft Clean
Cynet Clean
AhnLab-V3 Clean
Acronis Clean
VBA32 Clean
ALYac Clean
MAX Clean
Malwarebytes Clean
Panda Clean
APEX Clean
Tencent Clean
Yandex Clean
SentinelOne Clean
MaxSecure Clean
Fortinet Clean
Avast Clean
CrowdStrike Clean
No IRMA results available.