home

CALC.EXE

Windows Calculator application file

Microsoft Corporation

It is installed as part of the Windows XP OS. The file has been seen being downloaded from us.yorfile.com and multiple other hosts.
Publisher:
Microsoft Corporation

Product:
Microsoft® Windows® Operating System

Description:
Windows Calculator application file

 
Part of the Windows XP Operating System

Version:
5.1.2600.0 (xpclient.010817-1148)

MD5:
829e4805b0e12b383ee09abdc9e2dc3c

SHA-1:
5a272b7441328e09704b6d7eabdbd51b8858fde4

SHA-256:
37121ecb7c1e112b735bd21b0dfe3e526352ecb98c434c5f40e6a2a582380cdd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)
Whitelisted  (by digital signature)

Analysis date:
4/16/2024 12:37:36 PM UTC  (today)

File size:
112 KB (114,688 bytes)

Product version:
5.1.2600.0

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
CALC.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Windows\System32\calc.exe

File PE Metadata
Compilation timestamp:
8/17/2001 4:52:32 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.0

CTPH (ssdeep):
1536:JEl14rQcWAkN7GAlqbkfAGQGV8aMbrNyrf1w+noPvLV6eBsCXKc:JYmZWXyaiedMbrN6pnoXL1BsC

Entry address:
0x12475

Entry point:
6A, 70, 68, E0, 15, 00, 01, E8, 47, 03, 00, 00, 33, DB, 53, 8B, 3D, 20, 10, 00, 01, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03, C8, 81, 39, 50, 45, 00, 00, 75, 12, 0F, B7, 41, 18, 3D, 0B, 01, 00, 00, 74, 1F, 3D, 0B, 02, 00, 00, 74, 05, 89, 5D, E4, EB, 27, 83, B9, 84, 00, 00, 00, 0E, 76, F2, 33, C0, 39, 99, F8, 00, 00, 00, EB, 0E, 83, 79, 74, 0E, 76, E2, 33, C0, 39, 99, E8, 00, 00, 00, 0F, 95, C0, 89, 45, E4, 89, 5D, FC, 6A, 02, FF, 15, 0C, 12, 00, 01, 59, 83, 0D, 10, 50, 01, 01, FF, 83, 0D, 14, 50...
 
[+]

Entropy:
6.0036

Developed / compiled with:
Microsoft Visual C++ v7.1

Code size:
74 KB (75,776 bytes)

The file CALC.EXE has been seen being distributed by the following 9 URLs.

http://us.yorfile.com/YourFileDownloader.exe

https://webmail4.networksolutionsemail.com/appsuite/api/.../calc.exe

ftp://ftp.hp.com/pub/automatic/BlackMagic/blackmagic/.../calc.exe

https://scontent-hkg3-1.xx.fbcdn.net/hphotos-xfp1/v/.../12463609_531230980371809_2069084213_n.jpg?oh=cdb1c81d316aa18e095fbdc6d450a4e3&oe=56A8466E

http://149.202.146.182/.../bt/ppt.php

https://us.yfloader.com/YourFileDownloader.exe

http://yourfiledownloader.com/YourFileDownloader.exe

http://yourfile-downloader.net/YourFileDownloader.exe

http://webcourse.cs.technion.ac.il/236653/Spring2014/ho/.../calc.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.