win32calc.exe
- File Path:
C:\Windows\system32\win32calc.exe - Description: Windows Calculator
Screenshot
Hashes
| Type | Hash |
|---|---|
| MD5 | 46CDCA3D2EB9B837EC3C4CDA60D0D0D9 |
| SHA1 | EC73FCAB989C8D525FE3BBCC3736BC3E6192A112 |
| SHA256 | 3E2300394C15B59A964EAB45D9EB96D317650E2F7448FD1B4AE825A134402B7A |
| SHA384 | 8A2859D7B84CC78C77610FADCD00809C3616EB378279516EB9170DA0693409174E4F37463CBB3D63D285948494BD4C44 |
| SHA512 | D7264A701B04E4AF1344018E99EA9E4199EA4B5AEDAB29222D9FB01AFF2AD201E77A9E57A82133053379C327F686D3278749A1A160596614FB1C6BB4A026BFB3 |
| SSDEEP | 12288:P8aCOcE5uPG8aoSyTc7wGlsOOwCXDYferUAHeeN7c6O:PbP5mGzL7wYOwCXDY2rUmeh |
| IMP | BDE48881DABC2774907583E3DE072A63 |
| PESHA1 | BB8A214B9E1EB2FA49ACBE08C899571CEAE6AD57 |
| PE256 | F4A61C49F81E474373C38CC4B57104FED8E7A4C21636953C75A85047C1A7CCC3 |
Runtime Data
Window Title:
Calculator
Open Handles:
| Path | Type |
|---|---|
| (R-D) C:\Windows\Fonts\StaticCache.dat | File |
| (R-D) C:\Windows\System32\en-US\win32calc.exe.mui | File |
| (RW-) C:\Users\user | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567 | File |
| (RW-) C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17763.1518_none_0f591eb5ade09f35 | File |
| \BaseNamedObjects__ComCatalogCache__ | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db | Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro | Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 | Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 | Section |
| \Sessions\2\Windows\Theme2131664586 | Section |
| \Windows\Theme966197582 | Section |
Loaded Modules:
| Path |
|---|
| C:\Windows\System32\advapi32.dll |
| C:\Windows\System32\bcryptPrimitives.dll |
| C:\Windows\System32\cfgmgr32.dll |
| C:\Windows\System32\combase.dll |
| C:\Windows\System32\cryptsp.dll |
| C:\Windows\System32\GDI32.dll |
| C:\Windows\System32\gdi32full.dll |
| C:\Windows\System32\kernel.appcore.dll |
| C:\Windows\System32\KERNEL32.DLL |
| C:\Windows\System32\KERNELBASE.dll |
| C:\Windows\System32\msvcp_win.dll |
| C:\Windows\System32\msvcrt.dll |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\ole32.dll |
| C:\Windows\System32\OLEAUT32.dll |
| C:\Windows\System32\powrprof.dll |
| C:\Windows\System32\profapi.dll |
| C:\Windows\System32\RPCRT4.dll |
| C:\Windows\System32\sechost.dll |
| C:\Windows\System32\shcore.dll |
| C:\Windows\System32\SHELL32.dll |
| C:\Windows\System32\shlwapi.dll |
| C:\Windows\System32\ucrtbase.dll |
| C:\Windows\System32\USER32.dll |
| C:\Windows\system32\UxTheme.dll |
| C:\Windows\system32\win32calc.exe |
| C:\Windows\System32\win32u.dll |
| C:\Windows\System32\windows.storage.dll |
| C:\Windows\system32\WINMM.dll |
| C:\Windows\system32\WINMMBASE.dll |
| C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_de6e2bd0534e2567\COMCTL32.dll |
| C:\Windows\WinSxS\amd64_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17763.1518_none_0f591eb5ade09f35\gdiplus.dll |
Signature
- Status: Signature verified.
- Serial:
33000001C422B2F79B793DACB20000000001C4 - Thumbprint:
AE9C1AE54763822EEC42474983D8B635116C8452 - Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
- Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
File Metadata
- Original Filename: WIN32CALC.EXE.MUI
- Product Name: Microsoft Windows Operating System
- Company Name: Microsoft Corporation
- File Version: 10.0.17763.771 (WinBuild.160101.0800)
- Product Version: 10.0.17763.771
- Language: English (United States)
- Legal Copyright: Microsoft Corporation. All rights reserved.
- Machine Type: 64-bit
File Scan
- VirusTotal Detections: 0/66
- VirusTotal Link: https://www.virustotal.com/gui/file/3e2300394c15b59a964eab45d9eb96d317650e2f7448fd1b4ae825a134402b7a/detection/
File Similarity (ssdeep match)
| File | Score |
|---|---|
| C:\Windows\SysWOW64\win32calc.exe | 30 |
Possible Misuse
The following table contains possible examples of win32calc.exe being misused. While win32calc.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.
| Source | Source File | Example | License |
|---|---|---|---|
| atomic-red-team | T1574.011.md | | weak_service_path | weak service path | String | %windir%\system32\win32calc.exe| | MIT License. © 2018 Red Canary |
MIT License. Copyright (c) 2020-2021 Strontic.