win32calc.exe

  • File Path: C:\Windows\SysWOW64\win32calc.exe
  • Description: Windows Calculator

Screenshot

win32calc.exe

Hashes

Type Hash
MD5 60390523A3CDFA370EC3B8EA22036827
SHA1 36DFA2AAB49F1E9F430DA4568AD4AD6D716378D4
SHA256 4E0B5ADE22D9EFABA02635C2BACBDB942AECDBA9B017927B33900409712D852B
SHA384 4D872EEB38D05F65401CCC8C419F6E2A41EB003E3567BC8708E8094ED3C58A14D7C1B46E260D486C8CEF9C180E62BBBE
SHA512 0A690E9F06CCDBDF1B031EF890771D9970D6BCF828BBF77319864E1E03AC65CAF9DF7D1CDEF45F3BEB15198A175E9AF3BBF5D4C109BFB9A0340B3F9433CB70FD
SSDEEP 12288:7p5hDukHizi17kutVZuzs/Xj9TNoPph4l65HeeN7c6OhV:7pviziVkutVZuzs/Xj9aBql6Nehh
IMP 550229B8CA9B100CBA0AB24067A88FEC
PESHA1 273BF5FCBA6D5B77A17F8C6F92A81F2F6ADD6660
PE256 57C6ED542FEAF8083D6DD56DDA068D7F53A25202C5CEA62B47CFFD9DFB18D5D7

Runtime Data

Window Title:

Calculator

Open Handles:

Path Type
(R-D) C:\Windows\Fonts\StaticCache.dat File
(R-D) C:\Windows\SysWOW64\en-US\win32calc.exe.mui File
(RW-) C:\Users\user File
(RW-) C:\Windows File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.17763.1518_none_261b62a767ca4e6d File
(RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.17763.1518_none_5706558cc25cc83b File
\BaseNamedObjects__ComCatalogCache__ Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000004.db Section
\BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2.ro Section
\BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 Section
\BaseNamedObjects\NLS_CodePage_437_3_2_0_0 Section
\Sessions\2\Windows\Theme2131664586 Section
\Windows\Theme966197582 Section

Loaded Modules:

Path
C:\Windows\SYSTEM32\ntdll.dll
C:\Windows\System32\wow64.dll
C:\Windows\System32\wow64cpu.dll
C:\Windows\System32\wow64win.dll
C:\Windows\SysWOW64\win32calc.exe

Signature

  • Status: Signature verified.
  • Serial: 33000001C422B2F79B793DACB20000000001C4
  • Thumbprint: AE9C1AE54763822EEC42474983D8B635116C8452
  • Issuer: CN=Microsoft Windows Production PCA 2011, O=Microsoft Corporation, L=Redmond, S=Washington, C=US
  • Subject: CN=Microsoft Windows, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

File Metadata

  • Original Filename: WIN32CALC.EXE.MUI
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 10.0.17763.771 (WinBuild.160101.0800)
  • Product Version: 10.0.17763.771
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.
  • Machine Type: 32-bit

File Scan

  • VirusTotal Detections: 0/73
  • VirusTotal Link: https://www.virustotal.com/gui/file/4e0b5ade22d9efaba02635c2bacbdb942aecdba9b017927b33900409712d852b/detection/

File Similarity (ssdeep match)

File Score
C:\Windows\system32\win32calc.exe 30

Possible Misuse

The following table contains possible examples of win32calc.exe being misused. While win32calc.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
atomic-red-team T1574.011.md | weak_service_path | weak service path | String | %windir%\system32\win32calc.exe| MIT License. © 2018 Red Canary

MIT License. Copyright (c) 2020-2021 Strontic.