QBot phishing uses Windows Calculator DLL hijacking to infect devices>
Bleeping Computer – Bill Toulas
The operators of the QBot malware have been using a DLL hijacking flaw in Windows Calculator to infect computers, which also helps evade detection by security software.

When the executable is launched, it will find the malicious version with the same name in the same folder, loading that instead and infecting the computer.

Security researcher ProxyLife recently discovered that Qakbot, has been abusing the the Windows 7 Calculator app for DLL hijacking attacks since at least July 11. The method continues to be used in malspam campaigns.
Link: https://www.bleepingcomputer.com/news/security/qbot-phishing-uses-windows-calculator-dll-hijacking-to-infect-devices/