× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 126701782650fa23c14f1e5a06ddb222b875992071598e3b8ced8f3d5cf0257d
File name: output.113559900.txt
Detection ratio: 26 / 64
Analysis date: 2018-07-06 00:49:52 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.31051232 20180706
AegisLab Packer.Generic!c 20180705
Avast FileRepMalware 20180706
AVG FileRepMalware 20180706
BitDefender Trojan.GenericKD.31051232 20180706
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cybereason malicious.aea1e9 20180225
Cyren W32/Trojan.ZTSP-4277 20180705
Emsisoft Trojan.Emotet (A) 20180705
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Emotet.BK 20180706
Fortinet W32/Kryptik.GEWE!tr 20180706
Sophos ML heuristic 20180601
Kaspersky UDS:DangerousObject.Multi.Generic 20180706
MAX malware (ai score=94) 20180706
McAfee RDN/Generic.grp 20180706
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180705
eScan Trojan.GenericKD.31051232 20180706
Palo Alto Networks (Known Signatures) generic.ml 20180706
Qihoo-360 HEUR/QVM20.1.4DC3.Malware.Gen 20180706
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180705
Symantec Packed.Generic.517 20180705
VBA32 BScope.TrojanBanker.Emotet 20180705
Webroot W32.Trojan.Emotet 20180706
ZoneAlarm by Check Point Trojan.Win32.Dovs.pdu 20180706
AhnLab-V3 20180705
ALYac 20180706
Antiy-AVL 20180706
Arcabit 20180706
Avast-Mobile 20180705
Avira (no cloud) 20180705
AVware 20180706
Babable 20180406
Baidu 20180705
Bkav 20180705
CAT-QuickHeal 20180705
ClamAV 20180705
CMC 20180705
Comodo 20180705
DrWeb 20180705
eGambit 20180706
F-Prot 20180705
F-Secure 20180705
GData 20180705
Ikarus 20180705
Jiangmin 20180706
K7AntiVirus 20180705
K7GW 20180705
Kingsoft 20180706
Malwarebytes 20180706
Microsoft 20180706
NANO-Antivirus 20180705
Panda 20180705
SUPERAntiSpyware 20180705
TACHYON 20180705
Tencent 20180706
TheHacker 20180628
TotalDefense 20180705
Trustlook 20180706
VIPRE 20180706
ViRobot 20180705
Yandex 20180705
Zillya 20180705
Zoner 20180705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Internal name PrintIsolationHost.exe
Description ВериБИГUnicode
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2018-07-05 18:30:19
Entry Point 0x00015C51
Number of sections 5
PE sections
PE imports
GetThreadId
GetUserDefaultLCID
MprConfigInterfaceTransportRemove
VarCyCmp
Ord(30)
Number of PE resources by type
RT_DIALOG 21
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 2
HEBREW DEFAULT 1
HUNGARIAN DEFAULT 1
VIETNAMESE DEFAULT 1
CHINESE SIMPLIFIED 1
SLOVENIAN DEFAULT 1
CZECH DEFAULT 1
FINNISH DEFAULT 1
KOREAN 1
NEUTRAL DEFAULT 1
PORTUGUESE 1
POLISH DEFAULT 1
JAPANESE DEFAULT 1
DANISH DEFAULT 1
SLOVAK DEFAULT 1
GREEK DEFAULT 1
TURKISH DEFAULT 1
ROMANIAN 1
THAI DEFAULT 1
SERBIAN DEFAULT 1
NEUTRAL 1
RUSSIAN 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
14.1

ImageVersion
0.0

FileVersionNumber
1.2.0.6

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Unicode

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
21504

EntryPoint
0x15c51

MIMEType
application/octet-stream

Subsystem
Windows GUI

TimeStamp
2018:07:05 18:30:19+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
PrintIsolationHost.exe

SubsystemVersion
5.0

OSVersion
5.0

FileOS
Win32

LegalCopyright
Microsoft Corporation. All rights reserved.

MachineType
Intel 386 or later, and compatibles

CompanyName
11111 Corporation

CodeSize
89600

FileSubtype
0

ProductVersionNumber
1.2.0.6

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 1b4bb50e395ff9bdfa5c3c0f555fc4f1
SHA1 b25f084aea1e94b527f329e1146ee0feecf89eb8
SHA256 126701782650fa23c14f1e5a06ddb222b875992071598e3b8ced8f3d5cf0257d
ssdeep
1536:I0hm8TMk74yMqGzR+Xrdg+2mn4/Wt/AK/IDuGRgRZj:ICzMyMHzGrdgR/Wt/b4uGRgRZ

authentihash c3c1cfa5e0f5dbe946959241a3adf8513159a34d27abe78cc0860bbeafa0e5f8
imphash 18591f1e6fb8cf3376ad14a113b832b4
File size 105.5 KB ( 108032 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID Win32 Executable (generic) (35.7%)
Win16/32 Executable Delphi generic (16.4%)
OS/2 Executable (generic) (16.0%)
Generic Win/DOS Executable (15.8%)
DOS Executable Generic (15.8%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-05 18:33:30 UTC ( 7 months, 3 weeks ago )
Last submission 2018-08-04 18:00:03 UTC ( 6 months, 3 weeks ago )
File names ElXLUIgjJu8nQSUf5.exe
0682325.exe
27697411.exe
output.113570428.txt
PrintIsolationHost.exe
407132.exe
63182789.exe
695584.exe
8.exe
5.exe
output.113570427.txt
994.exe
18932.exe
008.exe
7619.exe
boldinaturned.exe
output.113566319.txt
501043.exe
930416.exe
output.113559900.txt
50750471.exe
Advanced heuristic and reputation engines
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!