× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 288114e12fc25a1374c935c47ad0df1242e461bfb48b47e555338df61fed7dab
File name: SqiwcR34IXcsmGX.exe
Detection ratio: 14 / 68
Analysis date: 2018-07-08 22:13:38 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9981 20180706
Bkav HW32.Packed.3B92 20180706
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180708
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/GenKryptik.CERS 20180708
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.lc 20180708
Microsoft Trojan:Win32/Emotet.AC!bit 20180708
Panda Generic Suspicious 20180708
Qihoo-360 HEUR/QVM20.1.5FD1.Malware.Gen 20180708
Rising Malware.Heuristic!ET#95% (RDM+:cmRtazr3e7a4Qe8bDuKSovFeBT1i) 20180708
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180708
Ad-Aware 20180708
AegisLab 20180708
AhnLab-V3 20180708
ALYac 20180708
Antiy-AVL 20180708
Arcabit 20180708
Avast 20180708
Avast-Mobile 20180708
AVG 20180708
Avira (no cloud) 20180708
AVware 20180708
Babable 20180406
BitDefender 20180708
CAT-QuickHeal 20180708
ClamAV 20180708
CMC 20180708
Comodo 20180708
Cybereason 20180225
Cyren 20180708
DrWeb 20180708
eGambit 20180708
Emsisoft 20180708
F-Prot 20180708
F-Secure 20180708
Fortinet 20180708
GData 20180708
Ikarus 20180708
Jiangmin 20180708
K7AntiVirus 20180708
K7GW 20180708
Kaspersky 20180708
Kingsoft 20180708
Malwarebytes 20180708
MAX 20180708
McAfee 20180708
eScan 20180708
NANO-Antivirus 20180708
Palo Alto Networks (Known Signatures) 20180708
Sophos AV 20180708
SUPERAntiSpyware 20180708
TACHYON 20180708
Tencent 20180708
TheHacker 20180708
TotalDefense 20180708
TrendMicro 20180708
TrendMicro-HouseCall 20180708
Trustlook 20180708
VBA32 20180707
VIPRE 20180708
ViRobot 20180708
Webroot 20180708
Yandex 20180706
Zillya 20180706
ZoneAlarm by Check Point 20180708
Zoner 20180708
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name PrintIsolationHost.exe
Internal name kbdbu (3.13)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x00001970
Number of sections 6
PE sections
PE imports
DeleteService
GetThreadId
SetHandleCount
FlushProcessWriteBuffers
lstrlenA
FillConsoleOutputAttribute
SetupDiCreateDevRegKeyW
SetupDiCreateDeviceInfoW
StrChrA
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
9728

EntryPoint
0x1970

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:17 07:40:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdbu (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
72704

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 a0ff7289f3b66d0c0b27a73e4fd25bdb
SHA1 b1aacf998941a27da17a2dc06c06a6dae168ea1e
SHA256 288114e12fc25a1374c935c47ad0df1242e461bfb48b47e555338df61fed7dab
ssdeep
1536:QFc7t+ZxBfmF8p84yo+pHJQjxhqsWJ/pVf3rtAukYXarBtCj:QFwt+ZrmKpQo2+q77tlkYMQ

authentihash 4eb0c0475855d4457ac6dc80f4c08af7d6393cd0f3b23dab70ce31b9355ff392
imphash 33e14bf15e24268674d0cef353fb58f4
File size 77.5 KB ( 79360 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-08 22:13:38 UTC ( 3 months, 1 week ago )
Last submission 2018-07-08 22:13:38 UTC ( 3 months, 1 week ago )
File names kbdbu (3.13)
SqiwcR34IXcsmGX.exe
PrintIsolationHost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!