× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d5d65675886a6a67d332aef700250acc182cb9f4984f3dc709b5c04ec23a3d5
File name: nFSqqZI.exe
Detection ratio: 16 / 67
Analysis date: 2018-07-11 04:04:47 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180711
AVG FileRepMalware 20180711
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180710
Bkav HW32.Packed.7EF3 20180706
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180711
DrWeb Trojan.Packed 20180711
Endgame malicious (high confidence) 20180711
Fortinet W32/Kryptik.GIOF!tr 20180711
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.mc 20180710
Microsoft Trojan:Win32/Fuerboos.A!cl 20180711
Qihoo-360 HEUR/QVM20.1.6C83.Malware.Gen 20180711
Rising Malware.Heuristic!ET#94% (RDM+:cmRtazpoHcjb4fmZknnIJUm6OrD8) 20180711
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180710
Ad-Aware 20180711
AegisLab 20180711
AhnLab-V3 20180710
Alibaba 20180710
ALYac 20180711
Antiy-AVL 20180710
Arcabit 20180710
Avast-Mobile 20180711
Avira (no cloud) 20180710
AVware 20180711
Babable 20180406
BitDefender 20180711
CAT-QuickHeal 20180710
ClamAV 20180710
CMC 20180710
Comodo 20180711
Cybereason 20180225
Cyren 20180711
eGambit 20180711
Emsisoft 20180711
ESET-NOD32 20180711
F-Prot 20180711
F-Secure 20180711
GData 20180711
Ikarus 20180710
Jiangmin 20180711
K7AntiVirus 20180710
K7GW 20180711
Kaspersky 20180711
Kingsoft 20180711
Malwarebytes 20180711
MAX 20180711
McAfee 20180711
eScan 20180711
NANO-Antivirus 20180711
Palo Alto Networks (Known Signatures) 20180711
Panda 20180710
Sophos AV 20180711
SUPERAntiSpyware 20180710
TACHYON 20180711
Tencent 20180711
TheHacker 20180710
TrendMicro 20180711
TrendMicro-HouseCall 20180711
Trustlook 20180711
VBA32 20180710
VIPRE 20180711
ViRobot 20180710
Webroot 20180711
Yandex 20180709
Zillya 20180710
ZoneAlarm by Check Point 20180711
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name PrintIsolationHost.exe
Internal name kbdbu (3.13)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x000020D9
Number of sections 6
PE sections
PE imports
AddAccessDeniedAceEx
RegDisableReflectionKey
OpenServiceA
DeleteService
ReplaceTextW
CryptMemFree
GetDIBColorTable
CreateBrushIndirect
EndPath
GetVolumePathNamesForVolumeNameW
CompareStringW
LoadLibraryExA
GetThreadId
LocalAlloc
lstrlenA
GetNamedPipeServerSessionId
FlushProcessWriteBuffers
MultiByteToWideChar
FindActCtxSectionGuid
GetLongPathNameA
MprConfigTransportCreate
MprConfigGetGuidName
NdrPointerBufferSize
I_RpcFree
SHRegSetUSValueW
StrRStrIA
MapWindowPoints
GetMessageExtraInfo
SetCaretPos
GetFileVersionInfoSizeW
DeletePrinterDriverExW
strftime
StgCreateDocfile
PdhExpandWildCardPathHW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
11264

EntryPoint
0x20d9

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:17 08:40:12+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdbu (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
74240

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 574e8a770d3015816f138fd5d10d903a
SHA1 3d3efc7e31611fff415558572669c7fa6094e4fd
SHA256 2d5d65675886a6a67d332aef700250acc182cb9f4984f3dc709b5c04ec23a3d5
ssdeep
1536:57P1111Vo2KM9KfdhuPR79hbNVMaiMVw1Xy/Yok7hsjwO411111111111l1TfJlu:5j1111Vo2KM9ohuPR7jNVMaiMVw1Xy//

authentihash 7b5f150ad3ba3a23601ab4898500c8828db24f7f3378224121142e4ece05a62e
imphash 8a266e93333fad8314e501eb35f1f884
File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-11 03:39:29 UTC ( 7 months, 2 weeks ago )
Last submission 2018-07-11 18:46:03 UTC ( 7 months, 2 weeks ago )
File names 63200052.exe
PrintIsolationHost.exe
60448407.exe
288970698379.exe
13203838015.exe
nFSqqZI.exe
kbdbu (3.13)
54686861.exe
891562164.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!