× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 2d91a52993e45f7cddab7a0ddc564db9508e8393af87925a28a61a80955d618d
File name: LjIOHIDAke.exe
Detection ratio: 16 / 67
Analysis date: 2018-07-11 09:06:16 UTC ( 3 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180711
AVG FileRepMalware 20180711
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180711
Bkav HW32.Packed.2EB0 20180711
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.077600 20180225
Cylance Unsafe 20180711
DrWeb Trojan.Packed 20180711
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIRJ 20180711
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.mc 20180711
Qihoo-360 HEUR/QVM20.1.6DC9.Malware.Gen 20180711
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazp2tP5sjqS8pFSMrir/M6NK) 20180711
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180711
Ad-Aware 20180711
AegisLab 20180711
AhnLab-V3 20180711
ALYac 20180711
Antiy-AVL 20180710
Arcabit 20180710
Avast-Mobile 20180711
Avira (no cloud) 20180710
AVware 20180711
BitDefender 20180711
CAT-QuickHeal 20180711
ClamAV 20180711
CMC 20180711
Comodo 20180711
Cyren 20180711
eGambit 20180711
Emsisoft 20180711
F-Prot 20180711
F-Secure 20180711
Fortinet 20180711
GData 20180711
Ikarus 20180711
Jiangmin 20180711
K7AntiVirus 20180711
K7GW 20180711
Kaspersky 20180711
Kingsoft 20180711
Malwarebytes 20180711
MAX 20180711
McAfee 20180711
Microsoft 20180711
eScan 20180711
NANO-Antivirus 20180711
Palo Alto Networks (Known Signatures) 20180711
Panda 20180710
Sophos AV 20180711
SUPERAntiSpyware 20180711
TACHYON 20180711
Tencent 20180711
TheHacker 20180710
TotalDefense 20180711
TrendMicro 20180711
TrendMicro-HouseCall 20180711
Trustlook 20180711
VBA32 20180710
VIPRE 20180711
ViRobot 20180711
Webroot 20180711
Yandex 20180711
Zillya 20180710
ZoneAlarm by Check Point 20180711
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name PrintIsolationHost.exe
Internal name kbdbu (3.13)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x000022E9
Number of sections 6
PE sections
PE imports
AddAccessDeniedAceEx
RegDisableReflectionKey
OpenServiceA
DeleteService
ReplaceTextW
CryptMemFree
GetDIBColorTable
EndPath
CreateBrushIndirect
GetVolumePathNamesForVolumeNameW
CompareStringW
LoadLibraryExA
GetThreadId
LocalAlloc
lstrlenA
GetNamedPipeServerSessionId
FlushProcessWriteBuffers
MultiByteToWideChar
FindActCtxSectionGuid
GetLongPathNameA
MprConfigTransportCreate
MprConfigGetGuidName
I_RpcFree
NdrPointerBufferSize
SHRegSetUSValueW
StrRStrIA
MapWindowPoints
GetMessageExtraInfo
SetCaretPos
GetFileVersionInfoSizeW
DeletePrinterDriverExW
strftime
StgCreateDocfile
PdhExpandWildCardPathHW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
11264

EntryPoint
0x22e9

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:17 07:40:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdbu (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
75264

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 a80237ba7b72ec3ff6f88e2ff2ef4134
SHA1 63a33c907760028e619f2ac1cfe09e9825cbceec
SHA256 2d91a52993e45f7cddab7a0ddc564db9508e8393af87925a28a61a80955d618d
ssdeep
1536:WJx1ZSvl3WqvMoKuQEvAcRTwKSW1ByCqgMo26qZ40fLEKY0j:WJx1ZmKuQ7iTwKvjLGo2ZrEKhj

authentihash 97a175966934d4f08cdf5b0fd9758dcd8fd16354f614788a8ae19898d2f11e01
imphash b6a710f552b6d30c206485fa2c4cf389
File size 81.5 KB ( 83456 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-11 09:06:16 UTC ( 3 months, 1 week ago )
Last submission 2018-07-11 09:06:16 UTC ( 3 months, 1 week ago )
File names kbdbu (3.13)
281083680113.exe
PrintIsolationHost.exe
LjIOHIDAke.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!