× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 48b1024f599c3184a49c0d66c5600385265b9868d0936134185326e2db0ab441
File name: 48b1024f599c3184a49c0d66c5600385265b9868d0936134185326e2db0ab441
Detection ratio: 1 / 60
Analysis date: 2017-05-24 07:53:25 UTC ( 2 years ago ) View latest
Antivirus Result Update
Webroot W32.Trojan.Gen 20170524
Ad-Aware 20170524
AegisLab 20170524
AhnLab-V3 20170524
Alibaba 20170524
ALYac 20170524
Antiy-AVL 20170524
Arcabit 20170524
Avast 20170524
AVG 20170524
Avira (no cloud) 20170524
AVware 20170524
BitDefender 20170524
Bkav 20170524
CAT-QuickHeal 20170524
ClamAV 20170524
CMC 20170523
Comodo 20170524
CrowdStrike Falcon (ML) 20170130
Cyren 20170524
DrWeb 20170524
Emsisoft 20170524
Endgame 20170515
ESET-NOD32 20170524
F-Prot 20170524
F-Secure 20170524
Fortinet 20170524
GData 20170524
Ikarus 20170524
Sophos ML 20170519
Jiangmin 20170524
K7AntiVirus 20170524
K7GW 20170524
Kaspersky 20170524
Kingsoft 20170524
Malwarebytes 20170524
McAfee 20170524
McAfee-GW-Edition 20170523
Microsoft 20170524
eScan 20170524
NANO-Antivirus 20170524
nProtect 20170524
Palo Alto Networks (Known Signatures) 20170524
Panda 20170523
Qihoo-360 20170524
Rising 20170523
SentinelOne (Static ML) 20170516
Sophos AV 20170524
SUPERAntiSpyware 20170524
Symantec 20170524
Symantec Mobile Insight 20170524
Tencent 20170524
TheHacker 20170522
TrendMicro 20170524
TrendMicro-HouseCall 20170524
Trustlook 20170524
VBA32 20170523
VIPRE 20170524
ViRobot 20170524
WhiteArmor 20170524
Yandex 20170518
Zillya 20170523
ZoneAlarm by Check Point 20170524
Zoner 20170524
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2017

Product nohost.exe
Original name nohost.exe.exe
Internal name nohost.exe.exe
File version 1.0.0.0
Description nohost.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-05-19 00:25:10
Entry Point 0x000026FE
Number of sections 3
.NET details
Module Version ID 58468ca3-5714-48b2-922b-f5f57cc3fd80
TypeLib ID a0ff9477-ac26-49fb-9295-cdcf8a6c624a
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

InitializedDataSize
2048

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
nohost.exe

ImageFileCharacteristics
Executable, Large address aware

CharacterSet
Unicode

LinkerVersion
48.0

EntryPoint
0x26fe

OriginalFileName
nohost.exe.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2017

FileVersion
1.0.0.0

TimeStamp
2017:05:19 02:25:10+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
nohost.exe.exe

ProductVersion
1.0.0.0

SubsystemVersion
4.0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
2048

ProductName
nohost.exe

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

Compressed bundles
File identification
MD5 0e83b186a4d067299df2db817b724eb7
SHA1 1e24f6dfdcfac543d89e6e4ee8f2d9fc4321f264
SHA256 48b1024f599c3184a49c0d66c5600385265b9868d0936134185326e2db0ab441
ssdeep
48:64j9vTTxuNwMMXfDlwH+tdMmZWP+6VlXH6W/6Lf6cF2pfbNtm:JTjfDWe/vWfl9XzNt

authentihash 09a1699e1813231288efd4fbf20173f479785c3af0647a8d2625aa1f4a45c715
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 4.5 KB ( 4608 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (81.0%)
Win32 Dynamic Link Library (generic) (7.2%)
Win32 Executable (generic) (4.9%)
OS/2 Executable (generic) (2.2%)
Generic Win/DOS Executable (2.2%)
Tags
peexe assembly via-tor

VirusTotal metadata
First submission 2017-05-19 10:39:14 UTC ( 2 years ago )
Last submission 2019-03-14 07:13:05 UTC ( 2 months, 1 week ago )
File names 48b1024f599c3184a49c0d66c5600385265b9868d0936134185326e2db0ab441
drprov.dll
039stamparm.exe
nohost.exe.exe
taskhost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!