× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bbc0afc598c197f137d0617de4bd1ab8c6eef751accb83a5bb6ea02e6c047c0
File name: conhost.exe
Detection ratio: 46 / 69
Analysis date: 2018-10-04 02:55:14 UTC ( 2 weeks, 4 days ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20842443 20181004
AegisLab Trojan.Win32.Generic.4!c 20181004
AhnLab-V3 Spyware/Win32.Majikpos.C1861362 20181004
ALYac Trojan.Generic.20842443 20181004
Antiy-AVL Trojan/MSIL.MajikPOS 20181004
Arcabit Trojan.Generic.D13E07CB 20181004
Avast FileRepMalware 20181004
AVG FileRepMalware 20181004
Avira (no cloud) HEUR/AGEN.1009345 20181004
AVware Trojan.Win32.Generic!BT 20180925
BitDefender Trojan.Generic.20842443 20181004
CrowdStrike Falcon (ML) malicious_confidence_60% (D) 20180723
Cybereason malicious.490ee3 20180225
Cylance Unsafe 20181004
DrWeb Trojan.PWS.Stealer.19143 20181004
Emsisoft Trojan.KeyLogger (A) 20181004
Endgame malicious (moderate confidence) 20180730
ESET-NOD32 a variant of MSIL/Agent.RSB 20181003
F-Secure Trojan.Generic.20842443 20181004
Fortinet MSIL/Agent.RSB!tr 20181004
GData MSIL.Trojan-Spy.Keylogger.P 20181004
Ikarus Trojan.MSIL.Agent 20181003
Sophos ML heuristic 20180717
K7AntiVirus Trojan ( 0050886b1 ) 20181003
K7GW Trojan ( 0050886b1 ) 20181003
Kaspersky HEUR:Trojan.MSIL.MajikPOS.a 20181003
MAX malware (ai score=100) 20181004
McAfee Artemis!4357B41490EE 20181004
McAfee-GW-Edition Artemis!Trojan 20181004
Microsoft TrojanSpy:MSIL/Majikpos.A 20181004
eScan Trojan.Generic.20842443 20181004
NANO-Antivirus Trojan.Win32.MajikPOS.emqfjt 20181003
Palo Alto Networks (Known Signatures) generic.ml 20181004
Panda Trj/GdSda.A 20181003
Qihoo-360 Trojan.Generic 20181004
Rising Trojan.Agent!8.B1E (CLOUD) 20181003
Sophos AV Mal/Generic-S 20181004
Symantec Trojan.Majikpos 20181003
Tencent Msil.Trojan.Majikpos.Pavn 20181004
TrendMicro TSPY_MAJIKPOS.SMA 20181003
TrendMicro-HouseCall TSPY_MAJIKPOS.SMA 20181004
VIPRE Trojan.Win32.Generic!BT 20181004
Webroot W32.Trojan.Gen 20181004
Yandex Trojan.MajikPOS! 20180927
Zillya Trojan.MajikPOS.Win32.1 20181003
ZoneAlarm by Check Point HEUR:Trojan.MSIL.MajikPOS.gen 20180925
Alibaba 20180921
Avast-Mobile 20181003
Babable 20180918
Baidu 20180930
Bkav 20181003
CAT-QuickHeal 20181001
ClamAV 20181003
CMC 20181003
Comodo 20181003
Cyren 20181004
eGambit 20181004
F-Prot 20181004
Jiangmin 20181004
Kingsoft 20181004
Malwarebytes 20181004
SentinelOne (Static ML) 20180926
SUPERAntiSpyware 20180907
Symantec Mobile Insight 20181001
TACHYON 20181004
TheHacker 20181001
TotalDefense 20181003
Trustlook 20181004
VBA32 20181003
ViRobot 20181003
Zoner 20181004
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2016

Product Console Window Host
Original name conhost.exe
Internal name conhost.exe
File version 1.0.0.0
Description Console Window Host
Comments Console Window Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-20 14:15:10
Entry Point 0x000067CA
Number of sections 3
.NET details
Module Version ID 2c747a30-282c-46b6-95d4-e75a04f84a9b
TypeLib ID 433b53ce-b077-48c8-9e31-d5809923609b
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Console Window Host

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Console Window Host

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x67ca

OriginalFileName
conhost.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2016

FileVersion
1.0.0.0

TimeStamp
2017:02:20 15:15:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
conhost.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
18432

ProductName
Console Window Host

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 4357b41490ee3768bfb64550b2989172
SHA1 6cef6171912cd964da6dc56d0aaf881763677859
SHA256 4bbc0afc598c197f137d0617de4bd1ab8c6eef751accb83a5bb6ea02e6c047c0
ssdeep
384:X/rYIkuPSMJHfX3Aoi/kNaPaya44ruqefEcmgbuzh+jrsW5:XDYIklMFuOai4wuywbuz2/

authentihash 8fac080528357a07f9098d16a7b0e8a2ce7a5f915ce4cca08451d60ba4a1200f
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 20.5 KB ( 20992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (62.0%)
Win64 Executable (generic) (23.4%)
Win32 Dynamic Link Library (generic) (5.5%)
Win32 Executable (generic) (3.8%)
OS/2 Executable (generic) (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-03-16 21:21:47 UTC ( 1 year, 7 months ago )
Last submission 2017-03-20 06:45:50 UTC ( 1 year, 7 months ago )
File names conhost.ex_
conhost.exe
conhost.exe
4bbc0afc598c197f137d0617de4bd1ab8c6eef751accb83a5bb6ea02e6c047c0.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!