× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 4bbc0afc598c197f137d0617de4bd1ab8c6eef751accb83a5bb6ea02e6c047c0
File name: conhost.exe
Detection ratio: 49 / 68
Analysis date: 2017-11-03 04:15:11 UTC ( 9 months, 2 weeks ago )
Antivirus Result Update
Ad-Aware Trojan.Generic.20842443 20171103
AegisLab Tspy.Majikpos.Gen!c 20171103
AhnLab-V3 Spyware/Win32.Majikpos.C1861362 20171103
ALYac Trojan.Generic.20842443 20171103
Antiy-AVL Trojan/MSIL.MajikPOS 20171103
Arcabit Trojan.Generic.D13E07CB 20171103
Avast Win32:Malware-gen 20171103
AVG Win32:Malware-gen 20171103
Avira (no cloud) TR/Agent.qjrgj 20171103
AVware Trojan.Win32.Generic!BT 20171102
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9553 20171103
BitDefender Trojan.Generic.20842443 20171103
CAT-QuickHeal Trojanspy.Majikpos 20171102
Comodo UnclassifiedMalware 20171103
CrowdStrike Falcon (ML) malicious_confidence_80% (W) 20171016
Cybereason malicious.1b8fb7 20171030
Cylance Unsafe 20171103
Cyren W32/Trojan.UVRO-3346 20171103
DrWeb Trojan.PWS.Stealer.19143 20171103
Emsisoft Trojan.KeyLogger (A) 20171103
Endgame malicious (moderate confidence) 20171024
ESET-NOD32 a variant of MSIL/Agent.RSB 20171103
F-Secure Trojan.Generic.20842443 20171103
Fortinet MSIL/Agent.RSB!tr 20171103
GData MSIL.Trojan-Spy.Keylogger.P 20171103
Ikarus Trojan.MSIL.Agent 20171102
Sophos ML heuristic 20170914
K7AntiVirus Trojan ( 0050886b1 ) 20171102
K7GW Hacktool ( 655367771 ) 20171103
Kaspersky HEUR:Trojan.MSIL.MajikPOS.a 20171102
MAX malware (ai score=100) 20171103
McAfee Artemis!4357B41490EE 20171031
McAfee-GW-Edition Artemis!Trojan 20171103
Microsoft TrojanSpy:MSIL/Majikpos.A 20171103
eScan Trojan.Generic.20842443 20171103
NANO-Antivirus Trojan.Win32.MajikPOS.emqfjt 20171103
Palo Alto Networks (Known Signatures) generic.ml 20171103
Panda Trj/GdSda.A 20171102
Qihoo-360 Trojan.Generic 20171103
Sophos AV Mal/Generic-S 20171103
Symantec Trojan.Majikpos 20171103
Tencent Msil.Trojan.Majikpos.Pavn 20171103
TrendMicro TSPY_MAJIKPOS.SMA 20171103
TrendMicro-HouseCall TSPY_MAJIKPOS.SMA 20171103
VIPRE Trojan.Win32.Generic!BT 20171103
Webroot W32.Trojan.Gen 20171103
Yandex Trojan.MajikPOS! 20171102
Zillya Trojan.MajikPOS.Win32.1 20171102
ZoneAlarm by Check Point HEUR:Trojan.MSIL.MajikPOS.gen 20171103
Alibaba 20170911
Avast-Mobile 20171102
Bkav 20171102
ClamAV 20171102
CMC 20171102
eGambit 20171103
F-Prot 20171103
Jiangmin 20171103
Kingsoft 20171103
Malwarebytes 20171103
nProtect 20171103
Rising 20171103
SentinelOne (Static ML) 20171019
SUPERAntiSpyware 20171103
Symantec Mobile Insight 20171101
TheHacker 20171102
TotalDefense 20171103
Trustlook 20171103
VBA32 20171102
ViRobot 20171103
WhiteArmor 20171024
Zoner 20171103
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows command line subsystem.
FileVersionInfo properties
Copyright
Copyright © Microsoft 2016

Product Console Window Host
Original name conhost.exe
Internal name conhost.exe
File version 1.0.0.0
Description Console Window Host
Comments Console Window Host
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2017-02-20 14:15:10
Entry Point 0x000067CA
Number of sections 3
.NET details
Module Version ID 2c747a30-282c-46b6-95d4-e75a04f84a9b
TypeLib ID 433b53ce-b077-48c8-9e31-d5809923609b
PE sections
PE imports
_CorExeMain
Number of PE resources by type
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 2
PE resources
ExifTool file metadata
SubsystemVersion
4.0

Comments
Console Window Host

LinkerVersion
8.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
1.0.0.0

LanguageCode
Neutral

FileFlagsMask
0x003f

FileDescription
Console Window Host

CharacterSet
Unicode

InitializedDataSize
2048

EntryPoint
0x67ca

OriginalFileName
conhost.exe

MIMEType
application/octet-stream

LegalCopyright
Copyright Microsoft 2016

FileVersion
1.0.0.0

TimeStamp
2017:02:20 15:15:10+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
conhost.exe

ProductVersion
1.0.0.0

UninitializedDataSize
0

OSVersion
4.0

FileOS
Win32

Subsystem
Windows command line

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft

CodeSize
18432

ProductName
Console Window Host

ProductVersionNumber
1.0.0.0

FileTypeExtension
exe

ObjectFileType
Executable application

AssemblyVersion
1.0.0.0

File identification
MD5 4357b41490ee3768bfb64550b2989172
SHA1 6cef6171912cd964da6dc56d0aaf881763677859
SHA256 4bbc0afc598c197f137d0617de4bd1ab8c6eef751accb83a5bb6ea02e6c047c0
ssdeep
384:X/rYIkuPSMJHfX3Aoi/kNaPaya44ruqefEcmgbuzh+jrsW5:XDYIklMFuOai4wuywbuz2/

authentihash 8fac080528357a07f9098d16a7b0e8a2ce7a5f915ce4cca08451d60ba4a1200f
imphash f34d5f2d4577ed6d9ceec516c1f5a744
File size 20.5 KB ( 20992 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (console) Intel 80386 32-bit Mono/.Net assembly

TrID Generic CIL Executable (.NET, Mono, etc.) (63.1%)
Win64 Executable (generic) (23.8%)
Win32 Dynamic Link Library (generic) (5.6%)
Win32 Executable (generic) (3.8%)
Generic Win/DOS Executable (1.7%)
Tags
peexe assembly

VirusTotal metadata
First submission 2017-03-16 21:21:47 UTC ( 1 year, 5 months ago )
Last submission 2017-03-20 06:45:50 UTC ( 1 year, 4 months ago )
File names conhost.ex_
conhost.exe
conhost.exe
4bbc0afc598c197f137d0617de4bd1ab8c6eef751accb83a5bb6ea02e6c047c0.bin
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!