× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 59149bf399f24df4e53a141ed6bab642e512fa619a3fef65766fa43926f705c3
File name: qghO1woxOLX.exe
Detection ratio: 12 / 69
Analysis date: 2018-07-11 14:07:37 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180711
Bkav HW32.Packed.E7C3 20180711
CrowdStrike Falcon (ML) malicious_confidence_90% (D) 20180530
Cylance Unsafe 20180711
Endgame malicious (moderate confidence) 20180711
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.lc 20180711
Panda Generic Suspicious 20180711
Qihoo-360 HEUR/QVM20.1.6EA0.Malware.Gen 20180711
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazq5U906sepBHwPH+HqOFUBG) 20180711
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180711
Ad-Aware 20180711
AegisLab 20180711
AhnLab-V3 20180711
Alibaba 20180711
ALYac 20180711
Antiy-AVL 20180711
Arcabit 20180711
Avast 20180711
Avast-Mobile 20180711
AVG 20180711
Avira (no cloud) 20180710
AVware 20180711
Babable 20180406
BitDefender 20180711
CAT-QuickHeal 20180711
ClamAV 20180711
CMC 20180711
Comodo 20180711
Cybereason 20180225
Cyren 20180711
DrWeb 20180711
eGambit 20180711
Emsisoft 20180711
ESET-NOD32 20180711
F-Prot 20180711
F-Secure 20180711
Fortinet 20180711
GData 20180711
Ikarus 20180711
Jiangmin 20180711
K7AntiVirus 20180711
K7GW 20180711
Kaspersky 20180711
Kingsoft 20180711
Malwarebytes 20180711
MAX 20180711
McAfee 20180711
Microsoft 20180711
eScan 20180711
NANO-Antivirus 20180711
Palo Alto Networks (Known Signatures) 20180711
Sophos AV 20180711
SUPERAntiSpyware 20180711
TACHYON 20180711
Tencent 20180711
TheHacker 20180710
TotalDefense 20180711
TrendMicro 20180711
TrendMicro-HouseCall 20180711
Trustlook 20180711
VBA32 20180711
VIPRE 20180711
ViRobot 20180711
Webroot 20180711
Yandex 20180711
Zillya 20180710
ZoneAlarm by Check Point 20180711
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name PrintIsolationHost.exe
Internal name kbdbu (3.13)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x00001881
Number of sections 6
PE sections
PE imports
RegDisableReflectionKey
LocalAlloc
lstrlenA
LoadLibraryExA
MprConfigGetGuidName
SHRegSetUSValueW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
9728

EntryPoint
0x1881

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:17 07:40:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdbu (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
72192

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 6285af7df0918a2dd2395b6465f2f464
SHA1 73d21359798c9eb2823ee422baeb7ece14d0ddab
SHA256 59149bf399f24df4e53a141ed6bab642e512fa619a3fef65766fa43926f705c3
ssdeep
1536:Yuvuuuuuuuuuut1m9KSApXKUuuuuCkYyoE6jDayQ7AVAZUEbrpObIuuuuIEP:LrpXFYyoE6jDzNBirQwD

authentihash b1a9049d159f626b0935cb281f08b7ec5690c3e6d20267cf02ded7a8df84c519
imphash 91804c7d568f303c1e5055a78147cf58
File size 77.0 KB ( 78848 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-11 14:07:37 UTC ( 7 months, 1 week ago )
Last submission 2018-10-01 11:02:34 UTC ( 4 months, 2 weeks ago )
File names 5880342.exe
PrintIsolationHost.exe
833.exe
15544.exe
1525582.exe
700836.exe
97982054.exe
7433622.exe
64171.exe
kbdbu (3.13)
87453.exe
60556.exe
760264.exe
qghO1woxOLX.exe
2.exe
22740136.exe
320.exe
538.exe
491322.exe
6713.exe
851.exe
6285af7df0918a2dd2395b6465f2f464_exe
8175460.exe
74.exe
7.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!