× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 655371c02de67c6517cde160e17a2189ecb8c5017453c341e512a9bc4fe6aa80
File name: 60f10a928b161dd7e3b8370362ff09348a1465fb
Detection ratio: 33 / 64
Analysis date: 2018-07-02 02:44:48 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Ad-Aware Trojan.GenericKD.40301216 20180702
AegisLab Ml.Attribute.Gen!c 20180702
Arcabit Trojan.Generic.D266F10B 20180702
Avast FileRepMetagen [Malware] 20180702
AVG FileRepMetagen [Malware] 20180702
AVware Trojan.Win32.Generic!BT 20180702
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180628
BitDefender Trojan.GenericKD.40301216 20180702
ClamAV Win.Trojan.Agent-6597718-0 20180701
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cyren W32/Trojan.CBPR-2257 20180702
Emsisoft Trojan.Emotet (A) 20180702
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIJB 20180702
F-Secure Trojan.GenericKD.40300811 20180702
Fortinet W32/Kryptik.GHTB!tr 20180702
GData Win32.Trojan.Agent.Z7V5TN 20180702
Ikarus Win32.Outbreak 20180701
Sophos ML heuristic 20180601
Kaspersky Trojan.Win32.Dovs.oys 20180702
Malwarebytes Trojan.Emotet 20180702
MAX malware (ai score=95) 20180702
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180702
eScan Trojan.GenericKD.40300811 20180702
Palo Alto Networks (Known Signatures) generic.ml 20180702
Panda Trj/GdSda.A 20180701
Qihoo-360 HEUR/QVM20.1.32D1.Malware.Gen 20180702
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180702
Symantec Trojan.Emotet 20180701
VIPRE Trojan.Win32.Generic!BT 20180702
Webroot W32.Trojan.Emotet 20180702
ZoneAlarm by Check Point Trojan.Win32.Dovs.oys 20180702
AhnLab-V3 20180701
ALYac 20180702
Antiy-AVL 20180702
Avast-Mobile 20180702
Avira (no cloud) 20180701
Babable 20180406
Bkav 20180630
CAT-QuickHeal 20180701
CMC 20180701
Comodo 20180702
Cybereason 20180225
DrWeb 20180702
eGambit 20180702
F-Prot 20180702
Jiangmin 20180702
K7AntiVirus 20180702
K7GW 20180701
Kingsoft 20180702
McAfee 20180702
Microsoft 20180702
NANO-Antivirus 20180702
SUPERAntiSpyware 20180701
TACHYON 20180702
Tencent 20180702
TheHacker 20180628
TotalDefense 20180701
Trustlook 20180702
VBA32 20180629
ViRobot 20180701
Yandex 20180629
Zillya 20180629
Zoner 20180701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PrintIsolationHost.exe
Internal name PrintIsolationHost.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description PrintIsolationHost
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x0000211D
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorLength
GetClusterResourceNetworkName
GetTextCharsetInfo
GetCharABCWidthsW
DeleteDC
RemoveFontResourceA
FrameRgn
StartDocA
CreateDIBitmap
SetViewportOrgEx
StrokePath
SetPixelV
GetCharWidthA
SetThreadUILanguage
GetPriorityClass
GetThreadId
GetProcessShutdownParameters
lstrlenA
FillConsoleOutputCharacterA
PurgeComm
DebugBreak
FlsGetValue
ReadConsoleW
SetDefaultCommConfigA
SetConsoleOutputCP
FlsFree
SetProcessWorkingSetSizeEx
GetThreadLocale
MprConfigInterfaceTransportAdd
MprAdminMIBEntryGet
RpcMgmtStopServerListening
RpcMgmtEnableIdleCleanup
SetupGetLineTextW
SetupDiEnumDriverInfoA
SetupDiSetDeviceRegistryPropertyA
SHEnumerateUnreadMailAccountsW
UrlGetLocationW
GetUpdateRect
DrawStateW
DrawMenuBar
DrawCaption
iswdigit
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PrintIsolationHost

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
9216

EntryPoint
0x211d

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2064:04:17 07:40:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PrintIsolationHost.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
115200

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 9230cacbc92a9229aaf0c7bcbe709d4b
SHA1 094828f44dc3f807adfa8840d22f92a3ff86e2ff
SHA256 655371c02de67c6517cde160e17a2189ecb8c5017453c341e512a9bc4fe6aa80
ssdeep
1536:8RzPuTmdK//re7r150X8jUtZhFCBxN3fCK/Xhu2Ric3vd2:8t6mdKXr2B5G8j1CK/7RiOd2

authentihash 53524184b6e37d5c65834ae650080913ef63907b71b808c0b0100978122dc6a0
imphash 0516938f871310d8e051d6a5b6c868e9
File size 118.5 KB ( 121344 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-06-30 21:04:37 UTC ( 7 months, 3 weeks ago )
Last submission 2018-10-25 15:12:47 UTC ( 3 months, 4 weeks ago )
File names 094828f44dc3f807adfa8840d22f92a3ff86e2ff
06425.exe
0694.exe
PrintIsolationHost.exe
60f10a928b161dd7e3b8370362ff09348a1465fb
output.113531738.txt
16163.exe
91480.exe
suspicious_file1
13888.exe
9230cacbc92a9229aaf0c7bcbe709d4b.vir
YtjCdfLo.exe
52550.exe
76698.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!