× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 6871a46f3a7c98005d9b5f5ea96dd77d4db31446429a2d4b6d2db9d3c54c199d
File name: xWdkKe.exe
Detection ratio: 24 / 64
Analysis date: 2018-07-02 02:42:40 UTC ( 7 months, 2 weeks ago ) View latest
Antivirus Result Update
AegisLab Ml.Attribute.Gen!c 20180702
Antiy-AVL Trojan/Win32.TSGeneric 20180702
Avast FileRepMalware 20180702
AVG FileRepMalware 20180702
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180628
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cyren W32/Trojan.DKQE-5229 20180702
Emsisoft Trojan.Emotet (A) 20180702
Endgame malicious (high confidence) 20180612
ESET-NOD32 Win32/Emotet.BK 20180702
Fortinet W32/Kryptik.GHTB!tr 20180702
GData Win32.Trojan-Spy.Emotet.77DOBL 20180702
Ikarus Win32.Outbreak 20180701
Sophos ML heuristic 20180601
Kaspersky Trojan-Banker.Win32.Emotet.avai 20180702
Malwarebytes Trojan.Emotet 20180702
MAX malware (ai score=96) 20180702
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180702
Palo Alto Networks (Known Signatures) generic.ml 20180702
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180702
Symantec ML.Attribute.HighConfidence 20180701
Webroot W32.Trojan.Emotet 20180702
ZoneAlarm by Check Point Trojan-Banker.Win32.Emotet.avai 20180702
Ad-Aware 20180702
AhnLab-V3 20180701
ALYac 20180702
Arcabit 20180702
Avast-Mobile 20180702
Avira (no cloud) 20180701
AVware 20180702
Babable 20180406
BitDefender 20180702
Bkav 20180630
CAT-QuickHeal 20180701
ClamAV 20180701
CMC 20180701
Comodo 20180702
Cybereason 20180225
DrWeb 20180702
eGambit 20180702
F-Prot 20180702
F-Secure 20180702
Jiangmin 20180702
K7AntiVirus 20180702
K7GW 20180701
Kingsoft 20180702
McAfee 20180702
Microsoft 20180702
eScan 20180702
NANO-Antivirus 20180702
Panda 20180701
Qihoo-360 20180702
SUPERAntiSpyware 20180701
TACHYON 20180702
Tencent 20180702
TheHacker 20180628
TotalDefense 20180701
Trustlook 20180702
VBA32 20180629
VIPRE 20180702
ViRobot 20180701
Yandex 20180629
Zillya 20180629
Zoner 20180701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PrintIsolationHost.exe
Internal name PrintIsolationHost.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description PrintIsolationHost
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x000021E6
Number of sections 5
PE sections
PE imports
EnumServicesStatusW
GetSecurityDescriptorLength
EqualDomainSid
LookupPrivilegeNameA
GetSaveFileNameW
GetTextCharsetInfo
DeleteDC
FrameRgn
GetCurrentPositionEx
StrokePath
SetPixelV
DeviceIoControl
SetThreadUILanguage
GetPriorityClass
GetStartupInfoW
GetThreadId
FindFirstChangeNotificationA
lstrlenA
FindNextFileW
PurgeComm
VirtualQueryEx
DebugBreak
FlsGetValue
VirtualAllocEx
GetCurrentActCtx
GetProcAddress
GetDefaultCommConfigA
FlsFree
SetProcessWorkingSetSizeEx
GetThreadLocale
UrlGetLocationW
GetUserNameExA
GetSubMenu
GetProcessDefaultLayout
GetKeyboardLayoutNameA
GetTitleBarInfo
GetCursorInfo
GetDialogBaseUnits
DrawMenuBar
InsertMenuW
GetUpdateRect
GetKeyNameTextW
DrawCaption
DeletePrinter
fputc
malloc
fread
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PrintIsolationHost

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
9216

EntryPoint
0x21e6

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2064:04:16 23:40:12-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
PrintIsolationHost.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
114176

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 1e591219c19a83bf14441ff01830660a
SHA1 e5de1134dd0c7b9f71b589c8e3f0f33f547fda4e
SHA256 6871a46f3a7c98005d9b5f5ea96dd77d4db31446429a2d4b6d2db9d3c54c199d
ssdeep
1536:cBUX9Mph33+jyY61LK9b4nqYxiINz0ySIrR:c6X6rvY6pqMDiWz1

authentihash 3b6b8039241ebaf315d78414a2c49a406c48d07f735328e06e09fbdc31732551
imphash fbb74d0984b9cfc71bc001f46e1c2515
File size 117.5 KB ( 120320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-01 10:14:16 UTC ( 7 months, 2 weeks ago )
Last submission 2018-10-25 17:18:46 UTC ( 3 months, 3 weeks ago )
File names xWdkKe.exe
231e79738a0c0bc4483525e2b07a5a4eb8015ddd
1e591219c19a83bf14441ff01830660a.vir
PrintIsolationHost.exe
output.113559905.txt
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!