× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 93fe2f90c83b1d8feaceb2f94c4de4b2c800db73f0045d2774d678b30c6e054c
File name: kCZF6yw6r2.exe
Detection ratio: 16 / 68
Analysis date: 2018-07-11 03:23:15 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180711
AVG FileRepMalware 20180711
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180710
Bkav HW32.Packed.9BE6 20180706
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.09dd5b 20180225
Cylance Unsafe 20180711
DrWeb Trojan.Packed 20180711
Endgame malicious (high confidence) 20180711
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.mc 20180710
Microsoft Trojan:Win32/Cloxer.D!cl 20180711
Qihoo-360 HEUR/QVM20.1.6C83.Malware.Gen 20180711
Rising Malware.Heuristic!ET#92% (RDM+:cmRtazo4mDuzp5f1lNARMenjqPoq) 20180711
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180710
Ad-Aware 20180711
AegisLab 20180711
AhnLab-V3 20180710
ALYac 20180711
Antiy-AVL 20180710
Arcabit 20180710
Avast-Mobile 20180710
Avira (no cloud) 20180710
AVware 20180711
Babable 20180406
BitDefender 20180711
CAT-QuickHeal 20180710
ClamAV 20180710
CMC 20180710
Comodo 20180711
Cyren 20180711
eGambit 20180711
Emsisoft 20180711
ESET-NOD32 20180711
F-Prot 20180711
F-Secure 20180711
Fortinet 20180711
GData 20180711
Ikarus 20180710
Jiangmin 20180711
K7AntiVirus 20180710
K7GW 20180711
Kaspersky 20180711
Kingsoft 20180711
Malwarebytes 20180711
MAX 20180711
McAfee 20180711
eScan 20180711
NANO-Antivirus 20180711
Palo Alto Networks (Known Signatures) 20180711
Panda 20180710
Sophos AV 20180711
SUPERAntiSpyware 20180710
TACHYON 20180711
Tencent 20180711
TheHacker 20180710
TotalDefense 20180710
TrendMicro 20180711
TrendMicro-HouseCall 20180711
Trustlook 20180711
VBA32 20180710
VIPRE 20180710
ViRobot 20180710
Webroot 20180711
Yandex 20180709
Zillya 20180710
ZoneAlarm by Check Point 20180711
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name PrintIsolationHost.exe
Internal name kbdbu (3.13)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x0000214E
Number of sections 6
PE sections
PE imports
AddAccessDeniedAceEx
RegDisableReflectionKey
OpenServiceA
DeleteService
ReplaceTextW
CryptMemFree
GetDIBColorTable
CreateBrushIndirect
EndPath
GetVolumePathNamesForVolumeNameW
FlushProcessWriteBuffers
LoadLibraryExA
GetThreadId
CompareStringW
lstrlenA
GetNamedPipeServerSessionId
GetLongPathNameA
MultiByteToWideChar
FindActCtxSectionGuid
LocalAlloc
MprConfigTransportCreate
MprConfigGetGuidName
NdrPointerBufferSize
I_RpcFree
SHRegSetUSValueW
StrRStrIA
MapWindowPoints
GetMessageExtraInfo
SetCaretPos
GetFileVersionInfoSizeW
DeletePrinterDriverExW
strftime
StgCreateDocfile
PdhExpandWildCardPathHW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
11264

EntryPoint
0x214e

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:17 07:40:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdbu (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
74752

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 785567cd6060168e44ad3b9d7339263c
SHA1 8346c6109dd5b43b49d1f3fe0c39d77a40313f7f
SHA256 93fe2f90c83b1d8feaceb2f94c4de4b2c800db73f0045d2774d678b30c6e054c
ssdeep
1536:XljdrZpKcQwn+HK3RxW6UpC/dRN2SSIMZcp0J/04i5HY:Rd+cQwn+Wn8pC/d/9SFZceVOY

authentihash 77bdd240425c6b00a72caea9fbc650db8d2d70972da0ef9c819eaf7cb634c9b9
imphash 2e48c5874ad5ba5d6f5b6428f974f5f1
File size 81.0 KB ( 82944 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-11 03:23:15 UTC ( 7 months, 1 week ago )
Last submission 2018-07-16 07:53:36 UTC ( 7 months ago )
File names 24021629.exe
kCZF6yw6r2.exe
4594753.exe
PrintIsolationHost.exe
diagramowin.exe
380406.exe
87.exe
5.exe
22313.exe
stylesedge(08).gxe
kbdbu (3.13)
2.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!