× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a8fa60738ea976e6ce71f1769f70a1bb6bcbc118e689b91174fb46ff38e95735
File name: 3v4AA2EDqLBT6BawXp.exe
Detection ratio: 18 / 67
Analysis date: 2018-07-06 10:32:16 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
AegisLab Packer.Generic!c 20180706
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180706
CrowdStrike Falcon (ML) malicious_confidence_100% (W) 20180530
Cylance Unsafe 20180706
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
K7GW Hacktool ( 700007861 ) 20180706
Kaspersky UDS:DangerousObject.Multi.Generic 20180706
eScan Gen:Heur.Emotet.4 20180706
Palo Alto Networks (Known Signatures) generic.ml 20180706
Qihoo-360 HEUR/QVM20.1.516B.Malware.Gen 20180706
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazpuLIphcaTt2VMCtk8De7OH) 20180706
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/Generic-S 20180706
Symantec Packed.Generic.517 20180706
TrendMicro TSPY_EMOTET.SMAL8A 20180706
Webroot W32.Trojan.Emotet 20180706
ZoneAlarm by Check Point UDS:DangerousObject.Multi.Generic 20180706
Ad-Aware 20180706
AhnLab-V3 20180706
Alibaba 20180705
ALYac 20180706
Antiy-AVL 20180706
Arcabit 20180706
Avast 20180706
Avast-Mobile 20180706
AVG 20180706
Avira (no cloud) 20180706
AVware 20180706
Babable 20180406
BitDefender 20180706
Bkav 20180705
CAT-QuickHeal 20180706
ClamAV 20180706
CMC 20180706
Comodo 20180706
Cybereason 20180225
Cyren 20180706
DrWeb 20180706
eGambit 20180706
Emsisoft 20180706
ESET-NOD32 20180706
F-Prot 20180706
F-Secure 20180706
Fortinet 20180706
GData 20180706
Ikarus 20180706
Jiangmin 20180706
K7AntiVirus 20180706
Kingsoft 20180706
Malwarebytes 20180706
MAX 20180706
McAfee 20180706
McAfee-GW-Edition 20180706
Microsoft 20180706
NANO-Antivirus 20180706
Panda 20180705
SUPERAntiSpyware 20180705
TACHYON 20180706
Tencent 20180706
TheHacker 20180628
TrendMicro-HouseCall 20180706
Trustlook 20180706
VBA32 20180705
VIPRE 20180706
ViRobot 20180706
Yandex 20180705
Zillya 20180705
Zoner 20180705
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PrintIsolationHost.exe
Internal name PrintIsolationHost.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x00001FA5
Number of sections 6
PE sections
PE imports
EnumServicesStatusW
EqualDomainSid
LookupPrivilegeNameA
GetSaveFileNameW
GetCurrentPositionEx
DeleteDC
DeviceIoControl
GetThreadId
VirtualAllocEx
lstrlenA
FindNextFileW
VirtualQueryEx
GetThreadLocale
FindFirstChangeNotificationA
GetCurrentActCtx
GetProcAddress
GetDefaultCommConfigA
GetStartupInfoW
UrlGetLocationW
GetUserNameExA
GetSubMenu
GetProcessDefaultLayout
GetKeyboardLayoutNameA
GetTitleBarInfo
GetCursorInfo
GetDialogBaseUnits
InsertMenuW
GetKeyNameTextW
DeletePrinter
fputc
malloc
fread
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8704

EntryPoint
0x1fa5

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

TimeStamp
2064:04:17 08:40:12+02:00

FileType
Win32 EXE

PEType
PE32

InternalName
PrintIsolationHost.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
114176

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 0af0b1cdaf886b9b560ab0209ff9b762
SHA1 96cb9c51fe019f71aaddce8312d55e53cd608828
SHA256 a8fa60738ea976e6ce71f1769f70a1bb6bcbc118e689b91174fb46ff38e95735
ssdeep
1536:STxqGot52a5hExab7Pjhx2ISSk9TSIrDWqg6he:ST3otYMhEx67bhdk9TSIrDy6g

authentihash 8096b1f8f44be365ddf18fd98becbd5e9b3379da8814084f11f4c1202a84af47
imphash 21afedbdfec70b8b5ee06fbf76cc6de1
File size 117.0 KB ( 119808 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-06 08:09:08 UTC ( 7 months, 3 weeks ago )
Last submission 2018-10-25 21:38:23 UTC ( 4 months ago )
File names tagmax.exe
1084.exe
PrintIsolationHost.exe
9234.exe
3v4AA2EDqLBT6BawXp.exe
AB2FD111.exe
62110.exe
6799.exe
3513.exe
0af0b1cdaf886b9b560ab0209ff9b762.vir
defragarr.exe
30158.exe
unicodeboldina(13).gxe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!