× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: adda4f330758ed90f2a5810d5471cebd7c6690b3e64f622c227bf16466265309
File name: 58B053AD.exe
Detection ratio: 15 / 67
Analysis date: 2018-07-04 13:30:44 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180704
AVG FileRepMalware 20180704
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180704
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cybereason malicious.54b81b 20180225
Cylance Unsafe 20180704
Endgame malicious (high confidence) 20180612
Sophos ML heuristic 20180601
K7GW Hacktool ( 700007861 ) 20180704
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180704
Palo Alto Networks (Known Signatures) generic.ml 20180704
Qihoo-360 HEUR/QVM20.1.4755.Malware.Gen 20180704
Rising Trojan.Kryptik!8.8 (TFE:dGZlOgGzSw0LZNvCcA) 20180704
SentinelOne (Static ML) static engine - malicious 20180701
Symantec Packed.Generic.517 20180704
Ad-Aware 20180704
AegisLab 20180704
AhnLab-V3 20180704
Alibaba 20180704
ALYac 20180704
Antiy-AVL 20180704
Arcabit 20180704
Avast-Mobile 20180704
Avira (no cloud) 20180704
AVware 20180704
Babable 20180406
BitDefender 20180704
Bkav 20180704
CAT-QuickHeal 20180704
CMC 20180704
Comodo 20180704
Cyren 20180704
DrWeb 20180704
eGambit 20180704
Emsisoft 20180704
ESET-NOD32 20180704
F-Prot 20180704
F-Secure 20180704
Fortinet 20180704
GData 20180704
Ikarus 20180704
Jiangmin 20180704
K7AntiVirus 20180704
Kaspersky 20180704
Kingsoft 20180704
Malwarebytes 20180704
MAX 20180704
McAfee 20180704
Microsoft 20180704
eScan 20180704
NANO-Antivirus 20180704
Panda 20180704
Sophos AV 20180704
SUPERAntiSpyware 20180704
TACHYON 20180704
Tencent 20180704
TheHacker 20180628
TrendMicro 20180704
TrendMicro-HouseCall 20180704
Trustlook 20180704
VBA32 20180629
VIPRE 20180704
ViRobot 20180704
Webroot 20180704
Yandex 20180704
Zillya 20180703
ZoneAlarm by Check Point 20180704
Zoner 20180703
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PrintIsolationHost.exe
Internal name PrintIsolationHost.exe
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x000022AE
Number of sections 5
PE sections
PE imports
RegDisableReflectionKey
EnumServicesStatusW
GetSecurityDescriptorLength
EqualDomainSid
LookupPrivilegeNameA
GetSaveFileNameW
FrameRgn
GetTextCharsetInfo
GetCurrentPositionEx
DeleteDC
SetPixelV
PurgeComm
DeviceIoControl
SetThreadUILanguage
GetStartupInfoW
GetThreadId
VirtualAllocEx
lstrlenA
FindNextFileW
GetNumaProximityNode
VirtualQueryEx
DebugBreak
FlsGetValue
FindFirstChangeNotificationA
GetCurrentActCtx
GetProcAddress
GetDefaultCommConfigA
FlsFree
GetThreadLocale
UrlGetLocationW
GetUserNameExA
GetSubMenu
GetProcessDefaultLayout
GetCursorInfo
GetTitleBarInfo
GetKeyboardLayoutNameA
GetDialogBaseUnits
GetDCEx
InsertMenuW
GetUpdateRect
GetKeyNameTextW
DeletePrinter
fputc
malloc
fread
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
8704

EntryPoint
0x22ae

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

TimeStamp
2064:04:17 07:40:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PrintIsolationHost.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
114688

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 081286bc8278ee5524e62ea180cd22a0
SHA1 5d8f78b54b81b6b9a894a202795106a6f432b85a
SHA256 adda4f330758ed90f2a5810d5471cebd7c6690b3e64f622c227bf16466265309
ssdeep
1536:foa/fEmb43z5HVgii6oo7HopdklVzpleHneMkE:fJ/fEmb431Vgi+obopNnec

authentihash 90e797be9d471750edbf7549206631f92263178cd53b6f5c29200fe78c5f527d
imphash e3ab8ebedb292d162bd6e7f7288ef3c3
File size 117.5 KB ( 120320 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-04 12:27:57 UTC ( 7 months, 3 weeks ago )
Last submission 2018-10-01 11:01:03 UTC ( 4 months, 3 weeks ago )
File names 081286bc8278ee5524e62ea180cd22a0.virobj
48198973344.exe
32797264333.exe
74524430.exe
PrintIsolationHost.exe
327130656.exe
output.113551955.txt
077561434.exe
8603144392.exe
output.113551957.txt
67799818.exe
72179414009.exe
59907030.exe
58B053AD.exe
117424588.exe
440672419.exe
8039482467.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!