× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4fa1e98c85bc78f5a70bb2c975b6de85cf33bde9feb781b54661b2320a99705
File name: HyY7LCYVw9H5HtCVSI.exe
Detection ratio: 16 / 68
Analysis date: 2018-07-11 12:53:48 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180711
AVG FileRepMalware 20180711
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180711
Bkav HW32.Packed.7542 20180711
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180711
Emsisoft Trojan.Emotet (A) 20180711
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIRJ 20180711
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.mc 20180711
Microsoft Trojan:Win32/Cloxer.D!cl 20180711
Qihoo-360 HEUR/QVM20.1.6EA0.Malware.Gen 20180711
Rising Malware.Heuristic!ET#95% (RDM+:cmRtazqO3r8zhJFJWlCJuRiK3eA0) 20180711
SentinelOne (Static ML) static engine - malicious 20180701
Symantec ML.Attribute.HighConfidence 20180711
Ad-Aware 20180711
AegisLab 20180711
AhnLab-V3 20180711
Alibaba 20180711
ALYac 20180711
Antiy-AVL 20180711
Arcabit 20180711
Avast-Mobile 20180711
Avira (no cloud) 20180710
AVware 20180711
Babable 20180406
BitDefender 20180711
CAT-QuickHeal 20180711
ClamAV 20180711
CMC 20180711
Comodo 20180711
Cybereason 20180225
Cyren 20180711
DrWeb 20180711
eGambit 20180711
F-Prot 20180711
F-Secure 20180711
Fortinet 20180711
GData 20180711
Ikarus 20180711
Jiangmin 20180711
K7AntiVirus 20180711
K7GW 20180711
Kaspersky 20180711
Kingsoft 20180711
Malwarebytes 20180711
MAX 20180711
McAfee 20180711
eScan 20180711
NANO-Antivirus 20180711
Palo Alto Networks (Known Signatures) 20180711
Panda 20180711
Sophos AV 20180711
SUPERAntiSpyware 20180711
TACHYON 20180711
Tencent 20180711
TheHacker 20180710
TotalDefense 20180711
TrendMicro 20180711
TrendMicro-HouseCall 20180711
Trustlook 20180711
VBA32 20180711
VIPRE 20180711
ViRobot 20180711
Webroot 20180711
Yandex 20180711
Zillya 20180710
ZoneAlarm by Check Point 20180711
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name PrintIsolationHost.exe
Internal name kbdbu (3.13)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x000020FC
Number of sections 6
PE sections
PE imports
AddAccessDeniedAceEx
RegDisableReflectionKey
OpenServiceA
DeleteService
ReplaceTextW
CryptMemFree
GetDIBColorTable
CreateBrushIndirect
EndPath
GetVolumePathNamesForVolumeNameW
FlushProcessWriteBuffers
LoadLibraryExA
GetThreadId
LocalAlloc
lstrlenA
GetNamedPipeServerSessionId
CompareStringW
MultiByteToWideChar
FindActCtxSectionGuid
GetLongPathNameA
MprConfigTransportCreate
MprConfigGetGuidName
NdrPointerBufferSize
I_RpcFree
SHRegSetUSValueW
StrRStrIA
MapWindowPoints
GetMessageExtraInfo
SetCaretPos
GetFileVersionInfoSizeW
DeletePrinterDriverExW
strftime
StgCreateDocfile
PdhExpandWildCardPathHW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, 32-bit, System file

CharacterSet
Unicode

InitializedDataSize
11264

EntryPoint
0x20fc

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:17 06:40:12+00:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdbu (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
74240

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 c89658f8e1bd0bb0ee8f831934d9f016
SHA1 72a60452c54152bf27492a99475cd27ceaebf938
SHA256 b4fa1e98c85bc78f5a70bb2c975b6de85cf33bde9feb781b54661b2320a99705
ssdeep
1536:M0Zi/cJj+y6pLkedJW1A2hIq1QX8HlhWOVdFz8/of2viVlfk:g/cJ4LkedJJK1QsDxh8/42ck

authentihash 0d1b60b95658e03c4f2858e17313d950b5ab33867fc954cedb83fbefe2ade7b4
imphash 44178feddc61e1ed46456f41ad715b97
File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-11 12:53:48 UTC ( 7 months, 1 week ago )
Last submission 2018-07-11 12:53:48 UTC ( 7 months, 1 week ago )
File names kbdbu (3.13)
edgepla.exe
PrintIsolationHost.exe
edgepla.exe
HyY7LCYVw9H5HtCVSI.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!