× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: c282a10db2300311ed084a90f58cb634c31f822f11f82cc96bcdca5e0c38b7b5
File name: MzOVo0TvpDedUm.exe
Detection ratio: 18 / 67
Analysis date: 2018-07-11 10:48:12 UTC ( 7 months, 1 week ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180711
AVG FileRepMalware 20180711
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180711
Bkav HW32.Packed.ABF5 20180711
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Cylance Unsafe 20180711
DrWeb Trojan.Packed 20180711
Emsisoft Trojan.Emotet (A) 20180711
Endgame malicious (high confidence) 20180711
ESET-NOD32 a variant of Win32/Kryptik.GIRJ 20180711
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.mc 20180711
Microsoft Trojan:Win32/Fuerboos.A!cl 20180711
Qihoo-360 HEUR/QVM20.1.6E31.Malware.Gen 20180711
Rising Malware.Heuristic!ET#93% (RDM+:cmRtazoJxW8ZMhTx2QL/bkGeiOXY) 20180711
SentinelOne (Static ML) static engine - malicious 20180701
Sophos AV Mal/EncPk-ANX 20180711
Symantec ML.Attribute.HighConfidence 20180711
Ad-Aware 20180711
AegisLab 20180711
AhnLab-V3 20180711
ALYac 20180711
Antiy-AVL 20180711
Arcabit 20180710
Avast-Mobile 20180711
Avira (no cloud) 20180710
AVware 20180711
Babable 20180406
BitDefender 20180711
CAT-QuickHeal 20180711
ClamAV 20180711
CMC 20180711
Comodo 20180711
Cybereason 20180225
Cyren 20180711
eGambit 20180711
F-Prot 20180711
F-Secure 20180711
Fortinet 20180711
GData 20180711
Jiangmin 20180711
K7AntiVirus 20180711
K7GW 20180711
Kaspersky 20180711
Kingsoft 20180711
Malwarebytes 20180711
MAX 20180711
McAfee 20180711
eScan 20180711
NANO-Antivirus 20180711
Palo Alto Networks (Known Signatures) 20180711
Panda 20180710
SUPERAntiSpyware 20180711
TACHYON 20180711
Tencent 20180711
TheHacker 20180710
TotalDefense 20180711
TrendMicro 20180711
TrendMicro-HouseCall 20180711
Trustlook 20180711
VBA32 20180710
VIPRE 20180711
ViRobot 20180711
Webroot 20180711
Yandex 20180711
Zillya 20180710
ZoneAlarm by Check Point 20180711
Zoner 20180711
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserv

Product Microsoft® Windows® Operating S
Original name PrintIsolationHost.exe
Internal name kbdbu (3.13)
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x0000203D
Number of sections 6
PE sections
PE imports
AddAccessDeniedAceEx
RegDisableReflectionKey
OpenServiceA
DeleteService
ReplaceTextW
CryptMemFree
GetDIBColorTable
CreateBrushIndirect
EndPath
GetVolumePathNamesForVolumeNameW
FlushProcessWriteBuffers
LoadLibraryExA
GetThreadId
LocalAlloc
lstrlenA
GetNamedPipeServerSessionId
CompareStringW
MultiByteToWideChar
FindActCtxSectionGuid
GetLongPathNameA
MprConfigTransportCreate
MprConfigGetGuidName
NdrPointerBufferSize
I_RpcFree
SHRegSetUSValueW
StrRStrIA
MapWindowPoints
GetMessageExtraInfo
SetCaretPos
GetFileVersionInfoSizeW
DeletePrinterDriverExW
strftime
StgCreateDocfile
PdhExpandWildCardPathHW
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

CharacterSet
Unicode

InitializedDataSize
11264

EntryPoint
0x203d

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserv

TimeStamp
2064:04:17 07:40:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
kbdbu (3.13)

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CodeSize
74240

ProductName
Microsoft Windows Operating S

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 24ffed281d10ce8d7f5657d30c10d68c
SHA1 61dbf3aed69aa2c7cdf9960a533695f443c44ac6
SHA256 c282a10db2300311ed084a90f58cb634c31f822f11f82cc96bcdca5e0c38b7b5
ssdeep
1536:eS20rlVVf2Wbu+DNHugkYsE174SKHy67O5wooy0Al:eS2aVVeWbd5ugxwSKHMwEbl

authentihash 089865fcf2eae298f853a1ba6b8dc51cc00013585eb2ecb0d15fccda0268ddde
imphash 6fa58b3649f509e9f036fb555244e302
File size 80.5 KB ( 82432 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit system file

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-11 10:48:12 UTC ( 7 months, 1 week ago )
Last submission 2018-07-11 10:48:12 UTC ( 7 months, 1 week ago )
File names MzOVo0TvpDedUm.exe
kbdbu (3.13)
PrintIsolationHost.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!