× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: e2e0db9da2233e521c0ec8bd59add406c2b60474d8448f16cfe4fc863bee9db2
File name: Xfipwr94r1L7Q.exe
Detection ratio: 12 / 64
Analysis date: 2018-07-01 09:28:57 UTC ( 7 months, 3 weeks ago ) View latest
Antivirus Result Update
Avast FileRepMalware 20180701
AVG FileRepMalware 20180701
Baidu Win32.Trojan.WisdomEyes.16070401.9500.9999 20180628
CrowdStrike Falcon (ML) malicious_confidence_100% (D) 20180530
Emsisoft Trojan.Emotet (A) 20180701
Endgame malicious (high confidence) 20180612
ESET-NOD32 a variant of Win32/Kryptik.GIJB 20180701
Sophos ML heuristic 20180601
McAfee-GW-Edition BehavesLike.Win32.Emotet.cc 20180701
Microsoft Trojan:Win32/Fuerboos.A!cl 20180701
SentinelOne (Static ML) static engine - malicious 20180618
Symantec ML.Attribute.HighConfidence 20180630
Ad-Aware 20180701
AegisLab 20180701
AhnLab-V3 20180630
ALYac 20180701
Antiy-AVL 20180701
Arcabit 20180701
Avast-Mobile 20180701
Avira (no cloud) 20180701
AVware 20180701
Babable 20180406
BitDefender 20180701
Bkav 20180630
CAT-QuickHeal 20180630
ClamAV 20180701
CMC 20180630
Comodo 20180701
Cybereason 20180225
Cyren 20180701
DrWeb 20180701
eGambit 20180701
F-Prot 20180701
F-Secure 20180701
Fortinet 20180701
GData 20180701
Ikarus 20180701
Jiangmin 20180701
K7AntiVirus 20180701
K7GW 20180701
Kaspersky 20180701
Kingsoft 20180701
Malwarebytes 20180701
MAX 20180701
McAfee 20180701
eScan 20180701
NANO-Antivirus 20180701
Palo Alto Networks (Known Signatures) 20180701
Panda 20180701
Qihoo-360 20180701
Sophos AV 20180701
SUPERAntiSpyware 20180701
TACHYON 20180701
Tencent 20180701
TheHacker 20180628
TotalDefense 20180701
Trustlook 20180701
VBA32 20180629
VIPRE 20180701
ViRobot 20180630
Webroot 20180701
Yandex 20180629
Zillya 20180629
ZoneAlarm by Check Point 20180701
Zoner 20180701
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
FileVersionInfo properties
Copyright
© Microsoft Corporation. All rights reserved.

Product Microsoft® Windows® Operating System
Original name PrintIsolationHost.exe
Internal name PrintIsolationHost.exe
File version 6.1.7600.16385 (win7_rtm.090713-1255)
Description PrintIsolationHost
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2064-04-17 06:40:12
Entry Point 0x000021B1
Number of sections 5
PE sections
PE imports
GetSecurityDescriptorLength
GetClusterResourceNetworkName
GetTextCharsetInfo
GetCharABCWidthsW
DeleteDC
RemoveFontResourceA
FrameRgn
StartDocA
CreateDIBitmap
SetViewportOrgEx
StrokePath
SetPixelV
GetCharWidthA
SetThreadUILanguage
GetPriorityClass
GetThreadId
GetProcessShutdownParameters
lstrlenA
FillConsoleOutputCharacterA
PurgeComm
DebugBreak
FlsGetValue
ReadConsoleW
SetDefaultCommConfigA
SetConsoleOutputCP
FlsFree
SetProcessWorkingSetSizeEx
GetThreadLocale
MprConfigInterfaceTransportAdd
MprAdminMIBEntryGet
RpcMgmtStopServerListening
RpcMgmtEnableIdleCleanup
SetupGetLineTextW
SetupDiEnumDriverInfoA
SetupDiSetDeviceRegistryPropertyA
SHEnumerateUnreadMailAccountsW
UrlGetLocationW
GetUpdateRect
DrawStateW
DrawMenuBar
DrawCaption
iswdigit
Number of PE resources by type
RT_VERSION 1
Number of PE resources by language
ENGLISH US 1
PE resources
Debug information
ExifTool file metadata
UninitializedDataSize
0

LinkerVersion
12.0

ImageVersion
0.0

FileSubtype
0

FileVersionNumber
6.1.7600.16385

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

FileDescription
PrintIsolationHost

ImageFileCharacteristics
No relocs, Executable, 32-bit

CharacterSet
Unicode

InitializedDataSize
9216

EntryPoint
0x21b1

OriginalFileName
PrintIsolationHost.exe

MIMEType
application/octet-stream

LegalCopyright
Microsoft Corporation. All rights reserved.

FileVersion
6.1.7600.16385 (win7_rtm.090713-1255)

TimeStamp
2064:04:17 07:40:12+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
PrintIsolationHost.exe

ProductVersion
6.1.7600.16385

SubsystemVersion
5.0

OSVersion
5.1

FileOS
Windows NT 32-bit

Subsystem
Windows GUI

MachineType
Intel 386 or later, and compatibles

CompanyName
Microsoft Corporation

CodeSize
114688

ProductName
Microsoft Windows Operating System

ProductVersionNumber
6.1.7600.16385

FileTypeExtension
exe

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 5d4e87c28abc0ec20105e2b0fe40a642
SHA1 95809fc068dc1ba0d88b03df15f2c19f364fe0a3
SHA256 e2e0db9da2233e521c0ec8bd59add406c2b60474d8448f16cfe4fc863bee9db2
ssdeep
1536:KMUfFdqeiWeOTIUeczJFUAIprKZ7akP/3zZbZBlBSawKE9:vUtdqlezJFxpgkPvV5PE9

authentihash 6364d84d64eaf6d10f3a5f324594092e0658f1530b2a9c6aaf47809fec08fb9e
imphash cf19897228d75ca63bd54f864c8be776
File size 118.0 KB ( 120832 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID OS/2 Executable (generic) (33.6%)
Generic Win/DOS Executable (33.1%)
DOS Executable Generic (33.1%)
Tags
peexe

VirusTotal metadata
First submission 2018-07-01 09:28:57 UTC ( 7 months, 3 weeks ago )
Last submission 2018-10-25 17:38:05 UTC ( 3 months, 4 weeks ago )
File names PrintIsolationHost.exe
5d4e87c28abc0ec20105e2b0fe40a642.vir
Xfipwr94r1L7Q.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!