PresentationHost.exe

  • File Path: C:\windows\SysWOW64\PresentationHost.exe
  • Description: Windows Presentation Foundation Host

Hashes

Type Hash
MD5 19F810B1F9ABC04F6E6CB66A2AFB5327
SHA1 A1A2DB5A94D5F97E34BF45CC5A7D381AC82BAD81
SHA256 9B87765286FC691E8B8FFDC3B28355D21CF37EB3532098C9798C108CFDF63D50
SHA384 07D897C70C89611E2F15DDC3A8C97FBE05BCBA17BF1DBD3CCA8F055850D2F2DDA82E26A8DC07C0B4A5EF57A09296A6BA
SHA512 51F12472C38776BF652D2AA78C2EE88E9124F547D371558D368FDA66DB0D273B36A039199ECAAD82E849FA30C4E29E11EF970E709D1E01291F85E1A660B0F9C6
SSDEEP 3072:KxtSwdcFJ8LGLc9Mrq4KiaNNzbXo9l1yCIOUOCi06OwIw9kKiaNNzbXf3rn:KNGeKg9M/5KNXwy3Odjp19k5KNXf

Signature

  • Status: The file C:\windows\SysWOW64\PresentationHost.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: PresentationHost.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\PresentationHost.exe 66
C:\windows\system32\PresentationHost.exe 63
C:\Windows\system32\PresentationHost.exe 68
C:\WINDOWS\system32\PresentationHost.exe 60
C:\WINDOWS\system32\PresentationHost.exe 68
C:\Windows\system32\PresentationHost.exe 61
C:\WINDOWS\SysWOW64\PresentationHost.exe 61
C:\Windows\SysWOW64\PresentationHost.exe 71
C:\WINDOWS\SysWOW64\PresentationHost.exe 74
C:\Windows\SysWOW64\PresentationHost.exe 69
C:\Windows\SysWOW64\PresentationHost.exe 68

Possible Misuse

The following table contains possible examples of PresentationHost.exe being misused. While PresentationHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS Presentationhost.yml Name: Presentationhost.exe  
LOLBAS Presentationhost.yml - Command: Presentationhost.exe C:\temp\Evil.xbap  
LOLBAS Presentationhost.yml - Path: C:\Windows\System32\Presentationhost.exe  
LOLBAS Presentationhost.yml - Path: C:\Windows\SysWOW64\Presentationhost.exe  

MIT License. Copyright (c) 2020-2021 Strontic.