PresentationHost.exe

  • File Path: C:\windows\system32\PresentationHost.exe
  • Description: Windows Presentation Foundation Host

Hashes

Type Hash
MD5 35200D32C398793D85F900B0273E6F43
SHA1 15D58039E9601B67A46DF4DEDA90E3736EC8A115
SHA256 596DEAC6B7AD125654C102D092F4C2C94A280A0CCB0AA4C7B00679D6CDFBE50D
SHA384 782B43036DD5F6473720A2222DB8119084C9933DB29AA2BE0AE09F4C35C9EE7597DDDA60F5F8D85CF0E7FAE8DFC6DBE2
SHA512 D0D3DF339B06EEC15B3BFF1DCC1A1DD08A22B2D7906E2209809900741438B801D1648A22C5043EA0EA08C80D84547849D131117B7F2C35895981F0C454C5431B
SSDEEP 6144:oh7ty3EwVoZBZE9HH5KNXwy3Odjp19k5KNXf:ojy3LVobW1ZKVwy3OdLaKV

Signature

  • Status: The file C:\windows\system32\PresentationHost.exe is not digitally signed. You cannot run this script on the current system. For more information about running scripts and setting execution policy, see about_Execution_Policies at http://go.microsoft.com/fwlink/?LinkID=135170
  • Serial: ``
  • Thumbprint: ``
  • Issuer:
  • Subject:

File Metadata

  • Original Filename: PresentationHost.exe
  • Product Name: Microsoft Windows Operating System
  • Company Name: Microsoft Corporation
  • File Version: 6.3.9600.16384 (winblue_rtm.130821-1623)
  • Product Version: 6.3.9600.16384
  • Language: English (United States)
  • Legal Copyright: Microsoft Corporation. All rights reserved.

File Similarity (ssdeep match)

File Score
C:\Windows\system32\PresentationHost.exe 57
C:\Windows\system32\PresentationHost.exe 61
C:\WINDOWS\system32\PresentationHost.exe 55
C:\WINDOWS\system32\PresentationHost.exe 58
C:\Windows\system32\PresentationHost.exe 60
C:\windows\SysWOW64\PresentationHost.exe 63
C:\WINDOWS\SysWOW64\PresentationHost.exe 58
C:\Windows\SysWOW64\PresentationHost.exe 61
C:\WINDOWS\SysWOW64\PresentationHost.exe 60
C:\Windows\SysWOW64\PresentationHost.exe 61
C:\Windows\SysWOW64\PresentationHost.exe 60

Possible Misuse

The following table contains possible examples of PresentationHost.exe being misused. While PresentationHost.exe is not inherently malicious, its legitimate functionality can be abused for malicious purposes.

Source Source File Example License
LOLBAS Presentationhost.yml Name: Presentationhost.exe  
LOLBAS Presentationhost.yml - Command: Presentationhost.exe C:\temp\Evil.xbap  
LOLBAS Presentationhost.yml - Path: C:\Windows\System32\Presentationhost.exe  
LOLBAS Presentationhost.yml - Path: C:\Windows\SysWOW64\Presentationhost.exe  

MIT License. Copyright (c) 2020-2021 Strontic.