airhost.exe
- File Path:
C:\Program Files (x86)\Zoom\bin\airhost.exe
- Description: AirHost
Hashes
| Type |
Hash |
| MD5 |
0ADD745188B194671D24D21F906C2A19 |
| SHA1 |
A7CA0795494835D71E1024C25BBFAD2EAEEE579D |
| SHA256 |
CA235AB62D364F9868C2AB30219D7879B9C728A79F4570840F19F9D953333488 |
| SHA384 |
9B90C2EBB5750040DAF47CCD5FC6BF065A1B4AF9AACCFECD454637D8E592DB90E9F3F89473740602D22068F2CB6AB8DA |
| SHA512 |
46E1757739A7FC53E0AA753AB2F92F1773CF244559FF1E688B70AA1991D1ECB79D4BC4F0F285A6868C6B5FDBE7AE0AC3E234C6278C6CB0B0D22B5F751D732ECA |
| SSDEEP |
196608:9ZJ9bfA5PM1yDSa2UCvHkcG7ZBUsL2EEo9XW/99MlFg:M5kyD0VEcG7Zr4oJa9O |
| IMP |
6C2F82220771F96A18569FA35CDC5F08 |
| PESHA1 |
F362B9D30375C1BF2234EFF3BC6228B463A804FF |
| PE256 |
FB1C4AE7DB04358183360713360A04303BB6673DFF4DD4EDB7F04F7E65CD8CE7 |
Runtime Data
Usage (stderr):
Open Handles:
| Path |
Type |
| (R-D) C:\Windows\System32\en-US\basecsp.dll.mui |
File |
| (R-D) C:\Windows\System32\en-US\crypt32.dll.mui |
File |
| (RW-) C:\Users\user |
File |
| (RW-) C:\Users\user\AppData\Roaming\Zoom\appsafecheck.txt |
File |
| (RW-) C:\Windows |
File |
| (RW-) C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.19041.1320_none_d94e4effe1070d4b |
File |
| \BaseNamedObjects__ComCatalogCache__ |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{6AF0698E-D558-4F6E-9B3C-3716689AF493}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*{DDF571F2-BE98-426D-8288-1A9A39C3FDA2}.2.ver0x0000000000000002.db |
Section |
| \BaseNamedObjects\C:*ProgramData*Microsoft*Windows*Caches*cversions.2 |
Section |
| \BaseNamedObjects\NLS_CodePage_1252_3_2_0_0 |
Section |
| \BaseNamedObjects\NLS_CodePage_437_3_2_0_0 |
Section |
| \Sessions\1\BaseNamedObjects\6a4c8d7a-a1f6-4feb-9a10-6a125cb5c666 |
Section |
| \Sessions\1\BaseNamedObjects\airhost.zoom.us |
Section |
| \Sessions\1\BaseNamedObjects\windows_shell_global_counters |
Section |
Loaded Modules:
| Path |
| C:\Program Files (x86)\Zoom\bin\airhost.exe |
| C:\Windows\SYSTEM32\ntdll.dll |
| C:\Windows\System32\wow64.dll |
| C:\Windows\System32\wow64cpu.dll |
| C:\Windows\System32\wow64win.dll |
Signature
- Status: Signature verified.
- Serial:
03B4BC5EE79D842C03930B8619EDEAE4
- Thumbprint:
6BA9EF6EB60103B1912B9E79F3EEF4C6F662C4F7
- Issuer: CN=DigiCert EV Code Signing CA (SHA2), OU=www.digicert.com, O=DigiCert Inc, C=US
- Subject: CN=”Zoom Video Communications, Inc.”, O=”Zoom Video Communications, Inc.”, L=San Jose, S=California, C=US, SERIALNUMBER=4969967, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US, OID.2.5.4.15=Private Organization
- Original Filename: airhost.exe
- Product Name: AirHost
- Company Name: Zoom Video Communications, Inc.
- File Version: 5.8.3.1581
- Product Version: 5.8.3.1581
- Language: English (United States)
- Legal Copyright: Zoom Video Communications, Inc. All rights reserved.
- Machine Type: 32-bit
File Scan
- VirusTotal Detections: 0/73
- VirusTotal Link: https://www.virustotal.com/gui/file/ca235ab62d364f9868c2ab30219d7879b9c728a79f4570840f19f9d953333488/detection
MIT License. Copyright (c) 2020-2021 Strontic.