The okey exe (Hostprozess für Windows Dienste) Microsoft Corporation File Malware Analysis
Gridinsoft Logo

The okey.exe (Hostprozess für Windows-Dienste) File Analysis

Updated 3 days ago
Checked by Malware Check
okey.exe

Technical Analysis

File Name okey.exe
File Type
Win32 EXE
Magic Bytes PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
SSDEEP Hash
192:Exb+BtpjZG0RAkvyHCPxDunREU2q6nCF3Ss8Dj11NuPWAbbW:ExbkE0RAkvOuDkEq6nM3C1kPWAbbW
Scanner Version 1.0.223.174
Database Version 2025-08-28 06:00:43 UTC

Suspicious File Detected

Detected by 37 security engines - requires caution

This file requires additional checking for potential threats. Based on suspicious indicators, we will soon add it to our virus database.
51%
Detection Rate
10,240
File Size (bytes)
37/72
Engines Detected
2025-08-28
Analysis Date

Scan Another File

File Identification

Hash Type Value Action
MD5
fb95934d8095e6ea07729406b2d0043e
SHA1
84d1f0f4f053171946e1942ecdf4355e5adfd01f
SHA256
12830181b4c9dc1cefba7039d1e2ebd2eaf01e9ad643ac4d4a4a931bb096ef76
SHA512
25650589afbe9dcc773ff299257e5f0a803bb465a2012d7e7774621ad53fc8b7b60f9f95abe3b53ba60e43acb4e1eeafbebe4da68d5bf0e8f2a6810108b78ed4
ImpHash
f34d5f2d4577ed6d9ceec516c1f5a744

Security Engines with Detections (37 of 72)

Bkav
W32.AIDetectMalware.CS Malicious
Elastic
malicious (high confidence) Malicious
CAT-QuickHeal
HackTool.Flooder.B3 Malicious
ALYac
IL:Trojan.MSILZilla.9471 Malicious
Cylance
Unsafe Malicious
Sangfor
Trojan.Win32.Save.a Malicious
K7AntiVirus
Trojan ( 700000201 ) Malicious
K7GW
Trojan ( 700000201 ) Malicious
CrowdStrike
win/malicious_confidence_100% (D) Malicious
VirIT
Trojan.Win32.MSIL_Heur.A Malicious
ESET-NOD32
a variant of MSIL/Agent.LM Malicious
APEX
Malicious Malicious
Kaspersky
HEUR:HackTool.MSIL.Flooder.gen Malicious
BitDefender
IL:Trojan.MSILZilla.9471 Malicious
MicroWorld-eScan
IL:Trojan.MSILZilla.9471 Malicious
Avast
Win32:MalwareX-gen [Misc] Malicious
Rising
Backdoor.Blackout!1.CB08 (CLASSIC) Malicious
Emsisoft
IL:Trojan.MSILZilla.9471 (B) Malicious
F-Secure
Trojan.TR/Dropper.MSIL.Gen Malicious
DrWeb
Trojan.DownLoader10.18786 Malicious
VIPRE
IL:Trojan.MSILZilla.9471 Malicious
McAfeeD
Real Protect-LS!FB95934D8095 Malicious
Trapmine
suspicious.low.ml.score Malicious
CTX
exe.trojan.msilzilla Malicious
Sophos
ML/PE-A Malicious
Ikarus
Trojan.MSIL.Agent Malicious
GData
IL:Trojan.MSILZilla.9471 Malicious
Avira
TR/Dropper.MSIL.Gen Malicious
Arcabit
IL:Trojan.MSILZilla.D24FF Malicious
Microsoft
Trojan:Win32/Wacatac.B!ml Malicious
Google
Detected Malicious
AhnLab-V3
Malware/Win.Flooder.C4439346 Malicious
TrendMicro-HouseCall
Trojan.Win32.VSX.PE04C9j Malicious
SentinelOne
Static AI - Malicious PE Malicious
Fortinet
MSIL/Generic.AP.1785946!tr Malicious
AVG
Win32:MalwareX-gen [Misc] Malicious
DeepInstinct
MALICIOUS Malicious
35 engines reported no threats - Only engines with detections are shown above for clarity

PE Analysis

Basic Information

Image Base 0x00400000
Entry Point 0x00403d7e
Compilation Time 2025-08-28 02:52:27
Checksum 0x00000000 (Actual: 0x000047c8)
OS Version 4.0
PEiD Signatures PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
Digital Signature No valid SignedData structure was found.
Imports 1 libraries
mscoree
Exports 0 functions
Resources 1 Resources
Sections 3 Sections

Version Information

Translation 0x0000 0x04b0
Comments Hostprozess für Windows-Dienste
CompanyName Microsoft Corporation
FileDescription Hostprozess für Windows-Dienste
FileVersion 6.1.7600.16385
InternalName okey.exe
LegalCopyright © Microsoft Corporation. All rights reserved.
OriginalFilename okey.exe
ProductName Microsoft® Windows® Operating System
ProductVersion 6.1.7600.16385
Assembly Version 6.1.7600.16385

PE Sections

Name Virtual Address Virtual Size Raw Size Entropy Characteristics MD5
.text 0x00002000 7,556 bytes 7,680 bytes 5.52 (Normal) IMAGE_SCN_CNT_CODE|IMAGE_SCN_MEM_EXECUTE|IMAGE_SCN_MEM_READ E1EE4D0DE68D531DA6E1E40CFBD2D4FD
.rsrc 0x00004000 1,128 bytes 1,536 bytes 2.65 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_READ 7633A4EE9B9CA07A37C95E07FB3D9F35
.reloc 0x00006000 12 bytes 512 bytes 0.08 (Normal) IMAGE_SCN_CNT_INITIALIZED_DATA|IMAGE_SCN_MEM_DISCARDABLE|IMAGE_SCN_MEM_READ 52482FEDF048CF0E1132ADAC4CEEDE18

Resource Analysis

Total Resources: 1 (1,040 bytes)
Resource Type Count Total Size Percentage
RT_VERSION 1 1,040 bytes
100%

Certificate Chain Analysis

Certificate Information
Product Microsoft® Windows® Operating System
Description Hostprozess für Windows-Dienste
File Version 6.1.7600.16385
Original Name okey.exe
Internal Name okey.exe
Copyright © Microsoft Corporation. All rights reserved.

✓ This file has been digitally signed and the certificate chain has been verified

  • The signature ensures file integrity and authenticity from the publisher
  • Timestamping proves when the signature was applied
Certificate Verification Status

No valid SignedData structure was found.

Recommendation: Verify the file source and ensure it comes from a trusted publisher.

Remember: This is Result of Online Virus Scanner

Gridinsoft Anti-Malware has a much more powerful virus scanning engine. We recommend using it for a more precise diagnosis of infected systems. This brief guide will help you install our flagship product for more accurate diagnostics:

Download Anti-Malware

Keep Your System Protected

This file appears clean, but regular security maintenance is important

  1. Regular Scans: Run weekly system scans to detect new threats before they can cause damage.
  2. Keep Software Updated: Ensure your operating system and all applications have the latest security patches.
  3. Safe Browsing: Avoid suspicious websites and never download software from untrusted sources.
  4. Email Security: Be cautious with email attachments and links, even from known contacts.
Proactive Protection
37 antivirus engines detected potential threats. This could be a false positive, especially for system tools or packed software. Verify the file source and check if it's digitally signed by a trusted publisher.

Leave a Comment

Share your thoughts or insights about this file. Do you align with our conclusion?

* Your feedback could influence our rating, and rest assured, your email will remain confidential and will only be used to communicate with you if necessary.
Your Score for

Gridinsoft Anti-Malware

Cure your PC from any kind of malware

GridinSoft Anti-Malware will help you to protect your computer from spyware, trojans, backdoors, rootkits. It cleans your system from annoying advertisement modules and other malicious stuff developed by hackers.

Anti-Malware Download Now
Gridinsoft Anti-Malware