Should I block it?

No, this file is 100% safe to run.

Additional versions

7.7.2.0	43.48%
7.6.12.0	56.52%

Relationships

Parent process

services.exe (Services and Controller app by Microsoft)

Related files

PE file structure

Show functions

Import table

advapi32.dll

OpenProcessToken, ImpersonateSelf, DuplicateTokenEx, GetUserNameW, SetSecurityDescriptorDacl, ImpersonateLoggedOnUser, CreateProcessAsUserW, RevertToSelf, RegNotifyChangeKeyValue, ChangeServiceConfigW, ChangeServiceConfig2W, OpenThreadToken, CreateServiceW, GetTokenInformation, SetSecurityDescriptorGroup, SetSecurityDescriptorOwner, InitializeSecurityDescriptor, IsValidSid, GetLengthSid, CopySid, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, RegEnumKeyExW, ControlService, DeleteService, RegQueryInfoKeyW, RegSetValueExW, RegQueryValueExW, RegOpenKeyExW, RegCreateKeyExW, RegCloseKey, RegDeleteValueW, RegDeleteKeyW, OpenSCManagerW, OpenServiceW, CloseServiceHandle, SetServiceStatus, RegisterEventSourceW, ReportEventW, DeregisterEventSource

kernel32.dll

OpenProcess, GetCurrentProcessId, MoveFileW, DeleteFileW, GetLocalTime, SuspendThread, ResumeThread, ResetEvent, CreateProcessW, WideCharToMultiByte, GetVersionExW, CreateMutexW, ReleaseMutex, lstrlenA, LocalFree, WriteFile, ExitProcess, HeapDestroy, HeapCreate, HeapReAlloc, VirtualFree, GetStartupInfoW, GetSystemTimeAsFileTime, WTSGetActiveConsoleSessionId, VirtualQuery, GetSystemInfo, VirtualAlloc, VirtualProtect, IsDebuggerPresent, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, RtlUnwind, HeapFree, HeapAlloc, GetModuleFileNameA, TlsGetValue, TlsAlloc, IsProcessorFeaturePresent, InterlockedCompareExchange, SetEnvironmentVariableA, CompareStringW, CompareStringA, CreateFileA, GetProcessHeap, SetEndOfFile, ReadFile, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, CreateFileW, FlushFileBuffers, SetStdHandle, GetExitCodeThread, GetTickCount, GlobalAlloc, GlobalLock, GlobalHandle, GlobalFree, WaitForMultipleObjects, GetPrivateProfileSectionW, GetPrivateProfileStringW, FindResourceExW, lstrcpyW, SetEvent, InterlockedDecrement, InterlockedIncrement, SetLastError, GetCurrentThreadId, CreateEventW, CreateThread, Sleep, GetCurrentThread, GetCurrentProcess, FlushInstructionCache, WaitForSingleObject, CloseHandle, LockResource, DeleteCriticalSection, InitializeCriticalSection, lstrlenW, LeaveCriticalSection, EnterCriticalSection, GetCommandLineW, LoadLibraryExW, FindResourceW, LoadResource, SizeofResource, MultiByteToWideChar, FreeLibrary, GetModuleFileNameW, lstrcmpiW, GetModuleHandleW, GetProcAddress, GetLastError, RaiseException, GetFileAttributesW, TlsSetValue, TlsFree, HeapSize, GetLocaleInfoA, GetStringTypeW, GetCPInfo, GetStringTypeA, LCMapStringA, GetConsoleMode, GetConsoleCP, LoadLibraryA, InterlockedExchange, GetACP, GetOEMCP, IsValidCodePage, LCMapStringW, GetModuleHandleA, SetHandleCount, GetFileType, GetStartupInfoA, SetFilePointer, GetTimeZoneInformation, FreeEnvironmentStringsW, GetEnvironmentStringsW, QueryPerformanceCounter, InitializeCriticalSectionAndSpinCount, GetStdHandle

ole32.dll

CoTaskMemAlloc, CoTaskMemRealloc, CoUninitialize, CoInitialize, CoTaskMemFree, StringFromGUID2, CoRevokeClassObject, CoRegisterClassObject, CoInitializeEx, OleRun, CoCreateGuid, CoInitializeSecurity, CoCreateInstance

psapi.dll

EnumProcessModules, GetModuleBaseNameW, EnumProcesses

rpcrt4.dll

NdrStubCall2, RpcStringFreeW, UuidToStringW, NdrClientCall2, NdrCStdStubBuffer2_Release, NdrOleAllocate, NdrOleFree, IUnknown_QueryInterface_Proxy, IUnknown_AddRef_Proxy, IUnknown_Release_Proxy, NdrStubForwardingFunction

shell32.dll

SHGetSpecialFolderPathW, ShellExecuteW

user32.dll

SetCursor, WaitForInputIdle, PeekMessageW, PostMessageW, GetWindowLongW, CallWindowProcW, DefWindowProcW, UnregisterClassA, RegisterClassExW, LoadCursorW, GetClassInfoExW, SetWindowLongW, DestroyWindow, MessageBoxW, CharUpperW, CharNextW, LoadStringW, PostThreadMessageW, GetMessageW, DispatchMessageW, TranslateMessage, CreateWindowExW

userenv.dll

LoadUserProfileW, UnloadUserProfile, CreateEnvironmentBlock, DestroyEnvironmentBlock

winspool.drv

FindFirstPrinterChangeNotification, OpenPrinterW, FindNextPrinterChangeNotification, FindClosePrinterChangeNotification, GetPrinterDataW, EnumPrintersW, DeletePrinterDataW, XcvDataW, GetPrinterW, DeviceCapabilitiesW, EnumJobsW, ClosePrinter

wtsapi32.dll

WTSQueryUserToken

ekprintersdk.exe

KODAK AiO Printer Driver by Eastman Kodak Company (Signed)

Remove ekprintersdk.exe

Version:	7.7.2.0
MD5:	e29f999616d7c08b0e91296908c47caf
SHA1:	c610c73b72c6997df6c2fcc8bc8c425757473808
SHA256:	285594b526a15911238b89e5fcbcffa48a6c69ccc481918d2c474c6bb12869e6

Overview

ekprintersdk.exe runs as a service under the name Kodak AiO Status Monitor Service with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including KODAK AiO Software published by Eastman Kodak Company, KODAK AiO Software from Eastman Kodak Company and KODAK AiO Software by Eastman Kodak Company. The file is digitally signed by Eastman Kodak Company which was issued by the VeriSign certificate authority (CA).

Details

File name:	ekprintersdk.exe
Publisher:	Eastman Kodak Company
Product name:	KODAK AiO Printer Driver
Description:	Status Monitor SDK for KODAK AiO Printer (32-Bit Intel(R) Pentium(TM) 4 Optimized Build)
Typical file path:	C:\Program Files\kodak\aio\statusmonitor\ekprintersdk.exe
Original name:	EKAiO2SDK.exe
File version:	7.7.2.0
Product version:	7.7.2
Size:	761.87 KB (780,152 bytes)
Build date:	1/15/2013 12:06 AM
Certificate
Issued to:	Eastman Kodak Company
Authority (CA):	VeriSign
Effective date:	Sunday, January 22, 2012
Expiration date:	Thursday, January 22, 2015
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Programs

The following programs will install this file

KODAK AiO Software

Eastman Kodak Company

27% remove

“With this version of software, you can easily download PrintProjects software, which helps you design, print, and share photo cards, calendars, books, and more. With PrintProjects software, you can print at home or have your creations shipped to you.”

KODAK All-in-One Software

Eastman Kodak Company

10% remove

This is the software driver and additional utilities required for managing and connecting the KODAK All-in-One Printer Software device to the PC. Uninstalling this driver may cause the hardware to stop functioning properly (only remove this package if you no longer have the device connected to your PC).

Behaviors

Service

Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)

'Kodak AiO Status Monitor Service'

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00020087%	0.028634%
Kernel CPU:	0.00011594%	0.013761%
User CPU:	0.00008493%	0.014873%
Kernel CPU time:	9,862 ms/min	100,923,805ms/min
CPU cycles:	5,988,186/sec	17,470,203/sec
Context switches:	12/sec	284/sec
Memory
Private memory:	4.58 MB	21.59 MB
Private (maximum):	11.12 MB
Private (minimum):	8.05 MB
Non-paged memory:	4.58 MB	21.59 MB
Virtual memory:	74.08 MB	140.96 MB
Virtual memory (peak):	77.67 MB	169.69 MB
Working set:	9.08 MB	18.61 MB
Working set (peak):	11.2 MB	37.95 MB
Page faults:	267,566/min	2,039/min
I/O
I/O read transfer:	1.13 KB/sec	1.02 MB/min
I/O read operations:	1/sec	343/min
I/O other transfer:	6.27 KB/sec	448.09 KB/min
I/O other operations:	17/sec	1,671/min
Resource allocations
Threads:	12	12
Handles:	196	600

Process properties

Integrety level:	System
Platform:	64-bit
Command line:	"C:\Program Files\kodak\aio\statusmonitor\ekprintersdk.exe"
Owner:	SYSTEM
Windows Service
Service name:	Kodak AiO Status Monitor Service
Description:	“Kodak Status Monitor SDK Service”
Type:	Win32OwnProcess
Parent process:	services.exe (Services and Controller app by Microsoft)

Threads