diagnostics.exe

The application diagnostics.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from djtkh1hova1ix.cloudfront.net.
MD5:
5a073d64fef1b9459134df960061456e

SHA-1:
84db0d71056d0246e7cde43df259505b5a5cbfe3

SHA-256:
c086a5d0056a1af425130f79998b85cadc7c2b073c900d3dd00fce18ab3d9b2d

Scanner detections:
22 / 68

Status:
Potentially unwanted

Explanation:
This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:
Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:
12/26/2024 5:56:21 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.Generic.13062645
522

Agnitum Outpost
Riskware.Agent
7.1.1

Arcabit
Trojan.Generic.DC751F5
1.0.0.425

avast!
Win32:Malware-gen
2014.9-150831

Bitdefender
Trojan.Generic.13062645
1.0.20.1215

Clam AntiVirus
Trojan.Kazy-237
0.98/21511

Dr.Web
Trojan.Click2.64262
9.0.1.0243

Emsisoft Anti-Malware
Trojan.Generic.13062645
8.15.08.31.03

ESET NOD32
Win32/UnlimitedDownloads.F potentially unwanted (variant)
9.12171

Fortinet FortiGate
Riskware/UnlimitedDownloads
8/31/2015

F-Secure
Trojan.Generic.13062645
11.2015-31-08_2

G Data
Trojan.Generic.13062645
15.8.25

K7 AntiVirus
Trojan
13.2017053

McAfee
Artemis!5A073D64FEF1
5600.6656

MicroWorld eScan
Trojan.Generic.13062645
16.0.0.729

NANO AntiVirus
Trojan.Win32.Click2.dmikps
0.30.24.3283

nProtect
Trojan.Generic.13062645
15.08.28.01

Panda Antivirus
Trj/CI.A
15.08.31.03

Sophos
Generic PUA IE (PUA)
4.98

Trend Micro House Call
TROJ_GE.E6D7584F
7.2.243

Trend Micro
TROJ_GE.E6D7584F
10.465.31

VIPRE Antivirus
Trojan.Win32.Generic
43294

File size:
5.7 MB (5,992,782 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Nullsoft Install System

Common path:
C:\Program Files\common files\common dictionary\node\diagnostics.exe

File PE Metadata
Compilation timestamp:
12/7/2011 9:34:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
98304:UbQRMqnXmAtfBj3cojzxDMrdQVy+hE10iNBwMNtf+n4Jk9hSX2VlYw8QYLCi:U8fVB7ZhMxQVIfbwMt44nX2VSw8QiCi

Entry address:
0x3E3B

Entry point:
55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 2C, 58, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, D0, 54, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, 3B, 58, 00, 00, 51, A3, 04, 08, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 3F, 32, 00, 00, A3, B4, 08, 43, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, 65, 57, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, E4, 08...
 
[+]

Entropy:
7.9982  (probably packed)

Code size:
34 KB (34,816 bytes)

The file diagnostics.exe has been seen being distributed by the following URL.

Remove diagnostics.exe - Powered by Reason Core Security