» diagnostics.exe
Overview
Analysis
File Details
Downloads (1)

diagnostics.exe

The application diagnostics.exe has been detected as a potentially unwanted program by 22 anti-malware scanners. The program is a setup application that uses the Nullsoft Install System installer, however the file is not signed with an authenticode signature from a trusted source. The file has been seen being downloaded from djtkh1hova1ix.cloudfront.net.

File name:

diagnostics.exe

MD5:

5a073d64fef1b9459134df960061456e

SHA-1:

84db0d71056d0246e7cde43df259505b5a5cbfe3

SHA-256:

c086a5d0056a1af425130f79998b85cadc7c2b073c900d3dd00fce18ab3d9b2d

Scanner detections:

22 / 68

Status:

Potentially unwanted

Explanation:

This is part of the Crossrider Internet browser extension framework which may modify the user's web browser settings including changing the home and search pages.

Note:

Crossrider is the owner of a platform that enables the creation of cross-browser extensions by developers but is not the owner of this detected application.

Analysis date:

11/5/2024 10:35:57 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Trojan.Generic.13062645

522

Agnitum Outpost

Riskware.Agent

7.1.1

Arcabit

Trojan.Generic.DC751F5

1.0.0.425

avast!

Win32:Malware-gen

2014.9-150831

Bitdefender

Trojan.Generic.13062645

1.0.20.1215

Clam AntiVirus

Trojan.Kazy-237

0.98/21511

Dr.Web

Trojan.Click2.64262

9.0.1.0243

Emsisoft Anti-Malware

Trojan.Generic.13062645

8.15.08.31.03

ESET NOD32

Win32/UnlimitedDownloads.F potentially unwanted (variant)

9.12171

Fortinet FortiGate

Riskware/UnlimitedDownloads

8/31/2015

F-Secure

Trojan.Generic.13062645

11.2015-31-08_2

G Data

Trojan.Generic.13062645

15.8.25

K7 AntiVirus

Trojan

13.2017053

McAfee

Artemis!5A073D64FEF1

5600.6656

MicroWorld eScan

Trojan.Generic.13062645

16.0.0.729

NANO AntiVirus

Trojan.Win32.Click2.dmikps

0.30.24.3283

nProtect

Trojan.Generic.13062645

15.08.28.01

Panda Antivirus

Trj/CI.A

15.08.31.03

Sophos

Generic PUA IE (PUA)

4.98

Trend Micro House Call

TROJ_GE.E6D7584F

7.2.243

Trend Micro

TROJ_GE.E6D7584F

10.465.31

VIPRE Antivirus

Trojan.Win32.Generic

43294

File size:

5.7 MB (5,992,782 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Nullsoft Install System

Common path:

C:\Program Files\common files\common dictionary\node\diagnostics.exe

File PE Metadata

Compilation timestamp:

12/7/2011 9:34:42 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.56

CTPH (ssdeep):

98304:UbQRMqnXmAtfBj3cojzxDMrdQVy+hE10iNBwMNtf+n4Jk9hSX2VlYw8QYLCi:U8fVB7ZhMxQVIfbwMt44nX2VSw8QiCi

Entry address:

0x3E3B

Entry point:

55, 89, E5, 57, 56, 53, 81, EC, AC, 01, 00, 00, E8, 2C, 58, 00, 00, C7, 04, 24, 01, 80, 00, 00, E8, D0, 54, 00, 00, 53, C7, 04, 24, 00, 00, 00, 00, E8, 3B, 58, 00, 00, 51, A3, 04, 08, 43, 00, C7, 04, 24, 08, 00, 00, 00, E8, 3F, 32, 00, 00, A3, B4, 08, 43, 00, 8D, 85, 84, FE, FF, FF, 52, C7, 44, 24, 10, 00, 00, 00, 00, C7, 44, 24, 0C, 60, 01, 00, 00, 89, 44, 24, 08, C7, 44, 24, 04, 00, 00, 00, 00, C7, 04, 24, 4C, B2, 40, 00, E8, 65, 57, 00, 00, 83, EC, 14, C7, 44, 24, 04, 4D, B2, 40, 00, C7, 04, 24, E4, 08... 
[+]

Entropy:

7.9982 (probably packed)

Code size:

34 KB (34,816 bytes)

The file diagnostics.exe has been seen being distributed by the following URL.

http://djtkh1hova1ix.cloudfront.net/.../diagnostics

Remove diagnostics.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.