diamondata.exe

PowerPack

Linkular LLC

The application diamondata.exe by Linkular has been detected as adware by 9 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from d3ijsb1ryk5jd8.cloudfront.net and multiple other hosts.
Publisher:
Linkular LLC  (signed and verified)

Product:
PowerPack

Version:
1.0.0.1044

MD5:
bbdb3d5ff96e420e4c9157e1b8c60286

SHA-1:
63310c79a3056290647ffe455b8faa5db86d72d1

SHA-256:
606e9ed2a377e64eb7b3a7f5a9ea4b1b5f844d2c120d4ea38b08b2ef7a9015e0

Scanner detections:
9 / 68

Status:
Adware

Analysis date:
11/23/2024 4:19:44 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Linkuar-B [PUP]
2014.9-140216

AVG
MalSign.Skodna.Linkular
2015.0.3561

Dr.Web
Adware.Downware.1308
9.0.1.047

ESET NOD32
Win32/AdWare.Linkular.AH
8.9403

Malwarebytes
PUP.Optional.Linkular.A
v2014.02.16.03

Reason Heuristics
PUP.Linkular.K
14.8.7.22

Rising Antivirus
PE:Malware.XPACK/RDM!5.1
23.00.65.14214

Trend Micro House Call
TROJ_GEN.F47V1006
7.2.47

VIPRE Antivirus
Linkular
26334

File size:
69.4 KB (71,096 bytes)

Product version:
1.0.0.1044

Copyright:
Linkular LLC, 2012

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\diamondata.exe

Digital Signature
Signed by:

Authority:
GoDaddy.com, Inc.

Valid from:
8/28/2012 7:42:21 AM

Valid to:
8/28/2013 7:42:21 AM

Subject:
CN=Linkular LLC, O=Linkular LLC, L=Redondo Beach, S=CA, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B9E504F75FA3A

File PE Metadata
Compilation timestamp:
12/5/2009 11:52:06 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
768:n/pT8mhxeQ/IkJTCxw+bzvDBnqb4WjXO3XJddYUuihyNXRZJowC5fDtWrm0npvap:/umhxebkJf+FTXJkfVtRDrcV+CNmLE3

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 6F, 44, 00, E8, 09, 2C, 00, 00, A3, A4, 6E, 44, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, 9C, 42, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 2E, 44, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, F0, 46, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Code size:
23 KB (23,552 bytes)

The file diamondata.exe has been seen being distributed by the following 4 URLs.

Remove diamondata.exe - Powered by Reason Core Security