home

dimenas.exe

Операционная система Microsoft Windows

Корпорация Майкрософт

This is a setup program which is used to install the application. The file has been seen being downloaded from test1.darmo.biz and multiple other hosts.
Publisher:
Корпорация Майкрософт

Product:
Операционная система Microsoft® Windows®

Description:
Программа разговора (Chat) для NT из Windows для рабочих групп

Version:
5.1.2600.0 (xpclient.010817-1148)

MD5:
dcb019624fb8e92eb26adf2bef77d46c

SHA-1:
65f4526228777255295b12cd72185bee4381daa8

SHA-256:
142e24ba1fdcf998986e526bf2e85dfbc9fe627e5b7b29033ffb45ace6e2c716

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
1/15/2025 4:54:03 AM UTC  (today)

Scan engine
Detection
Engine version

Qihoo 360 Security
HEUR/QVM20.1.Malware.Gen
1.0.0.1077

File size:
188 KB (192,512 bytes)

Product version:
5.1.2600.0

Copyright:
© Корпорация Майкрософт. Все права защищены.

Original file name:
WINCHAT.EXE

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\users\{user}\appdata\local\temp\dimenas.exe

File PE Metadata
Compilation timestamp:
12/14/2015 10:52:38 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
8.0

CTPH (ssdeep):
3072:VTk6aMrnggCINqvtI35WNRSpZyCPrKJ8JnjrHuNuD6o+:VbakfCINqVaNrKEjrHuUGo

Entry address:
0x105A

Entry point:
E9, 21, AE, 00, 00, E9, 8C, 53, 00, 00, E9, 17, 98, 00, 00, E9, 82, A9, 00, 00, E9, ED, 31, 00, 00, E9, 28, 62, 00, 00, E9, D3, 3D, 00, 00, E9, 6E, 43, 00, 00, E9, 39, 98, 00, 00, E9, 14, 42, 00, 00, E9, 6F, 2B, 00, 00, E9, FA, 5F, 00, 00, E9, 05, 70, 00, 00, E9, E0, 4F, 00, 00, E9, BB, 79, 00, 00, E9, 56, 9C, 00, 00, E9, 11, 2E, 00, 00, E9, AC, 45, 00, 00, E9, F7, 59, 00, 00, E9, 32, 26, 00, 00, E9, 2D, 8C, 00, 00, E9, E8, D2, 00, 00, E9, 43, 45, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC...
 
[+]

Developed / compiled with:
Microsoft Visual C++ 8.0 (Debug)

Code size:
60 KB (61,440 bytes)

The file dimenas.exe has been seen being distributed by the following 2 URLs.

http://test1.darmo.biz/.../43s5d6f7g.exe

http://exfabrica.org/.../43s5d6f7g.exe

Scan dimenas.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.