diskchk.exe

Fronterlebnisses5

Daniel Atallah

The executable diskchk.exe has been detected as malware by 25 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Daniel Atallah  (signed and verified)

Product:
Fronterlebnisses5

Description:
Bürgerholzes

Version:
3.03.0005

MD5:
f01eddb844eb76684ae834b8b5ca2c56

SHA-1:
e59de497d60a33b0b28cca31f7ad60c859bfd2e2

SHA-256:
3ab1e6c69bcf0d224111ef7c55540b23c9fbfecf2c08a1b32fd03cb585800c13

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
12/25/2024 5:22:45 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.1992608
80

AhnLab V3 Security
Trojan/Win32.Foreign
2014.12.02

Avira AntiVirus
TR/Dropper.VB.24224
7.11.189.196

avast!
Win32:Malware-gen
2014.9-161116

AVG
Downloader.Small
2017.0.2558

Baidu Antivirus
Trojan.Win32.Wauchos
4.0.3.161116

Bitdefender
Trojan.GenericKD.1992608
1.0.20.1605

Dr.Web
Trojan.Siggen.65341
9.0.1.0321

ESET NOD32
Win32/TrojanDownloader.Wauchos.AF
10.10810

Fortinet FortiGate
W32/Wauchos.AF!tr.dldr
11/16/2016

F-Secure
Trojan.GenericKD.1992608
11.2016-16-11_4

G Data
Trojan.GenericKD.1992608
16.11.24

IKARUS anti.virus
Trojan-Downloader.Win32.Wauchos
t3scan.1.8.3.0

K7 AntiVirus
Trojan-Downloader
13.186.14198

Kaspersky
UDS:DangerousObject.Multi.Generic
14.0.0.-716

Malwarebytes
Trojan.Downloader.Wauchos
v2016.11.16.05

McAfee
Artemis!F01EDDB844EB
5600.6214

Microsoft Security Essentials
Worm:Win32/Gamarue
1.11202

MicroWorld eScan
Trojan.GenericKD.1992608
17.0.0.963

nProtect
Trojan.GenericKD.1992608
14.12.01.01

Panda Antivirus
Trj/CI.A
16.11.16.05

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
Suspicious_GEN.F47V1125
7.2.321

VIPRE Antivirus
Trojan.Win32.Generic
35326

File size:
113.8 KB (116,536 bytes)

Product version:
3.03.0005

Copyright:
Rationierter0

Trademarks:
Ballonmamas

Original file name:
Fliegerfilmen Reinigungsprodukte2.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\diskchk.exe

Digital Signature
Signed by:

Authority:
StartCom Ltd.

Valid from:
9/19/2012 5:48:58 AM

Valid to:
9/20/2014 7:56:51 PM

Subject:
E=datallah@pidgin.im, CN=Daniel Atallah, L=Holland, S=Michigan, C=US, Description=FWg32Q3ZaA4V01lM

Issuer:
CN=StartCom Class 2 Primary Intermediate Object CA, OU=Secure Digital Certificate Signing, O=StartCom Ltd., C=IL

Serial number:
075E

File PE Metadata
Compilation timestamp:
11/24/2014 10:54:36 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:MS54UmF6GXXLKOuLbTpV5I2yew744wUrCj4UKrPYE:MyHi6GLKOuvt3Pyej4ZrCj4HYE

Entry address:
0x10EC

Entry point:
68, 1C, DE, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 48, 00, 00, 00, 00, 00, 00, 00, D5, 04, 41, 4C, 05, 5D, F3, 46, A3, 74, 61, A6, 34, 7A, 36, A9, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, E2, 02, 85, 00, 00, 00, 44, 69, 76, 69, 64, 65, 6E, 64, 65, 6E, 7A, 61, 68, 6C, 75, 6E, 67, 35, 00, 02, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 09, 6C, 24, 64, D7, 6A, E6, 0A, 41, A2, E8, 8B, 36, 93, 5B, A4, 11, F3, 7B, 14, 89, FC, 22, F2, 49, B1, 9D, 97, F1, EE, 01, C7, 2F, 3A, 4F, AD...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
92 KB (94,208 bytes)

Remove diskchk.exe - Powered by Reason Core Security