home

diskimagerev2.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from qc2.androidfilehost.com and multiple other hosts.
MD5:
5cb2f88708ac28fe3fda212f2036f0cd

SHA-1:
ece78bd0a006964c1934499380ef6d138a5f1cb6

SHA-256:
d7993223a400ea22e467098b48e27e142aa039a19426b54eaba38135be969324

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
11/27/2024 12:44:45 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:GenMalicious-COM [Trj]
2014.9-151001

File size:
14.1 MB (14,807,756 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\diskimagerev2.exe

File PE Metadata
Compilation timestamp:
6/9/2012 3:19:49 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
393216:1EB2Jsv6tWKFdu9CLKZQdWAwTkYIpAZjZK/zmE5KL9cxZ:fcAwm6rQfWc

Entry address:
0xAC87

Entry point:
E8, E3, FE, FF, FF, 33, C0, 50, 50, 50, 50, E8, 9F, 30, 00, 00, C3, 56, 57, 8B, 7C, 24, 0C, 8B, F1, 8B, CF, 89, 3E, E8, 8F, AB, FF, FF, 89, 46, 08, 89, 56, 0C, 8B, 87, 24, 0C, 00, 00, 89, 46, 10, 5F, 8B, C6, 5E, C2, 04, 00, 8B, C1, 8B, 08, 8B, 50, 10, 3B, 91, 24, 0C, 00, 00, 75, 0D, 6A, 00, FF, 70, 0C, FF, 70, 08, E8, 0E, B1, FF, FF, C3, 56, 8B, F1, 8B, 06, 85, C0, 74, 07, 50, FF, 15, C4, 40, 41, 00, 83, 26, 00, 83, 66, 08, 00, 83, 66, 0C, 00, 5E, C3, 56, 8B, F1, 80, 7E, 04, 00, 75, 34, 68, F4, 44, 41, 00...
 
[+]

Code size:
73 KB (74,752 bytes)

The file diskimagerev2.exe has been seen being distributed by the following 16 URLs.

http://qc2.androidfilehost.com/dl/AnVscl9QaCISAPqrS_NkiA/1476420616/.../DiskImageRev2.exe

http://qc1.androidfilehost.com/dl/ypAYFglca9myBvCNSHp2Bg/1470753424/.../DiskImageRev2.exe

http://qc2.androidfilehost.com/dl/hkIEizzB7yka789gQdyXiQ/1479039319/.../DiskImageRev2.exe

https://downloader.disk.yandex.ru/disk/8430222354b7586dc5cbf73a160719dbac04397f4238bc8b8fdc5f0084a8b5be/5825c507/.../x-msdownload&fsize=14807756&hid=51c5e6719d000bf4164111b475c3537a&media_type=executable&tknv=v2&etag=5cb2f88708ac28fe3fda212f2036f0cd

http://qc2.androidfilehost.com/dl/RHW7m7fO7x1vNWItnXwbJA/1479458812/.../DiskImageRev2.exe

http://qc2.androidfilehost.com/dl/n3sXe3pZ5JoI9hXnXc77iw/1472032740/.../DiskImageRev2.exe

http://qc1.androidfilehost.com/dl/KNqm_-0P9l0qvoKDfLEXtQ/1480858726/.../DiskImageRev2.exe

https://doc-14-8o-docs.googleusercontent.com/docs/securesc/ha0ro937gcuc7l7deffksulhg5h7mbp1/01jggvuojusj54013bo5eemopo7vl41i/1476194400000/01748329367093425923/.../0B7Tgm7eBY4iYdjlzS2tfYV9rcDQ?e=download

http://qc1.androidfilehost.com/dl/9i7SfEgDzG6-nNL_qkPfjQ/1476195012/.../DiskImageRev2.exe

https://docs.google.com/uc?authuser=0&id=0B7Tgm7eBY4iYdjlzS2tfYV9rcDQ&export=download

http://qc1.androidfilehost.com/dl/PqweS6qjpGi69KHfHkpBRg/1473326554/.../DiskImageRev2.exe

https://cloclo40.cldmail.ru/jEfFYs5ULgBHuJE2UCV/G/.../8QaDvRbkv?key=f4a2bfc0f1f49f5657e8b0215a62698fe672dee4

https://docs.google.com/uc?id=0B7Tgm7eBY4iYdjlzS2tfYV9rcDQ&export=download

http://4pda.ru/.../index.php?act=attach&id=7526621&dlsess=7b83900c8d499e270b1a2e87b7f92791

https://cloclo15.cldmail.ru/bnKdDrCXgVv3CwgYmPJ/G/.../8QaDvRbkv?key=0af9478182066ad6d3dcddba9d3fcefd52e01e89

http://qc2.androidfilehost.com/dl/_ObtlBEv542qLnSoct8tqg/1459711763/.../DiskImageRev2.exe

Scan diskimagerev2.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.