» MGADiag.exe
Overview
Analysis
File Details
Downloads (11)

MGADiag.exe

Microsoft Genuine Advantage

Microsoft Corporation

File name:

MGADiag.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Genuine Advantage

Description:

Microsoft Genuine Advantage Diagnostic tool

Version:

1.9.0027.0

MD5:

722812a9ef151c0d77cfbcf6d12b7bcf

SHA-1:

bd0e9809649f405b75ba6df5c5ffafbe0ef23919

SHA-256:

d4e0351277cba975c27d0f37a7ae47f44db5d9e3b7891d2440cfc4fbcd6cc625

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

11/24/2024 6:46:43 PM UTC (today)

File size:

1.9 MB (2,031,992 bytes)

Product version:

1.9.0027.0

Original file name:

MGADiag.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\mgadiag.exe

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

12/7/2009 12:40:29 PM

Valid to:

3/7/2011 12:40:29 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

6101CF3E00000000000F

File PE Metadata

Compilation timestamp:

4/13/2010 1:24:42 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:p3xO+IIsl3ncW9qGhq4oRcGQUmZe0cjD1MtU5oicZ:pBdIIsl3ncWUGhfoRcG3m4XjD

Entry address:

0x10465B

Entry point:

56, 8B, FF, E8, E4, 40, F3, FF, 85, C0, 7D, 0B, 8B, F0, E8, D3, A8, F8, FF, 8B, C6, 5E, C3, A1, A0, 4A, 45, 00, FF, D0, EB, EC, E8, 57, CA, F2, FF, CE, 00, 00, 00, A4, E0, F0, 2F, F4, 7A, 1A, 50, 93, 87, C9, 61, 78, BD, 79, 35, 9E, 71, 05, 58, FD, 4B, FD, 95, 8D, E4, B5, 3D, 40, 3E, B3, 40, EF, 14, F3, 1C, 4D, 64, 4A, D3, BF, E6, 72, 1D, C3, CC, 77, 92, 6B, FD, AF, 38, 50, AD, FD, B5, 60, 71, 1C, 3A, 94, D3, BE, 29, C0, DA, 27, 7A, 5E, 34, BB, 24, 75, A2, 5B, 45, B0, F0, 32, 81, 34, 59, 7E, CA, EE, 0F, 81... 
[+]

Entropy:

5.4936

Code size:

1.1 MB (1,176,064 bytes)

The file MGADiag.exe has been seen being distributed by the following 11 URLs.

http://forumkomputerswiat.digidip.net/visit?url=http://go.microsoft.com/fwlink/?linkid=52012&ppref=https://.../

https://sslvpn2.ntu.edu.tw/.../,DanaInfo=go.microsoft.com ?linkid=52012

http://go.bleepingcomputer.com/?id=3687X620620&site=bleepingcomputer.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/?linkid=52012&xguid=ab31aed731f789b96ea9f92ac7b44742&xuuid=68f57675fd846afc3e899d2b6721463a&xsessid=973de9aca42d15745880a07ba9fe3923&xcreo=0&xed=0&sref=http://www.bleepingcomputer.com/forums/t/574510/partial-product-key-how-can-i-reinstall-win7/&pref=https://.../&xtz=240&abp=1

http://click.linksynergy.com/deeplink?id=je6NUbpObpQ&mid=24542&u1=il6hinyfb200r70402e0q&murl=http://go.microsoft.com/.../?linkid=52012

ftp://ftp.ntpc.edu.tw/???????/.../????????????????????????????????????.exe

http://go.redirectingat.com/?id=3570X615803&site=sevenforums.com&xs=1&isjs=1&url=http://go.microsoft.com/fwlink/?linkid=52012&xguid=c7f12e68caa8d8466f23fa9b327e5afb&xuuid=273c68947263554f616aef04e6846679&xsessid=a255eebe9db2f7b3d99f046824ff87f5&xcreo=0&xed=0&sref=http://www.sevenforums.com/windows-updates-activation/297233-win-7-activation-n-slui-exe-access-denied-genuine-mga-inside.html&pref=https://.../&xtz=-420

https://go.microsoft.com/.../?linkid=52012

http://go.microsoft.dgmei.com/.../?linkid=52012

http://go.microsoft.com/.../?linkid=56062

http://go.microsoft.com/.../?linkid=52012

http://download.microsoft.com/download/9/F/3/.../MGADiag.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.