» MGADiag.exe
Overview
Analysis
File Details
Downloads (8)

MGADiag.exe

Microsoft Genuine Advantage

Microsoft Corporation

File name:

MGADiag.exe

Publisher:

Microsoft Corporation (signed and verified)

Product:

Microsoft Genuine Advantage

Description:

Microsoft Genuine Advantage Diagnostic tool

Version:

1.9.0019.0

MD5:

064ae4ba960ebb9f6e9af3d83cc14dfc

SHA-1:

e5e814815bcb5ce2612fc399cb094eee5dee7328

SHA-256:

c3196568d658ee5f2253fa21283187d0de7c260fb7272fe28c42dce8fa675ea3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)
Whitelisted (by digital signature)

Analysis date:

12/26/2024 1:03:41 AM UTC (today)

File size:

1.5 MB (1,607,032 bytes)

Product version:

1.9.0019.0

Original file name:

MGADiag.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Microsoft Corporation

Authority:

Microsoft Corporation

Valid from:

12/7/2009 5:40:29 PM

Valid to:

3/7/2011 5:40:29 PM

Subject:

CN=Microsoft Corporation, OU=MOPR, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Issuer:

CN=Microsoft Code Signing PCA, O=Microsoft Corporation, L=Redmond, S=Washington, C=US

Serial number:

6101CF3E00000000000F

File PE Metadata

Compilation timestamp:

1/6/2010 2:02:27 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:jX2XCXIXtXvXKXuXfAHwYWCXSXUXmXrmdXgX7gXCXEXKXMYXYX3XgXnpWw0p8wTa:YX2gWw0pLj1PARPboR442e/Ax

Entry address:

0x2DB59

Entry point:

56, 8B, FF, E8, 8D, 57, 02, 00, 85, C0, 7D, 0B, 8B, F0, E8, FE, 85, 00, 00, 8B, C6, 5E, C3, A1, 50, 94, 41, 00, FF, D0, EB, EC, 9C, 55, 8B, EC, 83, EC, 18, 89, 45, EC, 89, 4D, E8, 89, 55, F0, 89, 5D, FC, 89, 75, F4, 89, 7D, F8, 8D, 55, 04, 8B, 02, 8B, 72, 04, 8B, 7E, 04, 83, EA, 04, 8B, CF, C1, E9, 06, 83, E1, 1F, 83, F9, 0E, 75, 14, 8B, C8, C1, E9, 04, 33, C8, C1, E9, 07, F7, D1, 83, E1, 01, E9, 10, 02, 00, 00, 83, F9, 13, 75, 0E, 24, 04, 33, C9, 3C, 04, 0F, 94, C1, E9, FD, 01, 00, 00, 83, F9, 0B, 75, 0C... 
[+]

Entropy:

4.5665

Code size:

740 KB (757,760 bytes)

The file MGADiag.exe has been seen being distributed by the following 8 URLs.

http://download1651.mediafire.com/ahwc2d4tadlg/.../MGADIAG.EXE

http://download1218.mediafire.com/28eu28sdtsbg/.../MGADIAG.EXE

http://download2025.mediafire.com/t0poe4z4m3vg/.../MGADIAG.EXE

http://download1969.mediafire.com/lac33fhc4hmg/.../MGADIAG.EXE

http://download2025.mediafire.com/5h4had3uasfg/.../MGADIAG.EXE

http://177.205.9.189/data/839bf0807027800b/download.microsoft.com/download/E/5/6/.../MGADiag.exe

http://download.microsoft.com/download/E/5/6/.../MGADiag.exe

http://go.microsoft.com/.../?LinkId=203456

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.