home

service.exe

It runs as a separate (within the context of its own process) windows Service named “Diagnostics”.
MD5:
ad91b95057401ec8a8d14b84b99abfad

SHA-1:
21bf9e08626bbd2ba0cf5c23fb6b8391691d1e1b

SHA-256:
c4f20533ae3c4b50b93eaec23c7a2b5af1fee90e1d688d9a26312cad3c89e92e

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/1/2025 8:18:51 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Crypt.XPACK.Gen
8.3.3.4

Baidu Antivirus
Win32.Trojan.WisdomEyes.16070401.9500
4.0.3.17316

F-Prot
W32/SuspPack.AA.gen
v6.4.7.1.166

Qihoo 360 Security
HEUR/QVM00.1.0000.Malware.Gen
1.0.0.1120

File size:
151.5 KB (155,136 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\common files\diagnostics\node\service.exe

File PE Metadata
Compilation timestamp:
1/1/2008 3:55:28 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
7.0

Entry address:
0x1C0

Entry point:
33, C0, C2, 08, 00, 00, 00, 00, 0D, 0A, 0D, 0A, 54, 68, 69, 73, 20, 66, 69, 6C, 65, 20, 77, 61, 73, 20, 73, 61, 6E, 69, 74, 69, 7A, 65, 64, 20, 62, 79, 20, 61, 76, 61, 73, 74, 21, 20, 41, 6E, 74, 69, 76, 69, 72, 75, 73, 2E, 0D, 0A, 0D, 0A, 00, 00, 8C, BF, 00, 00, 00, 00, 20, 00, 00, 60, 2E, 72, 64, 61, 74, 61, 00, 00, E2, 7B, 00, 00, 00, A0, 01, 00, 00, 7C, 00, 00, 00, 8E, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 40, 00, 00, 40, 2E, 64, 61, 74, 61, 00, 00, 00, C0, 30, 00, 00, 00, 20, 02, 00...
 
[+]

Entropy:
6.0650

Code size:
128 Bytes (128 bytes)

Service
Display name:
Diagnostics

Description:
Diagnostics service

Type:
Win32OwnProcess


Scan service.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.