home

win32kdiag.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from forumdobreprogramy.digidip.net.
MD5:
930556ac8837a77e443ff73c473a3054

SHA-1:
8addf644ca262e9c77c9453881d4b35f1257b11c

SHA-256:
718cc66e82ddf9a18d9186826bdce60d2f6fcbd32d6a8ce2aa395da92d002bbe

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
1/13/2025 3:50:03 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Packed/PECompact
7.1.1

Bkav FE
HW32.CDB
1.3.0.4959

Emsisoft Anti-Malware
Adware.Generic.669261
8.14.03.22.11

Qihoo 360 Security
HEUR/Malware.QVM17.Gen
1.0.0.1015

File size:
46.5 KB (47,616 bytes)

File type:
Executable application (Win32 EXE)

File PE Metadata
Compilation timestamp:
11/2/2009 5:58:42 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows Console

CTPH (ssdeep):
768:J3Zw+Y0Xo2p0QTBOyxGwN+a4Fhed90bfWzSF5m39sGTqXvvxE5DCRdLZSI0M:Jq+j42NlGwxNv0TWzSF5mtsTfvxoDCRL

Entry address:
0x4179

Entry point:
B8, 00, E2, 41, 00, 50, 64, FF, 35, 00, 00, 00, 00, 64, 89, 25, 00, 00, 00, 00, 33, C0, 89, 08, 50, 45, 43, 6F, 6D, 70, 61, 63, 74, 32, 00, EA, 12, 2F, 93, 45, 26, EE, DB, 71, EB, D7, 8B, F9, C6, 78, 93, E5, 3A, 00, FB, C8, F5, 52, 0B, 22, 0E, 50, 6A, 98, 15, 31, CE, 0D, AE, EF, EF, 44, EB, B2, 28, 9E, F6, DE, 14, C9, EB, AA, 60, B2, C5, 68, AA, FA, F0, 6E, E9, C1, 1A, B7, 37, F8, D5, 20, CA, 81, 45, D0, DF, 0B, 15, BD, 0F, B4, E4, 79, FA, 39, 8F, 7D, 9A, CE, D5, 2D, 03, 4A, A5, 2D, 42, 29, 30, E6, B5, EF...
 
[+]

Packer / compiler:
PECompact v2

Code size:
59 KB (60,416 bytes)

The file win32kdiag.exe has been seen being distributed by the following URL.

http://forumdobreprogramy.digidip.net/visit?url=http://ad13.geekstogo.com/Win32kDiag.exe&ppref=https://.../

Scan win32kdiag.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.