» diants.exe
Overview
Analysis
File Details
Network (2)

diants.exe

Microsoft

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable diants.exe has been detected as malware by 17 anti-virus scanners. While running, it connects to the Internet address li478-17.members.linode.com on port 80 using the HTTP protocol.

File name:

diants.exe

Publisher:

Microsoft Corporation* (Invalid match)

Product:

Microsoft® Windows® Operating System

Description:

Microsoft

Version:

1.00

MD5:

3971816ec9a6b660713c523437b11f25

SHA-1:

285249165e4466cde6bdfe79cdc427b63e4ee102

SHA-256:

cee4f345f303eb3bc4d91d8855f82fe4d130e000a8f0c1962f687c8b7097e793

Scanner detections:

17 / 68

Status:

Malware

Analysis date:

4/23/2024 9:35:12 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Kazy.9754

978

Avira AntiVirus

TR/Kazy.9754.9

7.11.141.184

avast!

Win32:VB-AEWA [Trj]

2014.9-140601

Bitdefender

Gen:Variant.Kazy.9754

1.0.20.760

Bkav FE

W32.Clod57b.Trojan

1.3.0.4959

Comodo Security

UnclassifiedMalware

18066

Emsisoft Anti-Malware

Gen:Variant.Kazy.9754

8.14.06.01.04

F-Secure

Gen:Variant.Kazy.9754

11.2014-01-06_1

G Data

Gen:Variant.Kazy.9754

14.6.24

IKARUS anti.virus

Trojan.VB2

t3scan.1.6.1.0

McAfee

Artemis!3971816EC9A6

5600.7112

MicroWorld eScan

Gen:Variant.Kazy.9754

15.0.0.456

Norman

Suspicious_Gen5.JGEN

11.20140601

Qihoo 360 Security

HEUR/Malware.QVM03.Gen

1.0.0.1015

Trend Micro House Call

TROJ_GEN.R0CBC0OFG13

7.2.152

Trend Micro

TROJ_GEN.R0CBC0OFG13

10.465.01

VIPRE Antivirus

Trojan.Win32.Generic

28115

File size:

96 KB (98,304 bytes)

Product version:

1.00

Original file name:

diants.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\syswow64\diants.exe

File PE Metadata

Compilation timestamp:

10/23/2012 11:50:05 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:XPt+E/NY+gap/6/FlLmZi3foLAHsYWCD/Flu+gap/t:/gEW+HZ6/TLmZ5WsjCD/Tu+HZ

Entry address:

0x1968

Entry point:

68, 58, 74, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, ED, FE, D6, 8F, 49, D4, EE, 43, AD, 87, 83, 81, F3, 97, B0, 3A, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 50, 72, 6F, 6A, 65, 63, 74, 31, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, FF, CC, 31, 00, 06, 06, 4E, FD, 55, 87, 90, 65, 45, BB, 6F, FC, 67, 32, 95, C6, DE, A5, 3D, DE, 06, 16, FE, 71, 47, AA, 27, BE, B1, C6, 5E, F8, FE, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Developed / compiled with:

Microsoft Visual Basic v5.0

Code size:

64 KB (65,536 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to li478-17.members.linode.com (50.116.27.17:80)

TCP (HTTP):

Connects to a111.azeelo.com (75.101.154.123:80)

Remove diants.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.