home

diff.exe

This is a setup program which is used to install the application. The file has been seen being downloaded from ctan.mackichan.com.
MD5:
9255d1ce4b6f6fe28cc579c859ff9788

SHA-1:
11f71d6b757893e59a2d39684ff67a90345c4908

SHA-256:
197145c32ebbf48b597836c5e449cd07b3a4ab0b588b88e04797d654fdab7a38

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 5:14:38 PM UTC  (today)

File size:
119.5 KB (122,372 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\users\{user}\downloads\diff.exe

File PE Metadata
OS bitness:
Win64

CTPH (ssdeep):
3072:HLnA0y8pbhbtksfzMdEvwreTkSZv4SA+j9+TTXYGyQ:HLnAV8pNbmgMdEvwQkyv6X6Q

Entry point:
4D, 5A, 00, 00, 6F, 00, 60, 00, 20, 00, 9A, 0A, FF, FF, 32, 18, 80, 00, 00, 00, 00, 00, 00, 00, 22, 00, 00, 00, 01, 00, FB, 20, 72, 6A, 01, 00, 00, 00, A3, 02, 00, 00, 7D, 02, 00, 00, 49, 02, 00, 00, 6E, 09, 00, 00, 3E, 09, 00, 00, 7E, 0D, 00, 00, 20, 0C, 00, 00, 15, 0C, 00, 00, A2, 0B, 00, 00, 83, 0B, 00, 00, AA, 0A, 00, 00, 8C, 0A, 00, 00, 26, 16, 00, 00, DB, 15, 00, 00, 38, 22, 00, 00, 83, 22, 00, 00, 2E, 25, 00, 00, D4, 25, 00, 00, E3, 25, 00, 00, F3, 25, 00, 00, 04, 26, 00, 00, 7F, 26, 00, 00, 87, 26...
 
[+]

The file diff.exe has been seen being distributed by the following URL.

http://ctan.mackichan.com/web/tweb/.../diff.exe

Scan diff.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.