home

diskediag.exe

System Utilities

Golden Plains Software, LLC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MemoryMangerExi’.
Publisher:
GP Systems Integration  (signed by Golden Plains Software, LLC.)

Product:
System Utilities

Version:
7.2.1.0

MD5:
29539b44acc750ff317f51c733cdcc89

SHA-1:
1fe1a67660763452b33726e5867d8559a12b4668

SHA-256:
6fd37ad8e20751d8e7cee5da3a44901374e24a01f8f46bf95fad9f6e0a5a1525

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 8:38:15 AM UTC  (today)

File size:
4.1 MB (4,298,880 bytes)

Product version:
7.2.1.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\diskediag.exe

Digital Signature
Signed by:
Golden Plains Software, LLC.

Authority:
GlobalSign nv-sa

Valid from:
2/21/2012 8:57:26 PM

Valid to:
5/21/2015 8:57:26 PM

Subject:
E=sales@gpsoftdev.com, CN="Golden Plains Software, LLC.", O="Golden Plains Software, LLC.", S=Nevada, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112138AA3AFB98A3701A84679F8A41A749FC

File PE Metadata
Compilation timestamp:
10/29/2013 6:49:24 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:pGSVrUu8OmfTjErDm1blwxHqrdOEmaLc2oY7Hjj:sSVrnEswwdqNmaLc2oY7

Entry address:
0x2A58FA

Entry point:
E8, FB, DB, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 30, 53, 7B, 00, E8, 00, 25, 00, 00, E8, AB, 85, 00, 00, 0F, B7, F0, 6A, 02, E8, 8E, DB, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, EE, CB, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, D0, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.6913

Code size:
2.9 MB (3,058,176 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MemoryMangerExi

Command:
C:\windows\diskediag.exe


Scan diskediag.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.