home

diskediag.exe

System Utilities

Golden Plains Software, LLC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MemoryMangerExi’.
Publisher:
GP Systems Integration  (signed by Golden Plains Software, LLC.)

Product:
System Utilities

Version:
7.2.1.0

MD5:
6c40472327060573f0c8abc1bcf209e2

SHA-1:
88f482df8710fcfa54436c11819da71f91a9a6b7

SHA-256:
70e1842eb20dab9a6a12133be0c52cf5e5fce9298f045447a729a8a5ad30b060

Scanner detections:
1 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/24/2024 3:11:10 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
W32/Virut.Gen
7.11.30.172

File size:
2.8 MB (2,988,128 bytes)

Product version:
7.2.1.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\diskediag.exe

Digital Signature
Signed by:
Golden Plains Software, LLC.

Authority:
GlobalSign nv-sa

Valid from:
2/21/2012 9:27:26 PM

Valid to:
5/21/2015 9:27:26 PM

Subject:
E=sales@gpsoftdev.com, CN="Golden Plains Software, LLC.", O="Golden Plains Software, LLC.", S=Nevada, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112138AA3AFB98A3701A84679F8A41A749FC

File PE Metadata
Compilation timestamp:
1/1/2015 10:28:30 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
49152:Lso9nP67+yKt1QFEp41J6WvZ3xmp21oPj/d2oZBcnR6p4WLhy:LsA6K1QV1J8qs1cnR6ZLhy

Entry address:
0x1AD671

Entry point:
E8, 64, D9, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, E0, 94, 67, 00, E8, 09, 25, 00, 00, E8, C7, 78, 00, 00, 0F, B7, F0, 6A, 02, E8, F7, D8, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, 88, BE, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, DC, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.7436

Code size:
1.9 MB (1,969,664 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MemoryMangerExi

Command:
C:\windows\diskediag.exe


Scan diskediag.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.