» diskediag.exe
Overview
Analysis
File Details
Behaviors (1)

diskediag.exe

System Utilities

Golden Plains Software, LLC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CoreChipTiManager’.

File name:

diskediag.exe

Publisher:

GP Systems Integration (signed by Golden Plains Software, LLC.)

Product:

System Utilities

Version:

8.2.0.0

MD5:

a8dc2910f9bed6d11f77630504512a07

SHA-1:

d478c576ad54a2f9804564c4181f71acedd4bd44

SHA-256:

5ebbb33769992b52c8fefaa24318c18b5373ec6d3ff378bdacbd60c014a356ef

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/2/2024 8:34:54 PM UTC (today)

File size:

3.1 MB (3,268,320 bytes)

Product version:

8.2.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\windows\diskediag.exe

Digital Signature

Signed by:

Golden Plains Software, LLC.

Authority:

GlobalSign nv-sa

Valid from:

4/21/2016 5:46:44 PM

Valid to:

6/18/2017 9:38:44 PM

Subject:

E=sales@gpsoftdev.com, CN="Golden Plains Software, LLC.", O="Golden Plains Software, LLC.", L=Simsbury, S=Connecticut, C=US

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121F4E0BDBF202E2089A77413B5A38F9695

File PE Metadata

Compilation timestamp:

5/9/2016 1:11:14 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

49152:ri6tpHds/aHVlkVDMiqhyTT+gZfyz4Fu8YF6rBiMM6zZYydkl:2cpHds/yVkDnSyuhz48M1zZYydkl

Entry address:

0x1D28BC

Entry point:

E8, D7, A6, 00, 00, E9, 7F, FE, FF, FF, 6A, 0C, 68, 68, D5, 6B, 00, E8, EE, 6C, 00, 00, 83, 65, E4, 00, 8B, 5D, 0C, 8B, C3, 8B, 7D, 10, 0F, AF, C7, 8B, 75, 08, 03, F0, 89, 75, 08, 83, 65, FC, 00, 4F, 89, 7D, 10, 78, 0C, 2B, F3, 89, 75, 08, 8B, CE, FF, 55, 14, EB, EE, 33, C0, 40, 89, 45, E4, C7, 45, FC, FE, FF, FF, FF, E8, 14, 00, 00, 00, E8, EF, 6C, 00, 00, C2, 10, 00, 8B, 7D, 10, 8B, 5D, 0C, 8B, 75, 08, 8B, 45, E4, 85, C0, 75, 0B, FF, 75, 14, 57, 53, 56, E8, 01, 00, 00, 00, C3, 6A, 14, 68, 88, D5, 6B, 00... 
[+]

Code size:

2.1 MB (2,173,952 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CoreChipTiManager

Command:

C:\windows\diskediag.exe

Scan diskediag.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.