home

diskediag.exe

System Utilities

Golden Plains Software, LLC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘MemoryMangerExi’.
Publisher:
GP Systems Integration  (signed by Golden Plains Software, LLC.)

Product:
System Utilities

Version:
7.2.1.0

MD5:
b5e403086d8f35e28ac04f0983fca4f6

SHA-1:
ec7ca6413f291b0cc7196b8e3617a97394b1a45d

SHA-256:
e691d2a7644353b9713ab8fa40fc02616f0a9d3d2f508ad0db2d203ef751fc21

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 9:41:10 AM UTC  (today)

File size:
4 MB (4,176,904 bytes)

Product version:
7.2.1.0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\windows\diskediag.exe

Digital Signature
Signed by:
Golden Plains Software, LLC.

Authority:
GlobalSign nv-sa

Valid from:
2/21/2012 7:57:26 AM

Valid to:
5/21/2015 8:57:26 AM

Subject:
E=sales@gpsoftdev.com, CN="Golden Plains Software, LLC.", O="Golden Plains Software, LLC.", S=Nevada, C=US

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
112138AA3AFB98A3701A84679F8A41A749FC

File PE Metadata
Compilation timestamp:
9/2/2013 5:36:20 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:4cwhdogyPrcqTKiHqtVnhh8AjUpNr5EShmSEbjbnzyK:8dVMQTGA+RGShmS+j

Entry address:
0x290A1A

Entry point:
E8, 0B, DC, 00, 00, E9, 00, 00, 00, 00, 6A, 14, 68, 50, 79, 79, 00, E8, 00, 25, 00, 00, E8, BB, 85, 00, 00, 0F, B7, F0, 6A, 02, E8, 9E, DB, 00, 00, 59, B8, 4D, 5A, 00, 00, 66, 39, 05, 00, 00, 40, 00, 74, 04, 33, DB, EB, 33, A1, 3C, 00, 40, 00, 81, B8, 00, 00, 40, 00, 50, 45, 00, 00, 75, EB, B9, 0B, 01, 00, 00, 66, 39, 88, 18, 00, 40, 00, 75, DD, 33, DB, 83, B8, 74, 00, 40, 00, 0E, 76, 09, 39, 98, E8, 00, 40, 00, 0F, 95, C3, 89, 5D, E4, E8, FE, CB, 00, 00, 85, C0, 75, 08, 6A, 1C, E8, D0, 00, 00, 00, 59, E8...
 
[+]

Entropy:
6.6950

Code size:
2.8 MB (2,959,872 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
MemoryMangerExi

Command:
C:\windows\diskediag.exe


Scan diskediag.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.