home

diskfix.exe

Kinderzaubershow

Malwarebytes Corporation

The executable diskfix.exe has been detected as malware by 25 anti-virus scanners. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Malwarebytes Corporation  (signed and verified)

Product:
Kinderzaubershow

Description:
Fürstenkrone

Version:
4.08

MD5:
4f2df5a5b2b98494490cfc4eefd5938c

SHA-1:
a0dc4750bd9b85ec684dbea13668e3bfa96fb7d7

SHA-256:
526b4b5ebeeec277e654ea10a82c95844634eeb626d0f5b1e22a80c690d10c58

Scanner detections:
25 / 68

Status:
Malware

Analysis date:
4/19/2024 12:04:27 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Trojan.GenericKD.2003221
389

Agnitum Outpost
Trojan.DL.Wauchos
7.1.1

Avira AntiVirus
TR/Dropper.VB.24585
7.11.193.163

avast!
Win32:Malware-gen
2014.9-160111

AVG
Downloader.Small
2017.0.2867

Baidu Antivirus
Backdoor.Win32.Androm
4.0.3.16111

Bitdefender
Trojan.GenericKD.2003221
1.0.20.55

Dr.Web
Trojan.Siggen.65341
9.0.1.011

ESET NOD32
Win32/TrojanDownloader.Wauchos.AF
10.10844

Fortinet FortiGate
W32/Androm.AF!tr.bdr
1/11/2016

F-Secure
Trojan.GenericKD.2003221
11.2016-11-01_2

G Data
Trojan.GenericKD.2003221
16.1.24

IKARUS anti.virus
Trojan-Downloader.Win32.Wauchos
t3scan.1.8.5.0

K7 AntiVirus
Trojan-Downloader
13.186.14270

Kaspersky
Backdoor.Win32.Androm
14.0.0.832

Malwarebytes
Trojan.VBCrypt
v2016.01.11.02

McAfee
Ransom-FRE!4F2DF5A5B2B9
5600.6523

Microsoft Security Essentials
Worm:Win32/Gamarue
1.11202

MicroWorld eScan
Trojan.GenericKD.2003221
17.0.0.33

nProtect
Trojan.GenericKD.2003221
14.12.08.01

Panda Antivirus
Generic Suspicious
16.01.11.02

Qihoo 360 Security
HEUR/QVM03.0.Malware.Gen
1.0.0.1015

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
Suspicious_GEN.F47V1201
7.2.11

VIPRE Antivirus
Trojan.Win32.Generic
35538

File size:
309.3 KB (316,752 bytes)

Product version:
4.08

Copyright:
Bremsregelung

Trademarks:
Bommerlunder

Original file name:
Moralbesessenheit Felddatenerfassung.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\diskfix.exe

Digital Signature
Signed by:
Malwarebytes Corporation

Authority:
VeriSign, Inc.

Valid from:
6/4/2010 2:00:00 AM

Valid to:
6/5/2011 1:59:59 AM

Subject:
CN=Malwarebytes Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Malwarebytes Corporation, L=San Jose, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22A3557A2217CB2D89BAE979B554EF4D

File PE Metadata
Compilation timestamp:
11/30/2014 11:34:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:7gmSSis5pYeetsKANM4TA7ddvCFwUMZLVNOM:7dS5s3of4TA7ddvU5MZGM

Entry address:
0x1314

Entry point:
68, 50, 79, 41, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 5C, 94, D3, D7, 0B, 3E, 61, 47, B6, 00, DE, FC, 84, 47, E3, 1B, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 42, 00, 06, 50, 83, 01, 4D, 65, 72, 65, 6F, 6C, 6F, 67, 69, 73, 63, 68, 65, 6D, 00, 02, 00, 00, 00, 00, FF, CC, 31, 00, 0C, 0A, 21, 6C, A6, 2C, 92, 15, 4C, 85, C3, 13, E8, A4, F0, 9B, 22, D3, 5D, 6B, 15, AC, AD, 97, 49, AB, 57, 45, 1F, 52, 0F, CA, 42, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00...
 
[+]

Developed / compiled with:
Microsoft Visual Basic v5.0

Code size:
272 KB (278,528 bytes)

Remove diskfix.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.