nanaxvenue.blogg.se

18 Februari 2022 - 21:03
Windirstat 1.1.2
Allmänt
Windirstat 1.1.2






  1. #WINDIRSTAT 1.1.2 ARCHIVE#
  2. #WINDIRSTAT 1.1.2 PRO#
  3. #WINDIRSTAT 1.1.2 CODE#
  4. #WINDIRSTAT 1.1.2 DOWNLOAD#
  5. #WINDIRSTAT 1.1.2 WINDOWS#

#WINDIRSTAT 1.1.2 DOWNLOAD#

Below you can select one of the links to download WinDirStat. WinDirStat can be downloaded from the main site and also mirrors like FossHub, SourceForge, and Triple.

  • Providing information like usage percentage, size, file, and attributes.
  • Listing file and folders with their sizes with tree scheme.
  • Coloring of the file types and extensions.
  • Support for most of the operating systems like Linux, Ubuntu, Mint, Debian, Fedora, Windows, MacOS.
    • We will examine the features of WinDirStat in detail below but here is a shortlist for the features of the WinDirStat. Windirstat can also clean up different types of files and directories easily.Īs stated Windirstat is the alternative for the KDirStat or QDirStat in Linux, Disk Inventory or GrandPerspective in MacOSX. The latest version of the WinDirStat is 1.1.2.80 which is released January 28, 2019. Actually, Windirstat is a clone of the Kdirstat which is developed for Linux distributions for KDE desktop environment where the K came from.

    #WINDIRSTAT 1.1.2 WINDOWS#

    Usually you won’t get a file that is deemed malicious from any anti-malware company, but since I work in the AV industry as well and had contact with Doug before, I had the credentials.Windirstat is a tool used to list, print disk, file, and folder size and related statistics on Windows operating systems.It is possible to forge binaries that match the MD5 hash of another binary as recent government-sanctioned malware has shown. keep in mind that MD5 has been broken, so you should never rely on it alone anyway.that false positive has been fixed meanwhile.Still: you are encouraged to double or triple check! And keep in mind that MD5 is broken, so never ever rely on MD5 alone. I checked last night and at least the downloads from and DownloadBestSoft were genuine. Future releases of WDS will be signed with an Authenticode certificate, so it will also make it harder to trojanize WinDirStat. check that their hashes match what is expected. Now I don’t have the time to investigate into what exactly this thing is doing, but it bears all the hallmarks of malware and therefore from my perspective that file isn’t a false positive. Holy moly, Batman! Someone actually trojanized WinDirStat and it looks like EPO 4 just from a brief look.Īgain, this file is named windirstat.exe and to the naked eye it looks like the Unicode build from the 1.1.2 installer, but in actuality this is a trojanized version of the genuine file. text:004471B4 hPrevInstance = dword ptr 8Īnd when I did the same on the trojanized file it looked like this.

    #WINDIRSTAT 1.1.2 PRO#

    So I loaded the genuine file into IDA Pro and the entry point looked like this.

    #WINDIRSTAT 1.1.2 CODE#

    The size matched, the timestamp in the PE header matched, just some things like the sections and a whole lot of code or data had been changed in the middle of the file. And what struck me was that all external traits shown by this file matched closely the Unicode build from the 1.1.2 installer.

    #WINDIRSTAT 1.1.2 ARCHIVE#

    Now I didn’t have that file in my release archive so I asked for the file 3 and was then able to look at the actual trojanized file. It turned out that the file aforementioned Swedish user had inquired about wasn’t under detection, but another file with the MD5 hash a84aad50293bf5c49fc465797b5afdad. So I got a contact for the malware research at MalwareBytes and was able to inquire about the file. We’ve had this before, but this time it was a slightly different case. That is the installer with the following two cryptographic hashes 2: I assumed false positive and it turned out that it was at least for the particular file that the Swedish user had (SHA1: 26e14a532e1e050eb20755a0b7a5fea99dd80588) 1 – which was the genuine file from the genuine version 1.1.2 installer. Now, the report I got from a WinDirStat user from Sweden (thanks again!) was that MalwareBytes had detected WDS once again. Well, actually it isn’t the genuine WinDirStat but a trojanized version posing as WinDirStat and it’s masquerading under the disguise of the good Unicode version of windirstat.exe which is contained in the installer.








    Windirstat 1.1.2
    0 kommentar(er)
    Om Mig: