.. /.Diagcab

Double Click
Executable
Native

Author:

mr.d0x

Description:

DIAGCAB files are diagnostic troubleshoot files introduced in Windows Vista. DIAGCAB files can be created & signed by attackers to execute code on the machine.

OS:

Windows

Recommendation:

Treat DIAGCAB files as executables. Block the execution of these files from unknown publishers. If feasible, block the download and execution of DIAGCAB files.

Resources:

https://www.proofpoint.com/us/threat-insight/post/windows-troubleshooting-platform-leveraged-deliver-malware

File Samples:

https://www.joesandbox.com/analysis/53153/0/html

Contributions: