DI1.EXE (Derivative 171576419), Prevx

Associated Malware Groups

The unsafe files using this name are associated with the malware group:

Malicious Software

File Behavior

DI1.EXE has been seen to perform the following behavior:

The Process is packed and/or encrypted using a software packing process
This process creates other processes on disk
Executes a Process
This Process Deletes Other Processes From Disk
Writes to another Process's Virtual Memory (Process Hijacking)
Registers a Dynamic Link Library File
Enables a COM Object/Server on the Local Machine
Adds products to the system registry
Executes Processes stored in Temporary Folders
Can communicate with other computer systems using HTTP protocols
Terminates Processes
This Process sends MIME Email
This Process can access Web Mail Servers
Adds a Registry Key (RUN) to auto start Programs on system start up
Changes the Internet Explorer Search Page
Adds a Registry Key (RUNONCE) to auto start Programs on system start up

DI1.EXE has been the subject of the following behavior:

Created as a process on disk
Deleted as a process from disk
Executed as a Process
Executed by Internet Explorer
Has code inserted into its Virtual Memory space by other programs
Terminated as a Process
Copied to multiple locations on the system
Registered as a Dynamic Link Library File
Enabled as a COM Object/Server on the Local Machine

Country Of Origin

The filename DI1.EXE was first seen on May 31 2007 in the following geographical regions of the Webroot community:

Europe on May 31 2007
Pakistan on May 31 2007
on Oct 28 2007
The United States on Oct 28 2007
Kuwait on Jan 14 2009
South Africa on May 15 2012

File Name Aliases

DI1.EXE can also use the following file names:

AHU6BM0Z.EXE
BG4OQ2PW.EXE
HOST.EXE
SKGXMUEG.EXE
VEMKPQF4.EXE
WA6WJK2A.EXE
X7LEJVY2.EXE
XQ0F6OA5.EXE
XY8KXNEI.EXE
Y0T4FQRE.EXE
ZJ3Z6S6R.EXE
SVCHOST.EXE
RAVMON.EXE
KWZNNTES.EXE
URDVXC.EXE
DHHZ4GR4.EXE
EIXN1PXM.EXE
7ZIPFREE_8675[n].EXE
DF1.EXE
0DES27SW.EXE
7ZIPFREE_8675.EXE
DC1.EXE
2RPAQQMM.EXE
3I6OGT57.EXE
3QJNFJM0.EXE
3SZMZTT8.EXE
5T9AKAC5.EXE
6WNT8JNV.EXE
DD30.EXE
DG2.EXE
DD2.EXE
DI2.EXE
DR1.EXE
DQ1.EXE
DN1.EXE
DM1.EXE
DL2.EXE
DL1.EXE
DK1.EXE
DJ1.EXE
DH1.EXE
DG1.EXE
DE1.EXE

Filesizes

The following file size has been seen:

8,232,960 bytes
1,970,176 bytes
2,825,712 bytes
49,242 bytes
63,488 bytes
4,553,848 bytes

File Type

The filename DI1.EXE refers to many versions of an executable program.

Website Activity

One or more files with the name DI1.EXE interacts with the following web sites and pages. Web addresses have been deliberately modified to prevent unintentional use.

TCP:216.148.217.210:139 Port:15
TCP:216.148.217.210:445 Port:15
TCP:216.148.64.133:139 Port:19
TCP:216.148.64.133:445 Port:19
TCP:216.148.49.154:139 Port:22
TCP:216.148.49.154:445 Port:22
TCP:216.148.61.105:139 Port:24
TCP:216.148.61.105:445 Port:24
TCP:216.148.213.68:139 Port:24
TCP:216.148.213.68:445 Port:24
Port 25 IP:216.148.244.115
Port 25 IP:216.148.200.236
Port 25 IP:216.148.129.133
TCP:216.148.70.98:139 Port:15
TCP:216.148.70.98:445 Port:15
TCP:216.148.120.50:139 Port:15
TCP:216.148.120.50:445 Port:15
TCP:216.148.66.200:139 Port:17
TCP:216.148.66.200:445 Port:17
TCP:216.148.65.66:139 Port:17
TCP:216.148.65.66:445 Port:17
TCP:216.148.49.149:139 Port:17
TCP:216.148.49.149:445 Port:17
TCP:216.148.201.43:139 Port:20
TCP:216.148.201.43:445 Port:20
TCP:216.148.120.89:139 Port:24
TCP:216.148.120.89:445 Port:24
TCP:216.148.50.34:139 Port:28
TCP:216.148.50.34:445 Port:28
TCP:216.148.49.79:139 Port:16
TCP:216.148.49.79:445 Port:16
TCP:216.148.220.37:139 Port:18
TCP:216.148.220.37:445 Port:18
TCP:216.148.218.142:139 Port:18
TCP:216.148.218.142:445 Port:18
TCP:216.148.50.67:139 Port:28
TCP:216.148.50.67:445 Port:28
TCP:216.148.66.212:139 Port:28
TCP:216.148.66.212:445 Port:28
TCP:216.148.50.50:139 Port:29
TCP:216.148.50.50:445 Port:29
TCP:216.148.129.158:139 Port:24
TCP:216.148.129.158:445 Port:24
TCP:216.148.49.248:139 Port:26
TCP:216.148.49.248:445 Port:26
TCP:216.148.120.216:139 Port:26
TCP:216.148.120.216:445 Port:26
TCP:216.148.200.191:139 Port:30
TCP:216.148.200.191:445 Port:30
TCP:216.148.252.11:139 Port:30

Help the Webroot Community to fight cyber crime

We are always looking for ways to improve the quality and speed of research to help us protect you from malicious software and cyber crime.

The filename referred to in this report is often associated with PC infections. If you have a program of this name on your PC and would like to help our research please tell us what you know in the form below:

I have this file on my PC and believe it is an infection
I have this file on my PC and think it has made my PC slower
My firewall asked if I wanted to let this file have access to the Internet
My PC will not work since I noticed this file on it
My antivirus detected this file but won't remove it
I know what this file is and believe it is a Safe program
I am the author of this file and would like to discuss how to have it reclassified as safe

Further Comments or information you'd like to share: (optional)

Your email address if you would like us to contact you about this file and any concerns you may have: (optional)

PCMag.com Editors' Choice Award Logo is a trademark of Ziff Davis Publishing Holdings Inc. Used under license.

DI1.EXE

Free PC Cleanup from Webroot