![windirstat reddit windirstat reddit](https://windirstat.net/images/wds_rich_preview.png)
- #WINDIRSTAT REDDIT ARCHIVE#
- #WINDIRSTAT REDDIT PORTABLE#
- #WINDIRSTAT REDDIT PRO#
- #WINDIRSTAT REDDIT CODE#
When the program is launched, a dialog box asks users to select the drives or folders they want to analyze. The program's interface is plain and utilitarian.
#WINDIRSTAT REDDIT PORTABLE#
WinDirStat Portable is a lightweight program that lets users quickly identify the biggest space hogs on their machines and then take action to tidy things up.
#WINDIRSTAT REDDIT PRO#
So I loaded the genuine file into IDA Pro and the entry point looked like this.
#WINDIRSTAT REDDIT CODE#
The size matched, the timestamp in the PE header matched, just some things like the sections and a whole lot of code or data had been changed in the middle of the file.
![windirstat reddit windirstat reddit](https://searchandrestore.com/wp-content/uploads/2021/09/cropped-People-who-fit-dont-seek.-The-seekers-are-those-that-dont-fit.png)
And what struck me was that all external traits shown by this file matched closely the Unicode build from the 1.1.2 installer.
#WINDIRSTAT REDDIT ARCHIVE#
Now I didn’t have that file in my release archive so I asked for the file 3 and was then able to look at the actual trojanized file. It turned out that the file aforementioned Swedish user had inquired about wasn’t under detection, but another file with the MD5 hash a84aad50293bf5c49fc465797b5afdad. So I got a contact for the malware research at MalwareBytes and was able to inquire about the file. We’ve had this before, but this time it was a slightly different case.
![windirstat reddit windirstat reddit](https://www.partitionwizard.com/images/uploads/articles/2021/07/windirstat-alternative/windirstat-alternative-8.png)
That is the installer with the following two cryptographic hashes 2: I assumed false positive and it turned out that it was at least for the particular file that the Swedish user had (SHA1: 26e14a532e1e050eb20755a0b7a5fea99dd80588) 1 – which was the genuine file from the genuine version 1.1.2 installer. Now, the report I got from a WinDirStat user from Sweden (thanks again!) was that MalwareBytes had detected WDS once again. Well, actually it isn’t the genuine WinDirStat but a trojanized version posing as WinDirStat and it’s masquerading under the disguise of the good Unicode version of windirstat.exe which is contained in the installer.