home

ADAgentSvc.exe

AD Agent Service

CounterTack

It runs as a separate (within the context of its own process) windows Service named “CounterTack Active Defense Agent Service”.
Publisher:
CounterTack  (signed and verified)

Product:
AD Agent Service

Description:
Agent Service for Active Defense

Version:
2.2.1.0

MD5:
0d943f0be1887fa62bb02bd823f0b6f7

SHA-1:
a12c88cd74920881fa0985509e6bbb8c2352ec93

SHA-256:
4c622b0ff4ed7d0b6dc6646fb4114a330e09973b916bc0ae8148a916dc3850f6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 7:12:28 PM UTC  (today)

File size:
4 MB (4,246,528 bytes)

Product version:
2.2.1.0

Copyright:
Copyright (C) 2015

Original file name:
ADAgentSvc.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\countertack\agent\adagentsvc.exe

Digital Signature
Signed by:
CounterTack

Authority:
CounterTack

Valid from:
2/12/2013 10:35:54 AM

Valid to:
2/12/2014 10:35:54 AM

Subject:
CN=nginx.test.countertack.com, OU=Engineering, O=CounterTack, L=Santa Monica, S=CA, C=US

Issuer:
CN=nginx.test.countertack.com, OU=Engineering, O=CounterTack, L=Santa Monica, S=CA, C=US

Serial number:
008C7AE2EE51E3C907

File PE Metadata
Compilation timestamp:
4/2/2016 4:06:12 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows Console

Linker version:
14.0

CTPH (ssdeep):
49152:sqauWQqR9PUpw//YXpqD/o1ebqfTuVvvFU+6m0cDRe4s/gYOhi:tqRxawXqqs+6m1Dh

Entry address:
0x67468

Entry point:
48, 83, EC, 28, E8, 83, 0A, 00, 00, 48, 83, C4, 28, E9, 0A, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 39, 0D, 24, 00, F2, 75, 12, 48, C1, C1, 10, 66, F7, C1, FF, FF, F2, 75, 02, F2, C3, 48, C1, C9, 10, E9, 37, 00, 00, 00, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 33, C9, FF, 15, 53, 00, 1E, 00, 48, 8B, CB, FF, 15, E2, 01, 1E, 00, FF, 15, EC, 00, 1E, 00, 48, 8B, C8, BA, 09, 04, 00, C0, 48, 83, C4, 20, 5B, 48, FF, 25, 60, FF, 1D, 00...
 
[+]

Entropy:
6.0811

Code size:
2.3 MB (2,381,312 bytes)

Service
Display name:
CounterTack Active Defense Agent Service

Service name:
HBG_DDNA

Type:
Win32OwnProcess


Scan ADAgentSvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.