home

agent.exe

Remote Utilities

Usoris Systems LLC

This is a setup program which is used to install the application. The file has been seen being downloaded from l.facebook.com and multiple other hosts.
Publisher:
Usoris LLC  (signed by Usoris Systems LLC)

Product:
Remote Utilities

Version:
6.3

MD5:
9ad6938652527c407c3ea8668bccc035

SHA-1:
e9933feacd94a203958915a9d11e6c0a3998545f

SHA-256:
b79718750df94dccc7fe03798456a72322119a49c2bbfc9fc17564d6d85f3748

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

False Positives:
A number of engines detected this file but were erroneous detections (false positives).

Analysis date:
5/10/2024 5:01:53 PM UTC  (today)

File size:
3.5 MB (3,720,232 bytes)

Product version:
6.3

Copyright:
Copyright © 2015 Usoris LLC. All rights reserved.

Original file name:
Remote Utilities

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\agent.exe

Digital Signature
Signed by:
Usoris Systems LLC

Authority:
DigiCert Inc

Valid from:
6/30/2015 5:00:00 PM

Valid to:
7/5/2016 5:00:00 AM

Subject:
CN=Usoris Systems LLC, O=Usoris Systems LLC, L=Victoria, S=Mahe, C=SC

Issuer:
CN=DigiCert SHA2 Assured ID Code Signing CA, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
045C13C254346C04EF3304E6ACD100C5

File PE Metadata
Compilation timestamp:
4/28/2011 4:38:20 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
98304:kBNmhfLx/hocpdkCYo191eEGnwKiNiqbMumfNmy+i:kDmhfLv3CCT19dwwFNFIumoy+i

Entry address:
0x121CF

Entry point:
55, 8B, EC, 6A, FF, 68, 28, 4C, 41, 00, 68, 60, 23, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, A0, 31, 41, 00, 59, 83, 0D, 24, 99, 41, 00, FF, 83, 0D, 28, 99, 41, 00, FF, FF, 15, A4, 31, 41, 00, 8B, 0D, 1C, 79, 41, 00, 89, 08, FF, 15, A8, 31, 41, 00, 8B, 0D, 18, 79, 41, 00, 89, 08, A1, AC, 31, 41, 00, 8B, 00, A3, 20, 99, 41, 00, E8, 1D, 01, 00, 00, 39, 1D, 10, 77, 41, 00, 75, 0C, 68, 58, 23, 41, 00, FF, 15, B0, 31...
 
[+]

Entropy:
7.9938

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
70 KB (71,680 bytes)

The file agent.exe has been seen being distributed by the following 8 URLs.

http://l.facebook.com/l.php?u=http://.../remote.exe&h=ATMNEUQLK6dn3EZLP0woBJQFR75sq1UPr-54bgoqxFgJe0gyePY1Xv1WVIhBKN-AuBsDkPT_OBBKnJqBYWrlxgLV57mk5ieP3I3BZOyCm7ECqb8-yq_UCY2Ue0ZtiB98Omy_2WKd

ftp://svecias@orgsis.lt:svecias@mail.orgsis.lt/agent.exe

https://www.google.com/url?hl=en&q=https://www.remoteutilities.com/.../agent.exe&source=gmail&ust=1476390070297000&usg=AFQjCNGyb8VHR_8NjhVr5jy3D5BIrOmjPQ

http://www.remoteutilities.com/.../agent.exe

http://www.silcanet.com/.../agent.exe

https://www.remoteutilities.com/.../agent.exe

https://docs.google.com/uc?authuser=0&id=0B66CNzUWxDfbUXQtZjJrXzE1Y28&export=download

https://dl.dropboxusercontent.com/u/.../Agent.exe

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.