home

AgentAntidote.exe

Agent Antidote

Druide informatique inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AgentAntidote32’. This is installed with multiple programs including Antidote 9 - English module and Antidote 9.
Publisher:
Druide informatique inc.  (signed and verified)

Product:
Agent Antidote

Description:
AgentAntidote

Version:
Antidote 9

MD5:
4994476005512391caa405e431744834

SHA-1:
2f8de97bacc682b67624ef1da92753c5e60ec891

SHA-256:
f01d02b6318fb944a0d87ed2f221e04161b7ce7ef9f02458a4693268ed685cb8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:11:58 AM UTC  (today)

File size:
1.4 MB (1,505,824 bytes)

Product version:
Antidote 9

Copyright:
© 1993-2015, Druide informatique inc.

Original file name:
AgentAntidote.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\Program Files\druide\antidote 9\application\bin32\agentantidote.exe

Digital Signature
Signed by:
Druide informatique inc.

Authority:
VeriSign, Inc.

Valid from:
7/18/2013 2:00:00 AM

Valid to:
9/16/2016 1:59:59 AM

Subject:
CN=Druide informatique inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Druide informatique inc., L=Montreal, S=Quebec, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
45A340679A6DF07A239940690A682411

File PE Metadata
Compilation timestamp:
12/8/2015 9:15:31 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:AIBFoqg87a4rxAcRg6NmK7ESHV5fdZ3LSY4WKyOwYZuSuX3b9KdmwQdLr2bKLOKg:NFrZVZ3uYpRY/u79ku2Pp4RLw

Entry address:
0x53262

Entry point:
E8, DA, 0A, 00, 00, E9, 49, FE, FF, FF, 83, 3D, 18, D4, 4F, 00, 00, 74, 03, 33, C0, C3, 56, 6A, 04, 6A, 20, FF, 15, 6C, B2, 45, 00, 59, 59, 8B, F0, 56, FF, 15, D0, B0, 45, 00, A3, 18, D4, 4F, 00, A3, 14, D4, 4F, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 14, 68, 38, A6, 4E, 00, E8, AC, 0B, 00, 00, 83, 65, DC, 00, FF, 35, 18, D4, 4F, 00, 8B, 35, 9C, B0, 45, 00, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 64, B2, 45, 00, 59, EB, 65, 6A, 08, E8, D9, 0B, 00, 00, 59...
 
[+]

Code size:
359.5 KB (368,128 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AgentAntidote32

Command:
"C:\Program Files\druide\antidote 9\application\bin32\agentantidote.exe" \lancementsession


The file AgentAntidote.exe has been discovered within the following programs.

Antidote 9  by Druide informatique inc.
druide.com
About 1% of users remove it
Antidote 9 - English module  by Druide informatique inc.
About 1% of users remove it
 
Powered by Should I Remove It?

Scan AgentAntidote.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.