home

AgentAntidote.exe

Agent Antidote

Druide informatique inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AgentAntidote32’.
Publisher:
Druide informatique inc.  (signed and verified)

Product:
Agent Antidote

Description:
AgentAntidote

Version:
Antidote 8

MD5:
833e0ae4eb19b1bf6f321f136589ef89

SHA-1:
95e58fae5a9f9add30cbe454c4ebbba7860ee2b7

SHA-256:
39796b64d70cc05df027868c2714951da38a830f4d8bd35a71ad98c755e05a7c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 5:31:32 AM UTC  (today)

File size:
1.2 MB (1,220,128 bytes)

Product version:
Antidote 8

Copyright:
© 1993-2015, Druide informatique inc.

Original file name:
AgentAntidote.exe

File type:
Executable application (Win32 EXE)

Language:
French (France)

Common path:
C:\Program Files\druide\antidote 8\programmes32\agentantidote.exe

Digital Signature
Signed by:
Druide informatique inc.

Authority:
VeriSign, Inc.

Valid from:
7/17/2013 8:00:00 PM

Valid to:
9/15/2016 7:59:59 PM

Subject:
CN=Druide informatique inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Druide informatique inc., L=Montreal, S=Quebec, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
45A340679A6DF07A239940690A682411

File PE Metadata
Compilation timestamp:
9/14/2015 11:08:49 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:uNas+CKba6UJdYVinb8KQT3aCU7wKsmhGiA3GriejgB1M1pWoatV:uNUCKCnvbdbrW1UcLT

Entry address:
0x57D28

Entry point:
E8, 37, 06, 00, 00, E9, 6B, FD, FF, FF, 6A, 14, 68, 38, FA, 4B, 00, E8, A2, 05, 00, 00, FF, 35, 24, 10, 4D, 00, 8B, 35, 94, 50, 46, 00, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 08, 52, 46, 00, 59, EB, 64, 6A, 08, E8, A5, 06, 00, 00, 59, 83, 65, FC, 00, FF, 35, 24, 10, 4D, 00, FF, D6, 89, 45, E4, FF, 35, 20, 10, 4D, 00, FF, D6, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, 98, 50, 46, 00, FF, D6, 50, E8, 6B, 06, 00, 00, 83, C4, 0C, 89, 45, DC, FF, 75, E4, FF, D6, A3, 24...
 
[+]

Code size:
399 KB (408,576 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AgentAntidote32

Command:
"C:\Program Files\druide\antidote 8\programmes32\agentantidote.exe" \lancementsession


Scan AgentAntidote.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.