home

AgentAntidote.exe

Agent Antidote

Druide informatique inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AgentAntidote64’. This is installed with Antidote 9.
Publisher:
Druide informatique inc.  (signed and verified)

Product:
Agent Antidote

Description:
AgentAntidote

Version:
Antidote 9

MD5:
1c293c953227bee2d6ee9be6ef12d9ab

SHA-1:
bea5785911e7fb53b3ae5820a5ccba25322afe20

SHA-256:
a4332a627868f0185fcaf18b325dbde6255a71ff01a2630e6dab0cfe20c7c09f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 10:51:23 AM UTC  (today)

File size:
1.6 MB (1,633,312 bytes)

Product version:
Antidote 9

Copyright:
© 1993-2015, Druide informatique inc.

Original file name:
AgentAntidote.exe

File type:
Executable application (Win64 EXE)

Language:
French (France)

Common path:
C:\Program Files\druide\antidote 9\application\bin64\agentantidote.exe

Digital Signature
Signed by:
Druide informatique inc.

Authority:
VeriSign, Inc.

Valid from:
7/18/2013 2:00:00 AM

Valid to:
9/16/2016 1:59:59 AM

Subject:
CN=Druide informatique inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Druide informatique inc., L=Montreal, S=Quebec, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
45A340679A6DF07A239940690A682411

File PE Metadata
Compilation timestamp:
12/8/2015 9:15:17 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
24576:3t4YDzZ+nWROm12jPEKOQuYpRY/utaVcu2PpW:3t4Y3UnKOmYxOQlpu2tZu2Pp

Entry address:
0x6140C

Entry point:
48, 83, EC, 28, E8, 5B, 08, 00, 00, 48, 83, C4, 28, E9, F2, FD, FF, FF, CC, CC, 40, 53, 48, 83, EC, 20, 48, 83, 3D, 1A, FE, 0B, 00, 00, 75, 36, BA, 08, 00, 00, 00, 8D, 4A, 18, FF, 15, 8A, 90, 00, 00, 48, 8B, C8, 48, 8B, D8, FF, 15, A6, 8C, 00, 00, 48, 89, 05, F7, FD, 0B, 00, 48, 89, 05, E8, FD, 0B, 00, 48, 85, DB, 75, 05, 8D, 43, 18, EB, 06, 48, 83, 23, 00, 33, C0, 48, 83, C4, 20, 5B, C3, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, 48, 8B, 0D, C8, FD, 0B, 00, FF, 15, B2, 8C, 00, 00, 48, 89, 44, 24, 38, 48...
 
[+]

Code size:
418 KB (428,032 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AgentAntidote64

Command:
"C:\Program Files\druide\antidote 9\application\bin64\agentantidote.exe" \lancementsession


The file AgentAntidote.exe has been discovered within the following programs.

Antidote 9  by Druide informatique inc.
druide.com
About 1% of users remove it
Antidote 9 - English module  by Druide informatique inc.
About 1% of users remove it
 
Powered by Should I Remove It?

Scan AgentAntidote.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.