home

agentapplication.exe

medavis GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘medavis Agent’.
Publisher:
medavis GmbH  (signed and verified)

Description:
medavis agent application

Version:
2.1.5.8

MD5:
1ba52aab756cfaf899b6c85e1fa8d277

SHA-1:
dc4e9e2418b1b1976e17e6b6dba3dbb9de4ecd30

SHA-256:
9ba274694822db44e9d02e79c935cb17faea8651b855d82b7d644eac4b7c40e2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 2:45:43 PM UTC  (today)

File size:
2.5 MB (2,571,600 bytes)

Product version:
2.1

Copyright:
2013 medavis GmbH, Karlsruhe, Germany

Trademarks:
medavis

File type:
Executable application (Win32 EXE)

Language:
German (Germany)

Digital Signature
Signed by:
medavis GmbH

Authority:
medavis GmbH

Valid from:
6/24/2010 10:26:46 AM

Valid to:
6/23/2021 10:26:46 AM

Subject:
E=license@medavis.com, CN=medavis GmbH, L=Karlsruhe, S=BW, OU=medavis Karlsruhe, O=medavis GmbH, C=DE

Issuer:
E=license@medavis.com, CN="medavis GmbH, Germany", L=Karlsruhe, S=BW, OU=medavis Germany, O=medavis GmbH, C=DE

Serial number:
00B23A3BEED5831AFF

File PE Metadata
Compilation timestamp:
6/20/1992 12:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:5fclu5BAA+ggLppdjf30F/PA+Nq4CpxNB9aIvufnXL1/WieAqqp:5fyIpwDMCKqrxNB998gAqK

Entry address:
0xE90D8

Entry point:
55, 8B, EC, 83, C4, F0, B8, F0, 8A, 4E, 00, E8, F0, DC, F1, FF, 68, D4, 91, 4E, 00, 6A, FF, 6A, 00, E8, 36, E0, F1, FF, A3, 68, 2B, 52, 00, 33, C0, 55, 68, C7, 91, 4E, 00, 64, FF, 30, 64, 89, 20, E8, 66, E1, F1, FF, 3D, B7, 00, 00, 00, 75, 3F, A1, F8, E5, 4E, 00, 8B, 00, E8, D7, 46, F9, FF, 6A, 00, 68, E8, 91, 4E, 00, 6A, 00, 6A, 00, E8, 93, E7, F1, FF, A3, 6C, 2B, 52, 00, 6A, 00, 68, 87, 04, 00, 00, 68, 86, 04, 00, 00, A1, 6C, 2B, 52, 00, 50, E8, 0F, EA, F1, FF, E8, 6A, B1, F1, FF, EB, 7A, A1, F8, E5, 4E...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
929 KB (951,296 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
medavis Agent

Command:
"C:\medavis\agent\agentapplication.exe" -autostart


Scan agentapplication.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.