» APRTM.exe
Overview
Analysis
File Details
Behaviors (1)

APRTM.exe

Aranda AGENT

Aranda Software

It runs as a separate (within the context of its own process) windows Service named “Aranda APRTM Agent”.

File name:

APRTM.exe

Publisher:

Aranda SOFTWARE CORPORATION (signed by Aranda Software)

Product:

Aranda AGENT

Description:

Aranda AGENT APRTM Module

Version:

2.0.8.1

MD5:

040adc81ded42f5f12de5a7962f38994

SHA-1:

8317c6ca5d8356bf59099b18f1b9e095a925eb51

SHA-256:

c9a8c53cad36ecc20af82c480b76a4782bb55d11b6a8f6efe3f5ade55937faf0

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 1:57:25 AM UTC (today)

File size:

418.2 KB (428,272 bytes)

Product version:

7.0

Trademarks:

Aranda AGENT es una marca registrada de Aranda SOFTWARE CORPORATION.

Original file name:

APRTM.exe

File type:

Executable application (Win32 EXE)

Language:

Spanish

Common path:

C:\windows\aranda\collector\aprtm.exe

Digital Signature

Signed by:

Aranda Software

Authority:

GlobalSign nv-sa

Valid from:

6/25/2010 11:44:02 AM

Valid to:

6/25/2013 11:44:00 AM

Subject:

CN=Aranda Software, O=Aranda Software, L=Bogota, S=Cundinamarca, C=CO

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012970159DC5

File PE Metadata

Compilation timestamp:

6/27/2012 3:56:25 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:NVIwXX/FH0XDvY84uWD2WMvY/lXU/kLV4noSlrD:N6M9HaA84PC96skh4vrD

Entry address:

0x11CB80

Entry point:

60, BE, 00, 90, 4B, 00, 8D, BE, 00, 80, F4, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 54, A1, 11, 00, 57, 83, C3, 04, 53, 68, 7B, 3B, 06, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.9803 (probably packed)

Code size:

404 KB (413,696 bytes)

Service

Display name:

Aranda APRTM Agent

Type:

Win32OwnProcess

Depends on:

Spooler

Scan APRTM.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.