home

awrexec64p331191.exe

AtelierWeb Software

It runs as a separate (within the context of its own process) windows Service named “Atelier Web Remote Agent Professional 64Bit (rnd id: 331191)”.
Publisher:
AtelierWeb Software  (signed and verified)

MD5:
17012715c9a5f2bf75af86dc292973f6

SHA-1:
4ae72f6efa68a731e9b4b61cdf55ac5f1b972e89

SHA-256:
511b06b9d00426212173028ea0b7246ea6c1749a10307038189df5d7ceba5bd7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 12:51:08 PM UTC  (today)

File size:
671.2 KB (687,272 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\windows\awrexec64p331191.exe

Digital Signature
Signed by:
AtelierWeb Software

Authority:
COMODO CA Limited

Valid from:
11/20/2011 7:00:00 PM

Valid to:
11/20/2013 6:59:59 PM

Subject:
CN=AtelierWeb Software, O=AtelierWeb Software, STREET="Manuel Jose da Silva, 22", L=Lisbon, S=na, PostalCode=1900-316, C=PT

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
7B5646DBDD60627F6E6578B7AB69E0D6

File PE Metadata
Compilation timestamp:
7/21/2012 8:38:38 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:2KWBHAUOmaNuTEQR6B0RxCTtjANujHn4zeo6cFkSkCb8:2TgV8vR6B0K5/Ctx8

Entry address:
0x331696

Entry point:
57, 56, 53, 51, 52, 41, 50, 48, 8D, 05, DE, 0A, 00, 00, 48, 8B, 30, 48, 03, F0, 48, 2B, C0, 48, 8B, FE, 66, AD, C1, E0, 0C, 48, 8B, C8, 50, AD, 2B, C8, 48, 03, F1, 8B, C8, 57, 44, 8B, C1, FF, C9, 8A, 44, 39, 06, 88, 04, 31, 75, F5, 41, 51, 55, 2B, C0, AC, 8B, C8, C1, E9, 04, 51, 24, 0F, 50, AC, 8B, C8, 02, 0C, 24, 50, 48, C7, C5, 00, FD, FF, FF, 48, D3, E5, 59, 58, 48, C1, E0, 20, 48, 03, C8, 58, 48, 8B, DC, 48, 8D, A4, 6C, 90, F1, FF, FF, 50, 51, 48, 2B, C9, 51, 51, 48, 8B, CC, 51, 66, 8B, 17, C1, E2, 0C...
 
[+]

Entropy:
7.9895  (probably packed)

Code size:
2.1 MB (2,193,920 bytes)

Service
Display name:
Atelier Web Remote Agent Professional 64Bit (rnd id: 331191)

Service name:
AWREMOTEAGENT64P331191

Type:
Win32OwnProcess


Scan awrexec64p331191.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.