» crpimonvagent.exe
Overview
Analysis
File Details
Behaviors (1)

crpimonvagent.exe

Cloud Ranger

DUZON BizOn co., ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CRPIMONVAgent’.

File name:

crpimonvagent.exe

Publisher:

Duzon Information Security Service (signed by DUZON BizOn co., ltd.)

Product:

Cloud Ranger

Description:

Cloud Ranger View Agent

Version:

2016.11.28.1

MD5:

ee01fda2609f5c600f2f0c0790604083

SHA-1:

0ef15f630cc94d8300e2c544b66e44f83587f8bd

SHA-256:

b6978ec24965c1db113976bdf7c16afa36a0c8bb972f4d65e18555a24ea5ba00

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/6/2024 3:15:04 AM UTC (today)

File size:

2.1 MB (2,152,136 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\duzoniss\crpimonagent\crpimonvagent.exe

Digital Signature

Signed by:

DUZON BizOn co., ltd.

Authority:

Thawte, Inc.

Valid from:

1/20/2016 9:00:00 AM

Valid to:

2/19/2017 8:59:59 AM

Subject:

CN="DUZON BizOn co., ltd.", O="DUZON BizOn co., ltd.", L=Chuncheon-si, S=Gangwon-do, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

7B189BF2A880E1D30A4FA6570AB65F05

File PE Metadata

Compilation timestamp:

11/28/2016 11:06:45 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

Entry address:

0x1C5410

Entry point:

55, 8B, EC, 83, C4, F0, B8, 8C, BF, 5B, 00, E8, 6C, 69, E4, FF, A1, 18, E9, 5C, 00, BA, 0C, 55, 5C, 00, E8, B9, 29, E4, FF, A1, EC, E7, 5C, 00, 66, C7, 00, 2D, 00, 68, 24, 55, 5C, 00, 6A, 00, 6A, 00, E8, E1, 7E, E4, FF, A3, 88, 46, 5D, 00, 33, C0, 55, 68, F2, 54, 5C, 00, 64, FF, 30, 64, 89, 20, E8, 21, 80, E4, FF, 3D, B7, 00, 00, 00, 74, 73, 83, 3D, 88, 46, 5D, 00, 00, 74, 6A, A1, 04, EB, 5C, 00, 80, 38, 00, A1, A8, E9, 5C, 00, 0F, 95, 00, A1, 74, EC, 5C, 00, 8B, 00, E8, E5, 8B, EF, FF, A1, 74, EC, 5C, 00... 
[+]

Entropy:

6.5856

Developed / compiled with:

Microsoft Visual C++

Code size:

1.8 MB (1,851,904 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

CRPIMONVAgent

Command:

C:\Program Files\duzoniss\crpimonagent\crpimonvagent.exe

Scan crpimonvagent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.