» dagentui.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

dagentui.exe

Altiris Deployment Agent for Windows

Altiris Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DagentUI’. This is installed with Altiris Deployment Agent.

File name:

dagentui.exe

Publisher:

Altiris, Inc. (signed by Altiris Inc)

Product:

Altiris Deployment Agent for Windows

Description:

Dagent

Version:

6.9.355

MD5:

25bf29515244fa0171be0cc3cf36ea8f

SHA-1:

40ff24b529a0a849443cf2ac83f24c501b927205

SHA-256:

7d94811752845f12835dc6a6122176b35e9b82e901ee90bed19680d3085ba3b3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 4:16:32 AM UTC (today)

File size:

823.3 KB (843,016 bytes)

Product version:

6.9.355

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\altiris\dagent\dagentui.exe

Digital Signature

Signed by:

Altiris Inc

Authority:

VeriSign, Inc.

Valid from:

11/13/2007 10:00:00 PM

Valid to:

1/12/2009 9:59:59 PM

Subject:

CN=Altiris Inc, OU=Engineering Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Altiris Inc, L=Lindon, S=UTAH, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

6BADDB11A0AB4A63A17EC5B847DB9328

File PE Metadata

Compilation timestamp:

10/14/2008 3:00:49 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:F1kzJwFPSmQPCmgQllcJKH8ceulYSDFKX+b:bkbmQPMQLCKUyDn

Entry address:

0x66990

Entry point:

48, 83, EC, 28, E8, D7, E7, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 40, 83, 3D, B3, 28, 06, 00, 00, 48, 63, D9, 75, 16, 48, 8B, 05, 47, BD, 05, 00, 66, 8B, 04, 58, 25, 03, 01, 00, 00, 48, 83, C4, 40, 5B, C3, C6, 44, 24, 38, 00, E8, 7E, 68, 00, 00, 4C, 8B, D8, 48, 89, 44, 24, 30, 48, 8B, 80, C0, 00, 00, 00, 48, 3B, 05, 38, BD, 05, 00, 48, 89, 44, 24, 20, 49, 8B, 93, B8, 00, 00, 00, 48, 89, 54, 24, 28, 74, 23, 41, 8B, 8B, C8, 00... 
[+]

Code size:

551.5 KB (564,736 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DagentUI

Command:

C:\Program Files\altiris\dagent\dagentui.exe

The file dagentui.exe has been discovered within the following program.

Altiris Deployment Agent by Altiris, Inc.

Publisher's description - “Managed servers can be Windows systems and require an agent to be installed; alter natively, servers can be provisioned from bare metal. The Altiris Deployment Server provides a user-friendly console to allow easy, remote management of the servers.”

www.symantec.com/theme.jsp?themeid=altiris

About 9% of users remove it

Scan dagentui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.