» DIRECT.EXE
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

DIRECT.EXE

DIRECT! Access Option

Courion Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘DIRECT!’. This is installed with Enterprise Provisioning Suite DIRECT!.

File name:

DIRECT.EXE

Publisher:

Courion Corporation (signed and verified)

Product:

DIRECT!® Access Option

Description:

Access Assurance Suite DIRECT!

Version:

8.00.00.42

MD5:

e1b636c6e4151e0f49d643798c848aa9

SHA-1:

72b5bc9cf5ae6c538d83026e2f29aeb41a08db3c

SHA-256:

6196d7672f7baefc76a12c1da7fdc72e7d93cc62336a978d931783c15f1a2ba5

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/16/2024 11:07:06 AM UTC (today)

File size:

61.4 KB (62,904 bytes)

Product version:

8.00.00.42

Trademarks:

Original file name:

DIRECT.EXE

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\courion corporation\enterprise provisioning suite direct!\direct.exe

Digital Signature

Signed by:

Courion Corporation

Authority:

VeriSign, Inc.

Valid from:

3/24/2010 8:00:00 AM

Valid to:

6/17/2013 7:59:59 AM

Subject:

CN=Courion Corporation, OU=Engineering, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Courion Corporation, L=Framingham, S=Massachusetts, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

2D551D2590B024CDAA33C710A1D74D03

File PE Metadata

Compilation timestamp:

7/23/2012 11:18:22 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

1536:ATXtrAUliSbhhAjAKcZi0POGPyWZMwRkyaCCs:OW9SdhAjAKsi0POGlTeby

Entry address:

0x364D

Entry point:

E8, 96, 05, 00, 00, E9, DD, FC, FF, FF, CC, 68, 51, 31, 40, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 3C, 81, 40, 00, 31, 45, FC, 33, C5, 89, 45, E4, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, E4, 33, CD, E8, 98, FA, FF, FF, E9, 6E, 01, 00, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, 3C, 81, 40, 00, 33, C5... 
[+]

Entropy:

4.8168

Code size:

16 KB (16,384 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

DIRECT!

Command:

C:\Program Files\courion corporation\enterprise provisioning suite direct!\direct.exe

The file DIRECT.EXE has been discovered within the following program.

Enterprise Provisioning Suite DIRECT! by Courion Corporation

www.courion.com

About 9% of users remove it

Scan DIRECT.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.