home

driveragent_setup_617.exe

DriverAgent

eSupport.com, Inc.

The application driveragent_setup_617.exe, “DriverAgent Setup ” by eSupport.com has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. The file has been seen being downloaded from RevenueWire's affiliate distribution platform signuppage.esupport.revenuewire.net and multiple other hosts.
Publisher:
eSupport.com, Inc   (signed by eSupport.com, Inc.)

Product:
DriverAgent

Description:
DriverAgent Setup

Version:
3.2015.7.7

MD5:
783a2c01099f9374f177e55883bbee15

SHA-1:
86410263882f162428b6b175666c02af9d74798b

SHA-256:
b66d150b4b223a98d7a2136a3297ab515ec2d22c973d8da2929290aa8254bb03

Scanner detections:
4 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 2:41:41 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Unwanted
7.1.1

Avira AntiVirus
TR/Symmi.423000
8.3.1.6

Dr.Web
Program.Unwanted.447
9.0.1.0230

Quick Heal
(Suspicious) - DNAScan
8.15.14.00

File size:
11.8 MB (12,357,704 bytes)

Product version:
3.2015.7.7

Copyright:
Copyright © 2015 eSupport.com, Inc · All Rights Reserved

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\driveragent_setup_617.exe

Digital Signature
Signed by:
eSupport.com, Inc.

Authority:
GlobalSign nv-sa

Valid from:
9/24/2014 4:36:26 PM

Valid to:
9/25/2015 4:36:26 PM

Subject:
CN="eSupport.com, Inc.", O="eSupport.com, Inc.", L=North Andover, S=MA, C=US

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11216E054FAD930D88CABC078EB0D3BCC8AC

File PE Metadata
Compilation timestamp:
1/30/2013 9:21:56 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
196608:80SyIXRA0sw04hGnqBpu0cJxGIo0pbR3pwnRLeA1/Qb5N3kBEeJZj8IBPa6+xf0w:8GIO08rLjoE3pwRLem/Qb3kBEeJZj8Ow

Entry address:
0x113BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 2C, 00, 41, 00, E8, E8, 51, FF, FF, 33, C0, 55, 68, 9E, 1A, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 5A, 1A, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, 5B, 41, 00, E8, 16, D8, FF, FF, E8, 65, D3, FF, FF, 80, 3D, DC, 2A, 41, 00, 00, 74, 0C, E8, 2B, D9, FF, FF, 33, C0, E8, 80, 32, FF, FF, 8D, 55, EC, 33, C0, E8, E2, A3, FF, FF, 8B, 55, EC, B8, 50, 86...
 
[+]

Entropy:
7.9987

Developed / compiled with:
Microsoft Visual C++

Code size:
63.5 KB (65,024 bytes)

The file driveragent_setup_617.exe has been seen being distributed by the following 2 URLs.

http://signuppage.esupport.revenuewire.net/da2/.../

http://driveragent.com/.../driveragent_setup.exe

Remove driveragent_setup_617.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.