» ffPrivateAgent.exe
Overview
Analysis
File Details
Behaviors (1)

ffPrivateAgent.exe

fideAS

Applied Security GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ffPrivate’.

File name:

ffPrivateAgent.exe

Publisher:

Applied Security GmbH (signed and verified)

Product:

fideAS

Description:

ffe Private Agent

Version:

6,4,0,12

MD5:

4f20e9cf4149397e2c540b9a0a21b156

SHA-1:

1e7bbe40bfd2b34251278ac8b8c30037732f09f5

SHA-256:

d77494e36de23ad4e768b5a6f40932f107b9a39030f4f465edcdadeb93b26016

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/20/2024 2:46:15 AM UTC (today)

File size:

1.6 MB (1,691,632 bytes)

Product version:

6,4,0,12

Applied Security 2001 - 2015

Trademarks:

fideAS® is a registered trademark of Applied Security GmbH

Original file name:

ffPrivateAgent.exe

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\Program Files\apsec\fideas file enterprise\private agent\ffprivateagent.exe

Digital Signature

Signed by:

Applied Security GmbH

Authority:

COMODO CA Limited

Valid from:

5/8/2013 2:00:00 AM

Valid to:

5/8/2016 1:59:59 AM

Subject:

CN=Applied Security GmbH, O=Applied Security GmbH, STREET=Einsteinstrasse 2a, L=Grosswallstadt, S=Bayern, PostalCode=63868, C=DE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

0081A124DD2E58D6D23661F89EFBFA9B6C

File PE Metadata

Compilation timestamp:

4/21/2015 8:55:23 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

24576:TDwg4o9IuL6OPl4RZ6vLt0+rg7kAe1y+i4ZEF+uzAA9994:TUg4op6GL5mNe1y+i4ZjHW

Entry address:

0x10B83C

Entry point:

E8, 97, 04, 00, 00, E9, 36, FD, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 80, 74, 57, 00, 89, 0D, 7C, 74, 57, 00, 89, 15, 78, 74, 57, 00, 89, 1D, 74, 74, 57, 00, 89, 35, 70, 74, 57, 00, 89, 3D, 6C, 74, 57, 00, 66, 8C, 15, 98, 74, 57, 00, 66, 8C, 0D, 8C, 74, 57, 00, 66, 8C, 1D, 68, 74, 57, 00, 66, 8C, 05, 64, 74, 57, 00, 66, 8C, 25, 60, 74, 57, 00, 66, 8C, 2D, 5C, 74, 57, 00, 9C, 8F, 05, 90, 74, 57, 00, 8B, 45, 00, A3, 84, 74, 57, 00, 8B, 45, 04, A3, 88, 74, 57, 00, 8D, 45, 08, A3, 94, 74, 57... 
[+]

Code size:

1.2 MB (1,240,576 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ffPrivate

Command:

"C:\Program Files\apsec\fideas file enterprise\private agent\ffprivateagent.exe"

Scan ffPrivateAgent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.