» MeshAgent.exe
Overview
Analysis
File Details
Behaviors (1)

MeshAgent.exe

Mesh Agent Service

sample

It runs as a windows Service named “Mesh Agent background service”.

File name:

MeshAgent.exe

Publisher:

sample (signed and verified)

Product:

Mesh Agent Service

Version:

0.0.81.3

MD5:

9889829a1cf812fe27e426e3d6191786

SHA-1:

913d4f5506931e3a46515beb718e281957a26214

SHA-256:

028c3c5d47c662229f8a56b85be017afcaf39d791811ab4cf79fe7108ce81c7f

Scanner detections:

7 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/24/2024 3:40:41 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.HDC

2016.04.26

Baidu Antivirus

Trojan.Win32.Staser

4.0.3.16629

nProtect

Trojan/W32.Staser.1804160

16.04.25.01

Quick Heal

Trojan.Staser.g5

6.16.14.00

Vba32 AntiVirus

Trojan.Staser

3.12.26.4

ViRobot

Trojan.Win32.A.Staser.1804160[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Staser.Win32.3015

2.0.0.2814

File size:

1.7 MB (1,804,160 bytes)

Product version:

0, 0, 0, 0

Original file name:

MeshAgent.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\mesh agent\meshagent.exe

Digital Signature

Signed by:

sample

Authority:

sample

Valid from:

11/24/2009 5:40:45 AM

Valid to:

11/19/2029 5:40:45 AM

Subject:

CN=MasterRoot, O=sample, C=us

Issuer:

CN=MasterRoot, O=sample, C=us

Serial number:

00F0CED1D911C8459B

File PE Metadata

Compilation timestamp:

5/17/2010 12:03:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

24576:Jvqlit1AxaTLU3zkRlCcbesnlx5rqqUBLvyhroPxPIxXoFwDXkK6MBBp4BliX0By:f7U3zz4lzxU4EJwaE5tp4Bs0/xho

Entry address:

0x1273B0

Entry point:

8B, FF, 55, 8B, EC, E8, 96, 9D, 01, 00, E8, 11, 00, 00, 00, 5D, C3, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 6A, FE, 68, A0, ED, 58, 00, 68, E0, 57, 52, 00, 64, A1, 00, 00, 00, 00, 50, 83, C4, E8, 53, 56, 57, A1, A0, 15, 5A, 00, 31, 45, F8, 33, C5, 50, 8D, 45, F0, 64, A3, 00, 00, 00, 00, 89, 65, E8, C7, 45, DC, 00, 00, 00, 00, 83, 3D, 68, 8A, 5B, 00, 00, 75, 0E, 6A, 00, 6A, 00, 6A, 01, 6A, 00, FF, 15, C8, 20, 55, 00, E8, 78, 01, 00, 00, 89, 45, E0, E8, 80, BF, 00, 00... 
[+]

Entropy:

6.5830

Code size:

1.3 MB (1,378,816 bytes)

Service

Display name:

Mesh Agent background service

Service name:

Mesh Agent

Description:

Reliable peer-to-peer remote monitoring and management service.

Type:

Win32OwnProcess, InteractiveProcess

Scan MeshAgent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.