» mipagent.exe
Overview
Analysis
File Details
Behaviors (1)

mipagent.exe

medavis Image Printer

medavis GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘medavis Fax Driver Agent’.

File name:

mipagent.exe

Publisher:

medavis GmbH (signed and verified)

Product:

medavis Image Printer

Description:

Virtual Printer Agent

Version:

1.00

MD5:

015286fdb4e1aa15812dac4615509717

SHA-1:

389434df83967629fd3cbcedc7ab4df0320c6dbf

SHA-256:

97289e6c4e8bbeb263f71511578db7d7c358135fc3b45e272c83274036ebbb90

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

7/7/2025 5:41:03 PM UTC (today)

File size:

116.4 KB (119,176 bytes)

Product version:

1.00

File type:

Executable application (Win64 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\medavis\fax driver\mipagent.exe

Digital Signature

Signed by:

medavis GmbH

Authority:

Thawte, Inc.

Valid from:

12/20/2010 1:00:00 AM

Valid to:

12/20/2012 12:59:59 AM

Subject:

CN=medavis GmbH, OU=medavis Karlsruhe, O=medavis GmbH, L=Karlsruhe, S=Baden-Württemberg, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5EB9A0AEBF366B48A20FF1AB081BA55B

File PE Metadata

Compilation timestamp:

2/16/2010 2:46:16 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

3072:Zu+F7pjyVmN2Om8WfQJ0mrC3ItTyWElHMjzIqTgzB6L3/w:Z6fklQ4fElHiA2o

Entry address:

0x6150

Entry point:

48, 83, EC, 28, E8, 67, 78, 00, 00, 48, 83, C4, 28, E9, 0E, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 20, BA, 08, 00, 00, 00, 8D, 4A, 18, E8, 8D, 79, 00, 00, 48, 8B, C8, 48, 8B, D8, E8, 12, 28, 00, 00, 48, 85, DB, 48, 89, 05, F8, 9D, 01, 00, 48, 89, 05, E9, 9D, 01, 00, 75, 09, 8D, 43, 18, 48, 83, C4, 20, 5B, C3, 48, C7, 03, 00, 00, 00, 00, 33, C0, 48, 83, C4, 20, 5B, C3, CC, CC, CC, CC, CC, CC, CC, 48, 83, EC, 38, 48, 89, 5C, 24, 40, 48, 89, 74, 24, 48, 48, 89... 
[+]

Code size:

75.5 KB (77,312 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

medavis Fax Driver Agent

Command:

C:\Program Files\medavis\fax driver\mipagent.exe

Scan mipagent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.