» mipagent.exe
Overview
Analysis
File Details
Behaviors (1)

mipagent.exe

medavis Image Printer

medavis GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘medavis Fax Driver Agent’.

File name:

mipagent.exe

Publisher:

medavis GmbH (signed and verified)

Product:

medavis Image Printer

Description:

Virtual Printer Agent

Version:

1.00

MD5:

08637d36c97396c9d4a47985a05b8417

SHA-1:

6ab004a3a062c4f044ed29832b1be3a7231f38f8

SHA-256:

3a1718619c1ae89e95f519c92aaf5e990d5b9c63da77f10cb8eafb8c0a92683b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 8:22:34 AM UTC (today)

File size:

94.9 KB (97,160 bytes)

Product version:

1.00

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\medavis\fax driver\mipagent.exe

Digital Signature

Signed by:

medavis GmbH

Authority:

Thawte, Inc.

Valid from:

12/20/2010 1:00:00 AM

Valid to:

12/20/2012 12:59:59 AM

Subject:

CN=medavis GmbH, OU=medavis Karlsruhe, O=medavis GmbH, L=Karlsruhe, S=Baden-Württemberg, C=DE

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

5EB9A0AEBF366B48A20FF1AB081BA55B

File PE Metadata

Compilation timestamp:

2/16/2010 2:45:23 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

1536:T03dVul3hYlt3B8ZblvTbKZx78Tftaii1jYjM9/2:Yq8lGbhb/Bi1jYjM9/2

Entry address:

0x59D1

Entry point:

E8, F5, 5B, 00, 00, E9, 17, FE, FF, FF, 51, 53, 55, 56, 57, FF, 35, E8, 85, 41, 00, E8, D0, 1B, 00, 00, FF, 35, E4, 85, 41, 00, 8B, F0, 89, 74, 24, 18, E8, BF, 1B, 00, 00, 8B, F8, 3B, FE, 59, 59, 72, 7C, 8B, DF, 2B, DE, 8D, 6B, 04, 83, FD, 04, 72, 70, 56, E8, 1C, 5D, 00, 00, 8B, F0, 3B, F5, 59, 73, 4A, B8, 00, 08, 00, 00, 3B, F0, 73, 02, 8B, C6, 03, C6, 3B, C6, 72, 10, 50, FF, 74, 24, 14, E8, AF, 5C, 00, 00, 85, C0, 59, 59, 75, 17, 8D, 46, 10, 3B, C6, 72, 3B, 50, FF, 74, 24, 14, E8, 98, 5C, 00, 00, 85, C0... 
[+]

Code size:

60 KB (61,440 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

medavis Fax Driver Agent

Command:

C:\Program Files\medavis\fax driver\mipagent.exe

Scan mipagent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.