home

PaAgent.exe

AT&T Participant Agent

AT&T Inc.

It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘Launch AT&T Connect Participant web browser agent’.
Publisher:
AT&T Inc.  (signed and verified)

Product:
AT&T Participant Agent

Description:
AT&T Participant Agent Application

Version:
11.7.217.13

MD5:
1ffaf6565f702cadf7dc42664afbed89

SHA-1:
9260cdc33a7aa2d2a5df94bc17e65ebf9baf2f24

SHA-256:
d635a3bd806e6281f5f73fdae5e5965d5aa30b39ff8f4139b6847aabbc8610c2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2024 4:09:48 AM UTC  (today)

File size:
151.8 KB (155,416 bytes)

Product version:
11.7.217.13

Copyright:
©2015 AT&T Intellectual Property. All rights reserved

Original file name:
PaAgent.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\att connect\participant\paagent.exe

Digital Signature
Signed by:
AT&T Inc.

Authority:
VeriSign, Inc.

Valid from:
11/11/2013 2:00:00 AM

Valid to:
12/11/2016 1:59:59 AM

Subject:
CN=AT&T Inc., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=AT&T Inc., L=San Antonio, S=Texas, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
26DD5583BD4EAE5631A2A330703B65A8

File PE Metadata
Compilation timestamp:
12/3/2015 1:31:02 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:jydCaaOcX3HPxc6vC777777777777777737s77777777777777dm77777777777o:ektHHGF777777777777777737s77777X

Entry address:
0x82BD

Entry point:
E8, 1F, 05, 00, 00, E9, 91, FE, FF, FF, 3B, 0D, 28, E0, 40, 00, 75, 02, F3, C3, E9, 8F, 01, 00, 00, 83, 3D, 9C, E8, 40, 00, 00, 74, 03, 33, C0, C3, 56, 6A, 04, 6A, 20, FF, 15, 1C, A2, 40, 00, 59, 59, 8B, F0, 56, FF, 15, 98, A0, 40, 00, A3, 9C, E8, 40, 00, A3, 98, E8, 40, 00, 85, F6, 75, 05, 6A, 18, 58, 5E, C3, 83, 26, 00, 33, C0, 5E, C3, 6A, 14, 68, C0, BC, 40, 00, E8, D2, 05, 00, 00, FF, 35, 9C, E8, 40, 00, 8B, 35, 94, A0, 40, 00, FF, D6, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 24, A2, 40, 00...
 
[+]

Entropy:
6.4895

Code size:
33 KB (33,792 bytes)

Startup File (User Run)
Registry location:
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Launch AT&T Connect Participant web browser agent

Command:
"C:\users\{user}\appdata\local\att connect\participant\paagent.exe"


Scan PaAgent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.