home

PWClt_Ag.exe

McAgent

Leaders soft

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PC-WISE’.
Publisher:
Leaderssoft Corporation  (signed by Leaders soft)

Product:
McAgent

Version:
1.05.0130

MD5:
ab176a5139cce22272b9a41736494111

SHA-1:
b1c7032d70c3cc0cc3ae0b45fdc634f298b1bd75

SHA-256:
48303545267707d5c46aa67d29427e8a3abe14a2fbd8911c41b7866133ee76f4

Scanner detections:
2 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/19/2024 1:10:30 PM UTC  (today)

Scan engine
Detection
Engine version

F-Prot
W32/VB-Backdoor-PEK-based!Maxim
4.6.5.141

VIPRE Antivirus
Threat.319455
46910

File size:
982.5 KB (1,006,104 bytes)

Product version:
1.05.0130

Copyright:
Leaderssoft Corporation

Original file name:
PWClt_Ag.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\leaders\pc-wise\pwclt_ag.exe

Digital Signature
Signed by:
Leaders soft

Authority:
Thawte, Inc.

Valid from:
3/11/2014 9:00:00 AM

Valid to:
5/10/2016 8:59:59 AM

Subject:
CN=Leaders soft, O=Leaders soft, L=Geumcheon-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
4382DAB210ED7AE9581726183A8DED90

File PE Metadata
Compilation timestamp:
8/21/2014 1:52:10 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:WowYhTvRdGGVNyknjVYXONVXV1d7up/Et49uC2/yfHFm+NYy0es225:WodyXONVXV7qlm+NYy1E

Entry address:
0x9198

Entry point:
68, 08, 97, 40, 00, E8, EE, FF, FF, FF, 00, 00, 40, 00, 00, 00, 30, 00, 00, 00, 38, 00, 00, 00, 00, 00, 00, 00, 76, 8F, 3E, 17, 7F, 78, DA, 45, 89, E2, 1C, EC, 06, E8, 52, 73, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 00, 00, 00, 00, 4D, 43, 41, 67, 65, 6E, 74, 00, 00, 49, 46, 01, 78, 01, 44, 01, 00, 00, 00, 00, 88, 00, 00, 00, 00, 00, 00, 00, 02, 00, 00, 00, 09, 00, 00, 00, D5, D3, F1, 6B, BB, B0, 7D, 45, AA, 87, 6C, 74, 95, B1, AE, AD, 01, 00, 00, 00, 98, 00, 00, 00, A8, 00, 00, 00, 01, 00, 00, 00...
 
[+]

Entropy:
5.9733

Developed / compiled with:
Microsoft Visual Basic v5.0/v6.0

Code size:
960 KB (983,040 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PC-WISE

Command:
C:\Program Files\leaders\pc-wise\pwclt_ag.exe


Scan PWClt_Ag.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.