home

SpIDerAgent.exe

Dr.Web

Doctor Web Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SpIDerAgent’.
Publisher:
Doctor Web, Ltd.  (signed by Doctor Web Ltd.)

Product:
Dr.Web ®

Description:
SpIDer Agent for Windows

Version:
8.0.0.11230

MD5:
b77572c0f572e995292cd11b41f3430b

SHA-1:
710acc5f7821447568f464769d94999f0bf64fb8

SHA-256:
88d7f0378621abfdba9e2414ed922c8debdf38987cce1184c01c1cfa40f09a8f

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 1:17:01 PM UTC  (today)

File size:
14.8 MB (15,486,816 bytes)

Product version:
8.0.0.11230

Copyright:
Copyright © Doctor Web, Ltd., 1992-2012

Original file name:
SpIDerAgent.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\drweb\spideragent.exe

Digital Signature
Signed by:
Doctor Web Ltd.

Authority:
VeriSign, Inc.

Valid from:
8/29/2011 4:00:00 AM

Valid to:
10/7/2014 3:59:59 AM

Subject:
CN=Doctor Web Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Doctor Web Ltd., S=Saint-Petersburg, C=RU

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
33769228D3F9ECCED66039B90199AC5D

File PE Metadata
Compilation timestamp:
11/23/2012 4:29:02 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:8tS1BAB6z+9hMd+5PCxe0WpjjZCiPrqNGDc:8tS/d6X1Oe0WpjjZdrqNGDc

Entry address:
0x72350

Entry point:
48, 83, EC, 38, E8, A3, F2, 5E, 00, 48, 8D, 0D, C0, FF, FF, FF, FF, 15, E2, 16, 7A, 00, 48, 8D, 0D, EB, A0, 81, 00, FF, 15, 85, 19, 7A, 00, 48, 85, C0, 74, 4B, 48, 8D, 15, F9, A0, 81, 00, 48, 8B, C8, 48, 89, 5C, 24, 30, FF, 15, 73, 19, 7A, 00, 48, 8B, D8, 48, 85, C0, 74, 29, FF, 15, CD, 18, 7A, 00, 4C, 8D, 05, F2, A0, 81, 00, 41, B9, 03, 00, 00, 00, 48, 8B, C8, 48, 8D, 44, 24, 40, 48, 8B, D3, 48, 89, 44, 24, 20, FF, 15, 92, 16, 7A, 00, 48, 8B, 5C, 24, 30, 48, 83, C4, 38, E9, 80, F4, 5E, 00, CC, CC, CC, CC...
 
[+]

Code size:
8.1 MB (8,460,288 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SpIDerAgent

Command:
"C:\Program Files\drweb\spideragent.exe"


Scan SpIDerAgent.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.