home

driveragent-setup-492.exe

DriverAgent

Copyright © 2015 eSupport.com, Inc • All Rights Reserved

The executable driveragent-setup-492.exe, “DriverAgent Setup ” has been detected as malware by 11 anti-virus scanners. This is a self-extracting archive and installer, however the file is not signed with an authenticode signature from a trusted source. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives. The file has been seen being downloaded from driveragent.com.
Publisher:
Copyright © 2015 eSupport.com, Inc • All Rights Reserved

Product:
DriverAgent

Description:
DriverAgent Setup

Version:
2.2015.7.14

MD5:
15551cfe879629e1f178a3a64041e651

SHA-1:
07a643ed6d056985a4961dc79b8ed8596d0647c9

SHA-256:
c097efcfbc0852e83cd73a0c0c26ffd1db7960ef99b534145981c4164f89c151

Scanner detections:
11 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
11/5/2024 2:43:09 AM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:Parite
160326-0

AVG
Win32/Parite
2015.0.4355

Dr.Web
riskware program Program.Unwanted.657, Win32.Parite.2
9.0.1.05190

Emsisoft Anti-Malware
Win32.Parite
11.5.0.6191

ESET NOD32
Win32/Parite.B virus
8.0.319.0

F-Prot
W32/Parite.B
4.6.5.141

F-Secure
Win32.Parite.B
5.15.96

Kaspersky
Virus.Win32.Parite
15.0.0.562

McAfee
Virus.W32/Pate.b
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.217.1197.0

Norman
Win32.Parite.B
02.04.2016 17:35:19

File size:
1.3 MB (1,403,354 bytes)

Product version:
2.2015.7.14

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\driveragent-setup-492.exe

File PE Metadata
Compilation timestamp:
1/30/2013 9:21:56 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:rxGomirXR38RQSKq8VU7jTZ+Gck9DNVMlvR1HA/0tMfm9a1xULF:EnI81KRVUPThck5NlctMfm9a1O

Entry address:
0x27000

Entry point:
90, 68, 9C, 7F, 49, 00, 5B, 90, 90, BE, 20, 70, 42, 00, 68, 98, 05, 00, 00, 5A, FF, 34, 32, 31, 1C, 24, 8F, 04, 32, 4A, 83, EA, 03, 90, 75, F0, 74, 02, 48, 00, 9C, 7F, 49, 00, 9C, 7F, 09, 00, 20, 6C, 48, 00, 4C, CC, 5B, 00, 46, C6, 5B, 00, 9C, CF, 4B, 00, 63, 80, B6, FF, AC, EC, 08, 00, 7A, EA, 08, 00, 6C, EA, 08, 00, B8, 6E, 48, 00, 78, EA, 48, 00, 72, EA, 48, 00, AC, 6C, 48, 00, 78, EA, 48, 00, 72, EA, 48, 00, 9C, 7F, 49, 00, 9C, 7F, 49, 00, 9C, 7F, 49, 00, 9C, 7F, 49, 00, 9C, 7F, 49, 00, 9C, 7F, 49, 00...
 
[+]

Entropy:
7.9405  (probably packed)

Code size:
63.5 KB (65,024 bytes)

The file driveragent-setup-492.exe has been seen being distributed by the following URL.

http://driveragent.com/.../driveragent-setup-492.exe

Remove driveragent-setup-492.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.