home

epo_agent_48_zeus_signed.exe

McAfee Agent

Ecole Polytechnique Federale de Lausanne

This is a setup program which is used to install the application. The file has been seen being downloaded from wiki.epfl.ch.
Publisher:
McAfee, Inc.  (signed by Ecole Polytechnique Federale de Lausanne)

Product:
McAfee Agent

Description:
Framework Package Stub

Version:
4.8.0.1500

MD5:
f94d7aedcfab1563bcc0529a4bcbefc6

SHA-1:
5c9d05bd1170e0a847dc28b2dfa284a3ec8a4575

SHA-256:
19b394c5330f1af1ba813d72c798d508c8777a25e209cbd54d9ff8b665388e24

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 1:58:52 PM UTC  (today)

File size:
6.7 MB (7,016,248 bytes)

Product version:
4.8.0

Copyright:
Copyright© 2000-2013 McAfee, Inc. All Rights Reserved.

Original file name:
wstub32.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Digital Signature
Signed by:
Ecole Polytechnique Federale de Lausanne

Authority:
QuoVadis Limited

Valid from:
9/29/2014 1:44:24 PM

Valid to:
9/29/2017 1:44:08 PM

Subject:
CN=Ecole Polytechnique Federale de Lausanne, OU=SI-DIT, O=Ecole Polytechnique Federale de Lausanne, C=CH

Issuer:
CN=QuoVadis Code Signing CA G1, O=QuoVadis Limited, C=BM

Serial number:
36F24DE89D2637D5F36F6A6CD03366E1F4A0879E

File PE Metadata
Compilation timestamp:
12/2/2013 5:11:45 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:1HLBLeeLArU8owu+YR29J8Dm0q1FTIImNj:11BArO6Lmm0GOj

Entry address:
0x8A00

Entry point:
E8, B2, 74, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 10, 53, 57, FF, 75, 10, 8D, 4D, F0, 33, DB, 33, FF, E8, 33, DA, FF, FF, 8B, 4D, 08, 3B, CB, 75, 20, E8, 79, 09, 00, 00, C7, 00, 16, 00, 00, 00, E8, 4E, 2D, 00, 00, 38, 5D, FC, 74, 07, 8B, 45, F8, 83, 60, 70, FD, 33, C0, EB, 66, 56, 8B, 75, F4, 39, 5E, 08, 75, 19, FF, 75, 0C, 51, E8, 54, E2, FF, FF, 59, 59, 38, 5D, FC, 74, 4C, 8B, 4D, F8, 83, 61, 70, FD, EB, 43, 8A, 11, 0F, B6, C2, F6, 44, 30, 1D, 04, 74, 1D, 41, 8A, 11, 84, D2, 74, 12, 0F...
 
[+]

Entropy:
7.9945  (probably packed)

Code size:
106.5 KB (109,056 bytes)

The file epo_agent_48_zeus_signed.exe has been seen being distributed by the following URL.

http://wiki.epfl.ch/secure-it/documents/.../epo_agent_48_zeus_signed.exe

Scan epo_agent_48_zeus_signed.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.