» etschagent.exe
Overview
Analysis
File Details
Behaviors (1)

etschagent.exe

East-Tec Eraser

EAST-TEC S.R.L.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘East-Tec east-tec Eraser Scheduler Agent’.

File name:

etschagent.exe

Publisher:

East-Tec (signed by EAST-TEC S.R.L.)

Product:

East-Tec Eraser

Description:

Sheduler Service Agent

Version:

1.0.0.1345

MD5:

24122b4ee0df707d709a586ec6792853

SHA-1:

f2ead1bd87883701f0fa0184d23cfdeb4b414ba2

SHA-256:

e894e072d8b90182a66b72ba021cdaef5c968438d6278bc0aec864b5ebe18228

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/8/2024 10:50:01 AM UTC (today)

File size:

2.1 MB (2,226,376 bytes)

Product version:

12.9.0.8311

Trademarks:

Trademark

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\east-tec eraser\etschagent.exe

Digital Signature

Signed by:

EAST-TEC S.R.L.

Authority:

COMODO CA Limited

Valid from:

10/15/2015 8:00:00 PM

Valid to:

10/15/2016 7:59:59 PM

Subject:

CN=EAST-TEC S.R.L., O=EAST-TEC S.R.L., STREET=Str. Balogh Istvan 17, L=Oradea, S=BIHOR, PostalCode=410283, C=RO

Issuer:

CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

24C62CC7324E6542669BBFE5D1FA9231

File PE Metadata

Compilation timestamp:

8/3/2016 11:53:52 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:l/k11xR3ax5w1O/2uzqJbEIWIc1YKbbaSqajRBuSi87q9BhQ/sLzlkujr8yjxD:lo1x9pwgoIDKiIRQSi87ilprj1

Entry address:

0x1E3770

Entry point:

55, 8B, EC, 83, C4, F0, 53, 56, B8, 7C, B2, 5D, 00, E8, D6, BC, E2, FF, 8B, 35, 90, 8F, 5E, 00, B8, 08, 38, 5E, 00, E8, 6A, 92, FE, FF, 8B, 06, E8, BB, F6, FD, FF, B8, 40, 38, 5E, 00, E8, 59, 92, FE, FF, B2, 01, A1, C4, CA, 5C, 00, E8, A5, 94, FE, FF, 8B, D8, B8, 9C, 38, 5E, 00, E8, 41, 92, FE, FF, EB, 22, 8B, 06, E8, 78, F5, FD, FF, B8, D4, 38, 5E, 00, E8, 2E, 92, FE, FF, 8B, C3, E8, F3, 96, FE, FF, 68, F4, 01, 00, 00, E8, F9, 01, E3, FF, 8B, 06, 80, B8, BC, 00, 00, 00, 00, 74, D3, B8, 1C, 39, 5E, 00, E8... 
[+]

Entropy:

6.6231

Developed / compiled with:

Microsoft Visual C++

Code size:

1.9 MB (1,975,808 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

East-Tec east-tec Eraser Scheduler Agent

Command:

C:\Program Files\east-tec eraser\etschagent.exe

Scan etschagent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.