Agent.exe
EaseUS Todo Backup by CHENGDU YIWO Tech Development Co. (Signed)
| Version: | 3, 5, 0, 1 |
| MD5: | 64585b1d85ff7566b99ced303a02f357 |
| SHA1: | 55e70c2884871fc2ac122410e30a0deb95aff42e |
| SHA256: | 7de815a3fa7a3b61a3e86766e9959c1f75d1e9796e50bb0138a748156f785837 |
Warning 3 antivirus scanners has detected malware.
Overview
agent.exe is malware that runs as a service under the name EaseUS Agent Service (EaseUS Agent) with extensive SYSTEM privileges (full administrator access). It is installed with a couple of know programs including EaseUS Todo Backup Free 4.0 published by CHENGDU YIWO Tech Development Co., Ltd and EaseUS Todo Backup Free 4.0 published by CHENGDU YIWO Tech Development Co., Ltd. The file is digitally signed by CHENGDU YIWO Tech Development Co. which was issued by the VeriSign certificate authority (CA).
Details
| File name: | agent.exe |
| Publisher: | CHENGDU YIWO Tech Development Co., Ltd |
| Product name: | EaseUS Todo Backup |
| Description: | EaseUS Todo Backup Agent Application |
| Typical file path: | C:\Program Files\easeus\todo backup\bin\agent.exe |
| File version: | 3, 5, 0, 1 |
| Product version: | 3.5.0.1 |
| Size: | 59.63 KB (61,064 bytes) |
| Certificate |
| Issued to: | CHENGDU YIWO Tech Development Co. |
| Authority (CA): | VeriSign |
| Expiration date: | Sunday, November 9, 2014 |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
|
CHENGDU YIWO Tech Development Co., Ltd |
|
“EaseUS Todo Backup Free, as the world's first all-in-one backup & system disaster recovery software, is hard disk image, file backup, disaster recovery and disk clone freeware for home users to full protect system and data in case of accident file deletion, virus attack, and hardware failure. What's more, there is no need for rebooting system after program installed. New Highlights of EaseUS Todo Backup Free: System Backup and Recovery,...”
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Network connections
[UDP] listens on port 4000
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Trend Micro HouseCall |
9.700.0.1001 |
TROJ_GEN.F47V1104 |
| Vba32 AntiVirus |
3.12.24.3 |
Worm.Qvod |
| ViRobot |
2011.4.7.4223 |
Worm.Win32.A.Qvod.131072.B |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00013941% | |
| Kernel CPU: | 0.00003769% | |
| User CPU: | 0.00010172% | |
| Kernel CPU time: | 312,002 ms/min | |
| Context switches: | 71/sec | |
| Memory |
| Private memory: | 29.66 MB | |
| Private (maximum): | 15.49 MB | |
| Private (minimum): | 3.09 MB | |
| Non-paged memory: | 29.66 MB | |
| Virtual memory: | 205.73 MB | |
| Virtual memory (peak): | 208.23 MB | |
| Working set: | 3.63 MB | |
| Working set (peak): | 18.86 MB | |
| Resource allocations |
| Threads: | 95 | |
| Handles: | 320 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command line: | "C:\Program Files\easeus\todo backup\bin\agent.exe" |
| Owner: | SYSTEM |
| Windows Service |
| Service name: | EaseUS Agent |
| Display name: | EaseUS Agent Service |
| Description: | “Provides service to backup files and image disks.” |
| Type: | Win32OwnProcess |
| Parent process: | services.exe (Services and Controller app by Microsoft) |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Home Premium |
40.00% |
|
| Windows 7 Professional |
20.00% |
|
| Windows 7 Ultimate |
15.00% |
|
| Windows 8 |
10.00% |
|
| Windows 8 Pro |
10.00% |
|
| Microsoft Windows XP |
5.00% |
|
Distribution by country
United States installs about 60.00% of EaseUS Todo Backup.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| Dell |
60.87% |
|
| Intel |
17.39% |
|
| Hewlett-Packard |
8.70% |
|
| Acer |
4.35% |
|
| GIGABYTE |
4.35% |
|
| American Megatrends |
4.35% |
|
