File: baf4942e0b983707bfae08a9a51297b5c61106e3c6451404824b8dd698aacecf

Metadata
File name:hsg.exe
File type:PE32 executable (GUI) Intel 80386, for MS Windows
File size:274432 bytes
Analysis date:2016-04-04 11:57:57
MD5:e6631613bf5a2cf425cb98d8b924106d
SHA1:7d2927fd6cdeb1d948691d18e79c0130f9989aae
SHA256:baf4942e0b983707bfae08a9a51297b5c61106e3c6451404824b8dd698aacecf
SHA512:1b290efe9f283c3fdd531403fa6ce029f35d362c707aed474ad3d63fb16774615395ea4bb5cd42025aa1f8b2391241349f606aed95cc6ea0703dfb09fee488a5
SSDEEP:6144:d6o3wnApwkamPoAmu8HdlV9iO9BKPEJaQU46AJKJB:1wATamQAmu8HdlV9iO9BKPEJaQU46AJ
IMPHASH:f6f8989005e396f0f5b8c6122bc08043
Authentihash:N/A
Related resources
PE TypePE32
Internal NamePtm
CommentsBuffetti Inc.
File Size268 kB
Machine TypeIntel 386 or later, and compatibles
File OSWin32
Code Size262144
OS Version4.0
Entry Point0x10bc
File Flags Mask0x0000
Linker Version6.0
File SubtypeN/A
Uninitialized Data SizeN/A
File Version7.07.0001
Initialized Data Size24576
File DescriptionBuffetti Inc.
Product Version Number7.7.0.1
Product NameBuffetti Inc.
Company NameBuffetta Inc.
MIME Typeapplication/octet-stream
Character SetUnicode
Language CodeChinese (Simplified)
File Version Number7.7.0.1
File TypeWin32 EXE
Original FilenamePtm.exe
SubsystemWindows GUI
Object File TypeExecutable application
Image Version7.7
File Flags(none)
Subsystem Version4.0
Product Version7.07.0001
Source:
APTNotes
Cyber threat intelligence reports associated with baf4942e0b983707bfae08a9a51297b5c61106e3c6451404824b8dd698aacecf.
Loading...
Domains
Domains the malware sample communicates with.
Hosts
Hosts the malware sample communicates with.
HTTP Requests
HTTP requests the malware sample makes.
AV Detections
AV detection names associated with the malware sample.
AegisLabTroj.W32.Jorik.Birfost
BaiduWin32.Trojan.WisdomEyes.151026.9950.9993
Qihoo-360HEUR/QVM03.0.0000.Malware.Gen
Mutants
Mutants created by the malware sample.
Registry keys
Registry keys created by the malware sample.
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Session Manager
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers
HKEY_CURRENT_USER\SOFTWARE\Microsoft\CTF
HKEY_LOCAL_MACHINE\Software\Microsoft\CTF\SystemShared
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Nls\Codepage
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VBA\Monitors
HKEY_USERS\S-1-5-21-1547161642-507921405-839522115-1004
Software\Policies\Microsoft\Control Panel\International\Calendars\TwoDigitYearMax
Control Panel\International\Calendars\TwoDigitYearMax
Comments
User comments about baf4942e0b983707bfae08a9a51297b5c61106e3c6451404824b8dd698aacecf.
NOTICE: We have updated our privacy terms and conditions in accordance to GDPR. By using our site, you acknowledge that you have read and understand our Privacy Policy. Your use of ThreatMiner’s Products and Services is subject to these policies and terms.