home

HgStart19.exe

HanGame

NHN Entertainment Corp.

Publisher:
NHN Ent.  (signed by NHN Entertainment Corp.)

Product:
HanGame

Description:
HgPreStart

Version:
19, 0, 1, 1

MD5:
29e81428d6710e40d6d3b356678c78f2

SHA-1:
cf80fda5dbc8147d9a9f91364928f80dd6d4eb70

SHA-256:
8a5843a7cfa096990f469a652633a88fc795bb890194fbf84d4c3876d12607a8

Scanner detections:
4 / 68

Status:
Inconclusive  (not enough data for an accurate detection)

Analysis date:
4/30/2024 9:34:14 PM UTC  (today)

Scan engine
Detection
Engine version

McAfee
Artemis!29E81428D671
5600.7217

Norman
Downloader
11.20140216

Trend Micro House Call
TROJ_GEN.F47V1219
7.2.47

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
178 KB (182,304 bytes)

Product version:
19, 0, 1, 1

Copyright:
ⓒ NHN Entertainment Corp. All Rights Reserved.

Trademarks:
HanGame

Original file name:
HgStart19.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\windows\downloaded Program Files\hgstart19.exe

Digital Signature
Signed by:
NHN Entertainment Corp.

Authority:
VeriSign, Inc.

Valid from:
8/23/2013 9:00:00 AM

Valid to:
8/24/2015 8:59:59 AM

Subject:
CN=NHN Entertainment Corp., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NHN Entertainment Corp., L=Seongnam-si, S=Gyeonggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
32FA7468569C17BDEA7D2CAD5DC2DE6C

File PE Metadata
Compilation timestamp:
11/25/2013 4:35:42 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
3072:wBOu4bHl9dROznZHJCaEluAg/S1EDAt6IOfffOxTzbiC:aEHJRyvnS2AsIF1

Entry address:
0x5E0D

Entry point:
6A, 60, 68, 10, F7, 40, 00, E8, 93, 09, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, 5B, F7, FF, FF, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 54, F1, 40, 00, 8B, 4E, 10, 89, 0D, 24, 30, 41, 00, 8B, 46, 04, A3, 30, 30, 41, 00, 8B, 56, 08, 89, 15, 34, 30, 41, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 28, 30, 41, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 28, 30, 41, 00, C1, E0, 08, 03, C2, A3, 2C, 30, 41, 00, 33, F6, 56, 8B, 3D, 4C, F1, 40, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Entropy:
6.3686

Code size:
56 KB (57,344 bytes)

ActiveX Install
Name:
{5876CAD0-1636-42EA-AC50-4C06F3196089}


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to i0-h0-s220.p51-icn.cdngp.net  (61.110.246.253:80)

TCP (HTTP):
Connects to i0-h0-s260.p51-icn.cdngp.net  (61.110.246.244:80)

TCP (HTTP):
Connects to i0-h0-s252.p51-icn.cdngp.net  (61.110.243.242:80)

TCP (HTTP):
Connects to i0-h0-s258.p51-icn.cdngp.net  (61.110.246.87:80)

TCP (HTTP):
Connects to i0-h0-s2520.p51-icn.cdngp.net  (61.110.243.185:80)

TCP (HTTP):
Connects to i0-h0-s2516.p51-icn.cdngp.net  (61.110.243.114:80)

TCP (HTTP):
Connects to i0-h0-s2514.p51-icn.cdngp.net  (61.110.243.51:80)

TCP (HTTP):
Connects to i0-h0-s219.p51-icn.cdngp.net  (61.110.246.252:80)

TCP (HTTP):
Connects to i0-h0-s261.p51-icn.cdngp.net  (61.110.248.24:80)

TCP (HTTP):
Connects to i0-h0-s2522.p51-icn.cdngp.net  (61.110.243.187:80)

TCP (HTTP):
Connects to i0-h0-s2521.p51-icn.cdngp.net  (61.110.243.186:80)

TCP (HTTP):
Connects to i0-h0-s2518.p51-icn.cdngp.net  (61.110.243.116:80)

TCP (HTTP):
Connects to i0-h0-s2519.p51-icn.cdngp.net  (61.110.243.117:80)

TCP (HTTP):
Connects to i0-h0-s2515.p51-icn.cdngp.net  (61.110.243.52:80)

TCP (HTTP):
Connects to i0-h0-s1716.p59-icn.cdngp.net  (14.0.77.208:80)

TCP (HTTP):
Connects to i0-h0-s259.p51-icn.cdngp.net  (61.110.246.108:80)

TCP (HTTP):
Connects to i0-h0-s1728.p59-icn.cdngp.net  (14.0.77.234:80)

TCP (HTTP):
Connects to i0-h0-s1726.p59-icn.cdngp.net  (14.0.77.232:80)

TCP (HTTP):
Connects to i0-h0-s1702.p59-icn.cdngp.net  (14.0.77.20:80)

TCP (HTTP):
Connects to i0-h0-s2523.p51-icn.cdngp.net  (61.110.243.188:80)

Scan HgStart19.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.