home

PgyVisitor.exe

蒲公英访问者

Shanghai Best Oray Information Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PgyVisitor’.
Publisher:
上海贝锐信息科技有限公司  (signed by Shanghai Best Oray Information Technology Co., Ltd.)

Product:
蒲公英访问者

Description:
PgyVisitor

Version:
1, 1, 0, 9450

MD5:
b2713d1603f08bf77a6bf08c06b16630

SHA-1:
0772c2a0834a8a58aa171856efe41f1fcd567487

SHA-256:
a4be196a058a44b5fa106a01f8821ad81ae12ad189058fc9f9a6d865f831f9b9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/29/2024 2:07:28 AM UTC  (today)

File size:
2.5 MB (2,605,520 bytes)

Product version:
1, 1, 0, 9450

Copyright:
上海贝锐 版权所有

Original file name:
PgyVisitor.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pgyvisitor.exe

Digital Signature
Signed by:
Shanghai Best Oray Information Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
6/17/2015 8:00:00 AM

Valid to:
7/17/2018 7:59:59 AM

Subject:
CN="Shanghai Best Oray Information Technology Co., Ltd.", O="Shanghai Best Oray Information Technology Co., Ltd.", L=Shanghai, S=Shanghai, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6B9709444F0B7C65BF8DBDE0CEBD139F

File PE Metadata
Compilation timestamp:
2/16/2016 4:53:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:WZPEVsm1zJVSwLdrVSALdQVSZ4cwVSZ4cmVSD4cZVSK4cMVS14cGVSZ4cDlvtysB:WZsVsGzJVSwLdrVSALdQVSZ4cwVSZ4cX

Entry address:
0x829B3

Entry point:
E8, 2E, DB, 00, 00, E9, 78, FE, FF, FF, CC, CC, CC, 8B, 54, 24, 0C, 8B, 4C, 24, 04, 85, D2, 74, 69, 33, C0, 8A, 44, 24, 08, 84, C0, 75, 16, 81, FA, 00, 01, 00, 00, 72, 0E, 83, 3D, E0, 24, 50, 00, 00, 74, 05, E9, E7, DB, 00, 00, 57, 8B, F9, 83, FA, 04, 72, 31, F7, D9, 83, E1, 03, 74, 0C, 2B, D1, 88, 07, 83, C7, 01, 83, E9, 01, 75, F6, 8B, C8, C1, E0, 08, 03, C1, 8B, C8, C1, E0, 10, 03, C1, 8B, CA, 83, E2, 03, C1, E9, 02, 74, 06, F3, AB, 85, D2, 74, 0A, 88, 07, 83, C7, 01, 83, EA, 01, 75, F6, 8B, 44, 24, 08...
 
[+]

Entropy:
7.2900

Code size:
818.5 KB (838,144 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PgyVisitor

Command:
"C:\users\{user}\appdata\local\temp\{random}.tmp\pgyvisitor.exe" -a


Scan PgyVisitor.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.