» PtSessionAgent.exe
Overview
Analysis
File Details
Behaviors (1)

PtSessionAgent.exe

Trend Micro Platinum

Trend Micro, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Platinum’.

File name:

PtSessionAgent.exe

Publisher:

Trend Micro Inc. (signed by Trend Micro, Inc.)

Product:

Trend Micro Platinum

Description:

Platinum user session agent

Version:

2.1.0.1190

MD5:

7beef2804625be481133c475f57dae9b

SHA-1:

25d71c4cabd366fc1ec3dba44df99b0e47e00d97

SHA-256:

795524582b9943b3c2b8092009d15d15a4f08dc41bd1085ca29d93c4a4d16abe

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

11/23/2024 5:26:23 PM UTC (today)

File size:

1.3 MB (1,403,976 bytes)

Product version:

2.1

Trademarks:

Original file name:

PtSessionAgent.exe

File type:

Executable application (Win64 EXE)

Common path:

C:\Program Files\nttw\security\sec\plugin\pt\ptsessionagent.exe

Digital Signature

Signed by:

Trend Micro, Inc.

Authority:

VeriSign, Inc.

Valid from:

2/20/2015 9:00:00 AM

Valid to:

5/22/2016 8:59:59 AM

Subject:

CN="Trend Micro, Inc.", O="Trend Micro, Inc.", L=Taipei, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1519396EE230F02CAD1FCFDB077A35F0

File PE Metadata

Compilation timestamp:

4/24/2015 8:08:42 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

11.0

Entry address:

0x727B0

Entry point:

48, 83, EC, 28, E8, C7, 05, 00, 00, 48, 83, C4, 28, E9, F6, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 49, F8, 03, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 09, 02, 00, 00, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 8B, F2, 48, 8B, D9, F6, C2, 02, 74, 2B, 48, 8D, 79, F8, 4C, 8D, 0D, D0, 06, 00, 00, BA, 18, 00, 00, 00, 44, 8B, 07, E8, 6F, 03, 00... 
[+]

Entropy:

6.2346

Code size:

515 KB (527,360 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Platinum

Command:

"C:\Program Files\nttw\security\sec\plugin\pt\ptsessionagent.exe" -startup

Scan PtSessionAgent.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.