home

360tray.exe

360安全卫士

Qizhi Software (beijing) Co. Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘360Safetray’.
Publisher:
360.CN  (signed by Qizhi Software (beijing) Co. Ltd)

Product:
360安全卫士

Description:
360安全卫士 木马防火墙

Version:
7, 0, 0, 1007

MD5:
d9a347b71da74ba9dcada7b5e5143a07

SHA-1:
b3385b4a1126c2d726c0231150d73be6e17e545e

SHA-256:
5b733048e4c101f77b8c1e08edce62467e1267e2d19d556982318715f91fe77e

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:47:31 AM UTC  (today)

File size:
1013.6 KB (1,037,896 bytes)

Product version:
7, 0, 0, 1007

Copyright:
(C) 360.cn Inc. All Rights Reserved.

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\360\360safe\safemon\360tray.exe

Digital Signature
Signed by:
Qizhi Software (beijing) Co. Ltd

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
10/22/2008 8:00:00 AM

Valid to:
11/24/2010 7:59:59 AM

Subject:
CN=Qizhi Software (beijing) Co. Ltd, OU=SECURE APPLICATION DEVELOPMENT, O=Qizhi Software (beijing) Co. Ltd, L=Beijing, S=Beijing, C=CN

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
21D91D915F64FE5AEAA16DD9B46F06DD

File PE Metadata
Compilation timestamp:
5/21/2010 7:32:34 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
24576:f+Z5OUFn4nR/Fse8Po217JXdoT2xPgT8l2:frTGe8v17JiTrZ

Entry address:
0x43708

Entry point:
55, 8B, EC, 6A, FF, 68, 10, 0A, 48, 00, 68, 5E, 39, 44, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 90, A7, 47, 00, 59, 83, 0D, A0, 6E, 49, 00, FF, 83, 0D, A4, 6E, 49, 00, FF, FF, 15, 8C, A7, 47, 00, 8B, 0D, C0, 5E, 49, 00, 89, 08, FF, 15, 88, A7, 47, 00, 8B, 0D, BC, 5E, 49, 00, 89, 08, A1, 84, A7, 47, 00, 8B, 00, A3, 9C, 6E, 49, 00, E8, 56, 04, 00, 00, 39, 1D, 08, F3, 48, 00, 75, 0C, 68, CC, 3B, 44, 00, FF, 15...
 
[+]

Entropy:
6.4927

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
484 KB (495,616 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
360Safetray

Command:
"C:\Program Files\360\360safe\safemon\360tray.exe" \start


Scan 360tray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.