home

AgentTray.exe

NTI Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AgentTray’. This is installed with Gateway Backup Agent Service.
Publisher:
NTI Corporation  (signed and verified)

Description:
Backup Manager Agent

Version:
3.0.0.98

MD5:
cecc83fb71355f8a86810c33edbcaa6d

SHA-1:
96e3d9b8fbaf68e57d86b34cb78577f4ef4d5078

SHA-256:
7daeb8cf1a3787790b75eda693b56d4b2d7a702b759b944457adf255139f413b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 12:24:01 AM UTC  (today)

File size:
237.8 KB (243,520 bytes)

Product version:
3.0.0.98

Copyright:
Copyright (C) 2011, NTI Corporation. All rights reserved.

Original file name:
AgentTray.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\nti\gateway backup agent service\agenttray.exe

Digital Signature
Signed by:
NTI Corporation

Authority:
VeriSign, Inc.

Valid from:
5/21/2010 6:00:00 PM

Valid to:
5/21/2011 5:59:59 PM

Subject:
CN=NTI Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NTI Corporation, L=Irvine, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
590607D9B0A7963A86F191A46BBCD5A8

File PE Metadata
Compilation timestamp:
4/21/2011 8:48:46 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
3072:/pIRFeCqnG2h6iQq0ufcUNxSpNd3OtA7WbHB04csndI3ve:sFeCqG2sCFcy8NdOtA7Wbq4cN3ve

Entry address:
0xE820

Entry point:
E8, 13, 05, 00, 00, E9, 37, FD, FF, FF, 3B, 0D, 28, 80, 41, 00, 75, 02, F3, C3, E9, 95, 05, 00, 00, 6A, 14, 68, C8, 4E, 41, 00, E8, 47, 04, 00, 00, FF, 35, 0C, 8D, 41, 00, 8B, 35, 24, 11, 41, 00, FF, D6, 59, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 28, 11, 41, 00, 59, EB, 67, 6A, 08, E8, 71, 06, 00, 00, 59, 83, 65, FC, 00, FF, 35, 0C, 8D, 41, 00, FF, D6, 89, 45, E4, FF, 35, 08, 8D, 41, 00, FF, D6, 59, 59, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, 3C, 11, 41, 00, FF, D6, 59...
 
[+]

Entropy:
6.3439

Code size:
64 KB (65,536 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AgentTray

Command:
"C:\Program Files\nti\gateway backup agent service\agenttray.exe"


The file AgentTray.exe has been discovered within the following program.

Gateway Backup Agent Service  by NTI Corporation
www.nticorp.com
57% remove it
 
Powered by Should I Remove It?

Scan AgentTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.