» atitray.sys
Overview
Analysis
File Details
Behaviors (1)

atitray.sys

Ray Adams

It runs as a Windows kernel mode device driver named “atitray”.

File name:

atitray.sys

Publisher:

Ray Adams (signed and verified)

MD5:

072c21339d5d70bc2f284a6e6da5480c

SHA-1:

f77fb189294b3a42d78107ee3dace424bd39a500

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/24/2024 7:56:50 PM UTC (today)

Scan engine

Detection

Engine version

NANO AntiVirus

Trojan.Win32.Generic.crbmce

0.28.2.62841

File size:

18.8 KB (19,232 bytes)

File type:

Driver (Win32 SYS)

Common path:

C:\Program Files\ray adams\ati tray tools\atitray.sys

Digital Signature

Signed by:

Ray Adams

Authority:

Root Agency

Valid from:

3/10/2007 12:15:20 PM

Valid to:

12/31/2039 3:59:59 PM

Subject:

CN=Ray Adams, OU=Certification, O=Ray Adams, E=traytools@guru3d.com

Issuer:

CN=Root Agency

Serial number:

97BDC0749C0DC4814310774187270C3B

File PE Metadata

Compilation timestamp:

4/12/2010 9:06:04 PM

OS version:

6.1

OS bitness:

Win32

Subsystem:

Native (none required)

Linker version:

9.0

CTPH (ssdeep):

384:q7D8y7ffiioEXw/EJriJopQXOoKZO6bXxL2eIopYJLe9w:qD8yBvc6uKIOoKZO67IoELe9w

Entry address:

0x38BE

Entry point:

8B, FF, 55, 8B, EC, E8, BD, FF, FF, FF, 5D, E9, 14, FC, FF, FF, CC, CC, 18, 39, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, A8, 3B, 00, 00, 8C, 36, 00, 00, 0C, 39, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, EC, 3B, 00, 00, 80, 36, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, B6, 3B, 00, 00, D0, 3B, 00, 00, 00, 00, 00, 00, CC, 39, 00, 00, E4, 39, 00, 00, EE, 39, 00, 00, 04, 3A, 00, 00, 20, 3A, 00, 00, 30, 3A, 00, 00, 42, 3A, 00, 00, 56, 3A, 00, 00, 66, 3A, 00, 00, 80, 3A... 
[+]

Entropy:

6.5676

Code size:

13.4 KB (13,696 bytes)

Driver

Display name:

atitray

Type:

Kernel device driver (KernelDriver)

Scan atitray.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.