home

BUTray.exe

Backup Utility

BUFFALO INC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Backup Utility TaskTray Tool’.
Publisher:
BUFFALO INC.  (signed and verified)

Product:
Backup Utility

Description:
Backup Utility TaskTray Tool

Version:
1.10.34

MD5:
3af50cb325286fafd4c1b71453dc0d03

SHA-1:
03d55d89218c4b211855fe6d09b82bf48b099602

SHA-256:
40a61d56f63ca78407958dcfbf00bfcbd6734698bd9d5caf509573bb7583c9a7

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 5:48:10 AM UTC  (today)

File size:
1.7 MB (1,828,216 bytes)

Product version:
1.00

Copyright:
Copyright (C) 2010 BUFFALO INC.

Original file name:
BUTray.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\buffalo\backup_utility\butray.exe

Digital Signature
Signed by:
BUFFALO INC.

Authority:
VeriSign, Inc.

Valid from:
6/22/2010 7:00:00 AM

Valid to:
6/23/2011 6:59:59 AM

Subject:
CN=BUFFALO INC., OU=Technical Support Dept., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=BUFFALO INC., L="4-15, Shibata Hondori, Minami-ku, Nagoya", S=Aichi, C=JP

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
78739D0FDD8A5FD62E0AB910F6A87163

File PE Metadata
Compilation timestamp:
1/21/2011 12:19:31 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:HZYUjF5PdQGtFWepBi7uhU8yZDSW1lCRvDxBeSu:1jF5Hnjw8y47vWSu

Entry address:
0x4AB1A

Entry point:
E8, 50, 67, 00, 00, E9, 17, FE, FF, FF, 51, C7, 01, D4, E9, 46, 00, E8, D3, 67, 00, 00, 59, C3, 56, 8B, F1, E8, EA, FF, FF, FF, F6, 44, 24, 08, 01, 74, 07, 56, E8, B2, 27, FE, FF, 59, 8B, C6, 5E, C2, 04, 00, 8B, 44, 24, 04, 83, C1, 09, 51, 83, C0, 09, 50, E8, 21, 68, 00, 00, F7, D8, 59, 1B, C0, 59, 40, C2, 04, 00, 3B, 0D, 7C, 26, 48, 00, 75, 02, F3, C3, E9, 90, 68, 00, 00, 8B, 44, 24, 04, 53, 8B, 5C, 24, 0C, 66, 83, 3B, 00, 57, 8B, F8, 74, 45, 0F, B7, 08, 66, 85, C9, 74, 3B, 0F, B7, D1, 2B, C3, 66, 85, D2...
 
[+]

Entropy:
7.0818

Code size:
420 KB (430,080 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Backup Utility TaskTray Tool

Command:
"C:\Program Files\buffalo\backup_utility\butray.exe"


Scan BUTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.