» FAtry.exe
Overview
Analysis
File Details
Behaviors (1)

FAtry.exe

FAtry

Sensible Vision, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘FastAccess Web Alert’.

File name:

FAtry.exe

Publisher:

Microsoft (signed by Sensible Vision, Inc.)

Product:

FAtry

Version:

1.0.0.0

MD5:

a62670a76d8bd9a3a08ee2daac5f3083

SHA-1:

fcd80b2d4298f262489661ca616d0c9c42614d28

SHA-256:

4f9bab60e74aeb50a06bfe912901d85416bc0f850c7389a408cd8980f78708f3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/4/2024 5:55:40 PM UTC (today)

File size:

1.9 MB (2,033,648 bytes)

Product version:

1.0.0.0

Original file name:

FAtry.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\creative\creative live! cam\live! central 3\fainstaller\fatry.exe

Digital Signature

Signed by:

Sensible Vision, Inc.

Authority:

VeriSign, Inc.

Valid from:

10/30/2010 2:00:00 AM

Valid to:

12/27/2011 12:59:59 AM

Subject:

CN="Sensible Vision, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Sensible Vision, Inc.", L=Covert, S=Michigan, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5CA6B27110EA40939EC964AD242BC1BC

File PE Metadata

Compilation timestamp:

7/12/2011 7:30:22 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

49152:c8YYKq2CD/6DW7uueYJTC56mSj+pcZNkCZNe/k:ctq2O6D8CYtySj+p4uENF

Entry address:

0x1ECF8E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.9 MB (2,011,136 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

FastAccess Web Alert

Command:

C:\Program Files\creative\creative live! cam\live! central 3\fainstaller\fatry.exe

Scan FAtry.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.