» gatewaysystray.exe
Overview
Analysis
File Details
Behaviors (1)

gatewaysystray.exe

GatewaySysTray

3S-Smart Software Solutions GmbH

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GatewaySysTray’.

File name:

gatewaysystray.exe

Publisher:

3S-Smart Software Solutions GmbH (signed and verified)

Product:

GatewaySysTray

Description:

GatewaySysTray

Version:

3.5.6.0

MD5:

31973a604cc2a9587a6500c410dcb768

SHA-1:

4029a39650834085f1e8593f84025705e900f61d

SHA-256:

a5016f2af350a237cc7df76c528967d5a9a4513da3c6bdc5a66dee76466bd9a3

Scanner detections:

1 / 68

Status:

Clean (1 probable false positive detection)

Explanation:

This is mosty likely a false positive detection, the file is probably clean.

Analysis date:

4/24/2024 11:24:49 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Trend Micro House Call

Suspicious_GEN.F47V0416

7.2.39

File size:

775.2 KB (793,808 bytes)

Product version:

3.5.6.0

File type:

Executable application (Win32 EXE)

Language:

German (Germany)

Common path:

C:\Program Files\3s codesys\gatewayplc\gatewaysystray.exe

Digital Signature

Signed by:

3S-Smart Software Solutions GmbH

Authority:

GlobalSign nv-sa

Valid from:

2/22/2013 6:54:53 PM

Valid to:

2/23/2016 6:54:53 PM

Subject:

E=info@codesys.com, CN=3S-Smart Software Solutions GmbH, O=3S-Smart Software Solutions GmbH, L=Kempten, S=Bavaria, C=DE

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

112166CAA8027C493D31DFAC4F2DF9B59D12

File PE Metadata

Compilation timestamp:

5/21/2015 5:29:48 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:wOHquBIGqgN4X3sXuSen8gWr+mqHKLurCr:wVuBIMNk3sXu2r+mqHKLurC

Entry address:

0x1E403

Entry point:

E8, 37, 6E, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24... 
[+]

Code size:

225.5 KB (230,912 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

GatewaySysTray

Command:

"C:\Program Files\3s codesys\gatewayplc\gatewaysystray.exe"

Scan gatewaysystray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.