» gathrtray.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

gathrtray.exe

GathrLauncher

LastPass

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Gathr Tray’. This is installed with Gathr(uninstall only).

File name:

gathrtray.exe

Publisher:

Gathr (signed by LastPass)

Product:

GathrLauncher

Description:

Gathr Launcher

Version:

1.0.0.0

MD5:

810ec0537afb34e4a3c5b05c89356e86

SHA-1:

b503ff7c6a6473c80dc1ccaf4f6f4d64655a205c

SHA-256:

6fbb83778390d4112841781f964c93787889c9210d9f7b968da979bb5c42ecb5

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 1:31:14 PM UTC (today)

File size:

27 KB (27,648 bytes)

Product version:

1.0.0.0

Original file name:

TaskTrayApplication.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\gathr\gathrtray.exe

Digital Signature

Signed by:

LastPass

Authority:

COMODO CA Limited

Valid from:

10/13/2011 6:00:00 PM

Valid to:

10/13/2014 5:59:59 PM

Subject:

CN=LastPass, O=LastPass, STREET=226 Maple Ave W STE 301, L=Vienna, S=VA, PostalCode=22180, C=US

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

00993DB38720B4B3EC5280105E019B511D

File PE Metadata

Compilation timestamp:

2/1/2013 2:18:16 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

384:5tv096uuw5CIgcdh5MxoaskceLhwvnhCxYPLg8wEiAk:bwTVda0chwvME9iAk

Entry address:

0x3DAE

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

4.5958

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

8 KB (8,192 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Gathr Tray

Command:

C:\Program Files\gathr\gathrtray.exe

The file gathrtray.exe has been discovered within the following program.

Gathr(uninstall only) by Gathr

lastpass.com

20% remove it

Scan gathrtray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.