home

GWTray.exe

GameWizard Tray

Ruling Technologies Sdn Bhd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GameWizardLite’.
Publisher:
Ruling Technologies Sdn. Bhd.  (signed by Ruling Technologies Sdn Bhd)

Product:
GameWizard Tray

Version:
4.0.0.17

MD5:
f497c86622d08e8e02dd09b32c003c45

SHA-1:
b4eaa2e426fa1e34eba4b7b47b5b93e4e734dc45

SHA-256:
59510fde83d28f7f7a9f4534e915065c5ed2f8080f89556aa7533e2652e13d78

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 1:12:33 AM UTC  (today)

File size:
572.3 KB (586,080 bytes)

Product version:
4.0.0.17

Copyright:
Copyright (C) Ruling Technologies Sdn. Bhd. 2001-2007

Original file name:
GWTray.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ruling technologies\gamewizardcombo\gwtray.exe

Digital Signature
Signed by:
Ruling Technologies Sdn Bhd

Authority:
The USERTRUST Network

Valid from:
5/26/2009 8:00:00 AM

Valid to:
5/26/2012 7:59:59 AM

Subject:
CN=Ruling Technologies Sdn Bhd, O=Ruling Technologies Sdn Bhd, STREET=Unit 505 Block B Phileo Damansara 1, STREET=No. 9 Jln 16/11 off Jln Damansara, L=Petaling Jaya, S=Selangor, PostalCode=46350, C=MY

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
149C42873181FC7416B291A91EF72F8C

File PE Metadata
Compilation timestamp:
12/15/2008 9:07:57 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:L65KaFhumFuFmpjpywq693IS0gnq693IS0gnq693IS0gJ:G5KaFImEFzw

Entry address:
0xA958

Entry point:
E8, 7E, 58, 00, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 10, 75, 20, E8, 4E, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, FB, F9, FF, FF, 83, C4, 14, 83, C8, FF, E9, 80, 00, 00, 00, 8B, 4D, 0C, 3B, CB, 56, 8B, 75, 08, 74, 21, 3B, F3, 75, 1D, E8, 1F, 0F, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, CC, F9, FF, FF, 83, C4, 14, 83, C8, FF, EB, 53, B8, FF, FF, FF, 7F, 3B, C8, 89, 45, E4, 77, 03, 89, 4D, E4, 57, FF, 75, 18, 8D, 45, E0, FF, 75, 14, C7, 45, EC...
 
[+]

Entropy:
3.9371

Code size:
92 KB (94,208 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GameWizardLite

Command:
C:\Program Files\ruling technologies\gamewizardcombo\gwtray.exe


Scan GWTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.