home

hAgentTray.exe

ViRobot Management System 4.0

Hauri, Inc

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘hAgentTray’.
Publisher:
Hauri, Inc.  (signed by Hauri, Inc)

Product:
ViRobot Management System 4.0

Description:
Application for VMS Agent

Version:
2011, 6, 22, 0

MD5:
122fc5850b41281bd82e467523a4368b

SHA-1:
474c929355dd55a98e8c6c9da706c3209fc72fab

SHA-256:
8b6024a8dfe9d53a489fdcdce6a0cc4065603674db3e81fae8021748ce943eaa

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 4:58:11 AM UTC  (today)

File size:
1.3 MB (1,368,728 bytes)

Product version:
4.0

Copyright:
Copyright (C) Hauri, Inc. 1998-2010. All Rights Reserved.

Trademarks:
ViRobot Management System 4.0

Original file name:
hAgentTray.exe

File type:
Executable application (Win32 EXE)

Language:
Korean

Common path:
C:\Program Files\hauri\virobot management system\4.0\agent\hagenttray.exe

Digital Signature
Signed by:
Hauri, Inc

Authority:
VeriSign, Inc.

Valid from:
5/23/2011 7:00:00 PM

Valid to:
7/22/2014 6:59:59 PM

Subject:
CN="Hauri, Inc", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Hauri, Inc", L=Jongno-gu, S=Seoul, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
23AD98746C0A968CC4EA68A5EF15FD3D

File PE Metadata
Compilation timestamp:
6/22/2011 9:23:44 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:QOgtmkfjm9uRhXMsdiv0RjY8WIhw2cYY9v:StmyjmAhXMF0C8hOZB

Entry address:
0x26534

Entry point:
E8, 1E, 89, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 80, 9D, 53, 00, 75, 02, F3, C3, E9, A0, 89, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 00, 60, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, E8, 54, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, F9, 10, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 68, 02, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73...
 
[+]

Entropy:
6.0758

Code size:
901 KB (922,624 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
hAgentTray

Command:
"C:\Program Files\hauri\virobot management system\4.0\agent\hagenttray.exe"


Scan hAgentTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.