» id_tray.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

id_tray.exe

IDrive

Pro Softnet Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘IDrive Tray’. This is installed with IDrive Version - 6.0.

File name:

id_tray.exe

Publisher:

Prosoftnet (signed by Pro Softnet Corporation)

Product:

IDrive

Description:

IDrive Tray

Version:

6.1.0.9

MD5:

153e9d2993748f7a52e55682767d0fec

SHA-1:

32bb2177bf9fdfed828309d183351f2046136c1c

SHA-256:

20edb4c737cc82338e182a470644560589b1ec8c8387441306537ff6d3806cac

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 7:09:49 AM UTC (today)

File size:

2 MB (2,086,944 bytes)

Product version:

6.1.0.9

Original file name:

id_tray.exe

File type:

Executable application (Win32 EXE)

Language:

Language Neutral

Common path:

C:\Program Files\idrivewindows\id_tray.exe

Digital Signature

Signed by:

Pro Softnet Corporation

Authority:

Thawte, Inc.

Valid from:

2/13/2014 7:00:00 PM

Valid to:

2/14/2016 6:59:59 PM

Subject:

CN=Pro Softnet Corporation, OU=IT, O=Pro Softnet Corporation, L=Calabasas, S=California, C=US

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

68A7A5C7BD2B769D46DD66EE575B8C68

File PE Metadata

Compilation timestamp:

6/3/2014 9:51:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

.NET CLR dependent:

Yes

CTPH (ssdeep):

24576:sLyWxNgDhT+6Y6Y6o6w6vL26ggyy8Bw6Y6z:sLyENgDhT5L3y7

Entry address:

0x1F0F6E

Entry point:

FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4802

Developed / compiled with:

Microsoft Visual C# / Basic .NET

Code size:

1.9 MB (2,027,520 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

IDrive Tray

Command:

"C:\Program Files\idrivewindows\id_tray.exe" min

The file id_tray.exe has been discovered within the following program.

IDrive Version - 6.0 by Pro Softnet Corp

www.idrive.com

About 9% of users remove it

Scan id_tray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.