home

iptray.exe

Clam AV for Windows

Immunet Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Immunet Protect’.
Publisher:
Sourcefire, Inc.  (signed by Immunet Corporation)

Product:
Clam AV for Windows

Description:
ClamAV for Windows Tray Client

Version:
2, 0, 14, 139

MD5:
0905fb1b4a917b295d19871a532a3ebd

SHA-1:
11d79ef805ecd3bc8193c3373fe1f7aef4359224

SHA-256:
26c048fd620c54d72d23c13f2b7290ad96e906945c2b658e7b8279af9ff4f9ca

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 4:16:04 PM UTC  (today)

File size:
3.6 MB (3,744,584 bytes)

Product version:
2, 0, 14, 139

Copyright:
(c) Immunet. All rights reserved.

Original file name:
iptray.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\clamav for windows\2.0.14\iptray.exe

Digital Signature
Signed by:
Immunet Corporation

Authority:
VeriSign, Inc.

Valid from:
8/4/2009 8:00:00 PM

Valid to:
8/18/2010 7:59:59 PM

Subject:
CN=Immunet Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Immunet Corporation, L=Woodside, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1E44683E8FD5C1E39485DE558E877779

File PE Metadata
Compilation timestamp:
8/13/2010 2:43:11 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:7670v5tdiQuBAqpULM+IzXgSWpKXiXqtwMCgNkylK1MHOXTZyjHakgS+g1wu7wa+:jLytw0plK1ZXTZW5Av23rL2

Entry address:
0x21AD54

Entry point:
48, 83, EC, 28, E8, D7, A1, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 41, B2, 10, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 49, A2, 00, 00, CC, 48, 83, EC, 28, E8, 1F, 9F, 00, 00, 8B, 48, 1C, 69, C9, FD, 43, 03, 00, 81, C1, C3, 9E, 26, 00, 89, 48, 1C, C1, E9, 10, 81, E1, FF, 7F, 00, 00, 8B, C1, 48, 83, C4, 28, C3, CC, 48, 89, 5C, 24, 08, 48, 89, 74...
 
[+]

Entropy:
6.0789

Code size:
2.4 MB (2,507,776 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Immunet Protect

Command:
"C:\Program Files\clamav for windows\2.0.14\iptray.exe"


Scan iptray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.