» iptray.exe
Overview
Analysis
File Details
Behaviors (1)

iptray.exe

Intel Desktop Utilities

Intel Corporation

The executable iptray.exe, “Tray application for Intel(R) Desktop Utilities” has been detected as malware by 11 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ipTray.exe’.

File name:

iptray.exe

Publisher:

Intel Corporation (signed and verified)

Product:

Intel(R) Desktop Utilities

Description:

Tray application for Intel(R) Desktop Utilities

Version:

3.2.8.89

MD5:

814078e57785d4221682960f7085baf7

SHA-1:

5d66809c7c5ddeb383fc1aa5ae50264e52b2fe47

SHA-256:

86fa35ce7605fa95d8748e6c42468fb1972fb7de24c474fdba23faf56ca68150

Scanner detections:

11 / 68

Status:

Malware

Analysis date:

4/25/2024 2:52:02 PM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Pioneer-C

160503-1

AVG

Win32/Floxif

2015.0.4568

Dr.Web

Win32.FloodFix.7

9.0.1.05190

Emsisoft Anti-Malware

Win32.Floxif

11.5.0.6191

ESET NOD32

Win32/Floxif.H virus

8.0.319.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.15.96

Kaspersky

Virus.Win32.Pioneer

15.0.0.562

McAfee

Trojan.Dropper-FIY!814078E57785

18.0.204.0

Norman

Win32.Floxif.A

28.05.2016 15:32:18

Sophos

Virus 'W32/Floxif-C'

5.23

File size:

1.7 MB (1,734,903 bytes)

Product version:

3.2.8.89

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\intel\intel desktop utilities\iptray.exe

Digital Signature

Signed by:

Intel Corporation

Authority:

Intel Corporation

Valid from:

6/18/2013 4:55:52 PM

Valid to:

6/2/2016 4:55:52 PM

Subject:

CN=Channel Innovations and Solutions Division, OU=Software Development Org., O=Intel Corporation, L=Santa Clara, S=CA, C=US

Issuer:

CN=Intel External Basic Issuing CA 3A, O=Intel Corporation, L=Santa Clara, S=CA, C=US

Serial number:

3300009EFAFFD8163D6F29D4CB000300009EFA

File PE Metadata

Compilation timestamp:

6/19/1992 10:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:FQV4FGUqxr8EgPJB94yOvidPD2koUVMOry2jrEH7s:FeP8Ea14iND2koUVM3W

Entry address:

0x10E890

Entry point:

E9, AD, A7, F1, FF, F0, 53, B8, D8, E4, 50, 00, E8, 57, 88, EF, FF, 33, C0, A3, 10, 52, 51, 00, A1, 7C, 15, 51, 00, 83, 38, 05, 75, 0D, E8, 35, BE, F7, FF, 3C, 01, 0F, 84, 1E, 01, 00, 00, 6A, 00, B9, 10, 52, 51, 00, BA, EC, E9, 50, 00, B8, 04, EA, 50, 00, E8, 9B, BB, F7, FF, 84, C0, 74, 1D, 83, 3D, 10, 52, 51, 00, 00, 0F, 84, F7, 00, 00, 00, A1, 10, 52, 51, 00, 50, E8, DF, 8A, EF, FF, E9, E7, 00, 00, 00, BA, 38, EA, 50, 00, 33, C0, E8, BA, 85, FF, FF, 84, C0, 75, 0C, BA, 38, EA, 50, 00, 33, C0, E8, 16, 86... 
[+]

Entropy:

6.0474

Packer / compiler:

Xtreme-Protector v1.05

Code size:

1.1 MB (1,104,896 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

ipTray.exe

Command:

"C:\Program Files\intel\intel desktop utilities\iptray.exe"

Remove iptray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.