home

loadtray.EXE

Load Tray

Xi'an Saming Technology Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘multitray’.
Publisher:
Xi'an Saming Technology Co., Ltd.  (signed and verified)

Product:
Load Tray

Version:
1, 0, 0, 620

MD5:
b7e2e8296e86a4afdd3ac271faa40ecf

SHA-1:
98cf608cd40480ae51bfdf5e54a85b9fb84b0afd

SHA-256:
5a7e0d3ef960b75c4b4593e4788ca2a840031224f7b5388855e68164a5a572c0

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 4:17:54 AM UTC  (today)

File size:
30.5 KB (31,264 bytes)

Product version:
1, 0, 0, 620

Copyright:
Copyright (C) 1998-2007

Original file name:
loadtray.EXE

File type:
Executable application (Win32 EXE)

Language:
Chinese (Simplified, PRC)

Common path:
C:\Program Files\lenovo\multirecover\loadtray.exe

Digital Signature
Signed by:
Xi'an Saming Technology Co., Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/7/2007 1:00:00 AM

Valid to:
12/7/2010 12:59:59 AM

Subject:
CN="Xi'an Saming Technology Co., Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Xi'an Saming Technology Co., Ltd.", L=Xi'an, S=ShanXi, C=CN

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2D96DFEFFB9054622018ADC22F170388

File PE Metadata
Compilation timestamp:
1/3/2008 2:37:24 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
384:NXY9F0KsE1+EhAGEXzYJLWd6j1sOFsbNiqb:dY9F0Z2+g0yLAmkbNiqb

Entry address:
0x1A90

Entry point:
55, 8B, EC, 6A, FF, 68, 50, 24, 40, 00, 68, 20, 1C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, B0, 21, 40, 00, 59, 83, 0D, 84, 31, 40, 00, FF, 83, 0D, 88, 31, 40, 00, FF, FF, 15, B4, 21, 40, 00, 8B, 0D, 78, 31, 40, 00, 89, 08, FF, 15, B8, 21, 40, 00, 8B, 0D, 74, 31, 40, 00, 89, 08, A1, BC, 21, 40, 00, 8B, 00, A3, 80, 31, 40, 00, E8, 4E, 01, 00, 00, 39, 1D, 70, 30, 40, 00, 75, 0C, 68, 4A, 1C, 40, 00, FF, 15, C0, 21...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
4 KB (4,096 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
multitray

Command:
C:\Program Files\lenovo\multirecover\loadtray.exe


Scan loadtray.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.