» mccitrayapp.exe
Overview
Analysis
File Details
Behaviors (1)

mccitrayapp.exe

TEData

The executable mccitrayapp.exe has been detected as malware by 5 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TEData_McciTrayApp’.

File name:

mccitrayapp.exe

Publisher:

Alcatel-Lucent (signed by TEData)

Description:

mcci+McciTrayApp

Version:

6,7,0,34

MD5:

866dcc652ae9ff6064d8643c6d0a92cf

SHA-1:

ba04bda255c67c954aca7a855f1fe15418220934

SHA-256:

505da118d001368df6aab46756c2bcbe0d588672f33bfbff5478903387d0a4e9

Scanner detections:

5 / 68

Status:

Malware

Analysis date:

4/23/2024 3:52:46 PM UTC (today)

Scan engine

Detection

Engine version

AegisLab AV Signature

FraudTool.W32.UltimateDefender

2.1.4+

avast!

Win32:Evo-gen [Susp]

150319-1

Dr.Web

Trojan.Siggen6.24266

9.0.1.0117

SUPERAntiSpyware

Backdoor.IRCNite/Variant

9910

Vba32 AntiVirus

Backdoor.IRCNite

3.12.26.4

File size:

1.5 MB (1,579,808 bytes)

Product version:

6,7,0,34

Original file name:

McciTrayApp_SSR.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\tedata\mccitrayapp.exe

Digital Signature

Signed by:

TEData

Authority:

The USERTRUST Network

Valid from:

6/16/2009 3:00:00 AM

Valid to:

6/17/2011 2:59:59 AM

Subject:

CN=TEData, O=TEData, STREET="94 EL Tahrir St.,", L=GIZA, S=DOkki, PostalCode=12311, C=EG

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

4A7E6017B2290EFDCBBC44B6E1FE9754

File PE Metadata

Compilation timestamp:

1/26/2010 8:43:04 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:+IXNcqUSZ1PUh9JtsPTdak+zwFLzXKOM1VeLMwZ4adsfJoGwKPESlZoz8:JcQ1ccnKOZLnmRHES3oz8

Entry address:

0x9530E

Entry point:

E8, B0, 41, 01, 00, E9, 16, FE, FF, FF, 55, 8B, EC, 83, EC, 10, 53, 56, FF, 75, 10, 8D, 4D, F0, E8, EB, 9C, FF, FF, 8B, 5D, 08, 33, F6, 3B, DE, 75, 2F, E8, 2D, F7, FF, FF, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, 0C, 32, 00, 00, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60, 70, FD, B8, FF, FF, FF, 7F, E9, C0, 00, 00, 00, 57, 8B, 7D, 0C, 3B, FE, 75, 2F, E8, F6, F6, FF, FF, 56, 56, 56, 56, 56, C7, 00, 16, 00, 00, 00, E8, D5, 31, 00, 00, 83, C4, 14, 80, 7D, FC, 00, 74, 07, 8B, 45, F8, 83, 60... 
[+]

Entropy:

6.5705

Code size:

1.1 MB (1,171,968 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

TEData_McciTrayApp

Command:

"C:\Program Files\tedata\mccitrayapp.exe"

Remove mccitrayapp.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.