home

refreshtrayicons.exe

DevXSoftware

The executable refreshtrayicons.exe has been detected as malware by 6 anti-virus scanners.
Publisher:
DevXSoftware  (signed and verified)

MD5:
1598bfffe4329efc1d904f03b147e7c7

SHA-1:
cec517829010a481e3dc63b2404616da3c4df6eb

SHA-256:
1c59944ac08badb4d2b3db84ae32af3ee4bcbcea97ad2bd32834844c559ddc9c

Scanner detections:
6 / 68

Status:
Malware

Analysis date:
5/20/2024 3:15:18 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Trojan.Heur2.FU.aqX@aK6Dh4g
866

Bitdefender
Gen:Trojan.Heur2.FU.aqX@aK6Dh4g
1.0.20.1325

Emsisoft Anti-Malware
Gen:Trojan.Heur2.FU.aqX@aK6Dh4g
8.14.09.22.05

F-Secure
Gen:Trojan.Heur2.FU.aqX@aK6Dh4g
11.2014-22-09_2

G Data
Gen:Trojan.Heur2.FU.aqX@aK6Dh4g
14.9.24

MicroWorld eScan
Gen:Trojan.Heur2.FU.aqX@aK6Dh4g
15.0.0.795

File size:
8.9 KB (9,144 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\grabilla\refreshtrayicons.exe

Digital Signature
Signed by:
DevXSoftware

Authority:
COMODO CA Limited

Valid from:
6/10/2014 1:00:00 AM

Valid to:
6/11/2015 12:59:59 AM

Subject:
CN=DevXSoftware, OU=DevXSoftware, O=DevXSoftware, STREET="#615 - 938 Howe St", L=Vancouver, S=BC, PostalCode=V6Z 1N9, C=CA

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00A81EEBF917EAC5AADF05D2F6D1768967

File PE Metadata
Compilation timestamp:
9/18/2014 2:24:12 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
192:U1/BfHix8k38LWM16UMFqdg2k6oyMrj6VH7:UXCxV8xS6jMCVb

Entry address:
0x1000

Entry point:
83, EC, 18, 53, 55, 56, 57, 68, 38, 20, 40, 00, 68, 78, 20, 40, 00, 8B, 35, 04, 20, 40, 00, 6A, 00, 68, 98, 20, 40, 00, 68, 9C, 20, 40, 00, 6A, 00, 68, 98, 20, 40, 00, 68, B0, 20, 40, 00, 6A, 00, 68, 98, 20, 40, 00, 68, CC, 20, 40, 00, 6A, 00, 6A, 00, FF, D6, 50, FF, D6, 50, FF, D6, 50, FF, D6, 8D, 4C, 24, 18, 51, 50, 89, 44, 24, 18, FF, 15, 00, 20, 40, 00, 8B, 2D, 08, 20, 40, 00, 33, DB, 39, 5C, 24, 20, 89, 5C, 24, 14, 7E, 3B, 8B, 44, 24, 24, 33, FF, 85, C0, 7E, 24, 8B, 54, 24, 10, 53, 6A, 00, 68, 00, 02...
 
[+]

Entropy:
6.7487

Code size:
512 Bytes (512 bytes)

Remove refreshtrayicons.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.