» RVAgTray.EXE
Overview
Analysis
File Details
Behaviors (1)

RVAgTray.EXE

RemoteView Agent Tray Application

Rsupport Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘RemoteView Tray’.

File name:

RVAgTray.EXE

Publisher:

Rsupport Co., Ltd. (signed and verified)

Product:

RemoteView Agent Tray Application

Version:

4, 0, 1, 18

MD5:

fb529df300b9037778951f1a2e80bb89

SHA-1:

b5377c12fe2962041e22ca2f60f866219576af7f

SHA-256:

a2871890a08b672211b2fb52ce1f38b4142970b169e8d1855ec0421035c12b03

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 8:39:08 PM UTC (today)

File size:

285.3 KB (292,120 bytes)

Product version:

4, 0, 1, 18

Original file name:

RVAgTray.EXE

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\rsupport\remoteview agent 4.0\rvagtray.exe

Digital Signature

Signed by:

Rsupport Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

4/27/2009 9:00:00 AM

Valid to:

6/22/2010 8:59:59 AM

Subject:

CN="Rsupport Co., Ltd.", OU=Marketing Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Rsupport Co., Ltd.", L=Songpa-gu, S=Seoul, C=KR

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

433778F0BBB3EE6084FF8F57C7AA747C

File PE Metadata

Compilation timestamp:

12/15/2009 1:36:40 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:8B36HRC3UJ28/6NIs38qyFhorrYpUPhXT8VPVhKTT:8YRC3m28/6NIs3HkhorrB

Entry address:

0x12848

Entry point:

55, 8B, EC, 6A, FF, 68, 20, 5D, 41, 00, 68, 10, 27, 41, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, 64, 45, 41, 00, 59, 83, 0D, 48, B8, 41, 00, FF, 83, 0D, 4C, B8, 41, 00, FF, FF, 15, 68, 45, 41, 00, 8B, 0D, 3C, B8, 41, 00, 89, 08, FF, 15, 6C, 45, 41, 00, 8B, 0D, 38, B8, 41, 00, 89, 08, A1, 70, 45, 41, 00, 8B, 00, A3, 44, B8, 41, 00, E8, 1C, 01, 00, 00, 39, 1D, 20, B7, 41, 00, 75, 0C, 68, D0, 29, 41, 00, FF, 15, 74, 45... 
[+]

Entropy:

3.4640

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

76 KB (77,824 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

RemoteView Tray

Command:

"C:\Program Files\rsupport\remoteview agent 4.0\rvagtray.exe" \background

Scan RVAgTray.EXE - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.