» ShdTray.exe
Overview
Analysis
File Details
Behaviors (1)

ShdTray.exe

Hyper Smart Virus Solution

EAZ Solution, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Shield’.

File name:

ShdTray.exe

Publisher:

Hyper Computer Solution (signed by EAZ Solution, Inc.)

Product:

Hyper Smart Virus Solution

Description:

Shield Tray

Version:

10.0

MD5:

912300caf393758b6de33442dc0fbc98

SHA-1:

10ce60061772f14c65fe77ee5c9db31359417aac

SHA-256:

3c2c1021eeb6208257cd2f75019c2d58aa17c0b45f365182c13ceb9111108cce

Scanner detections:

1 / 68

Status:

Inconclusive (not enough data for an accurate detection)

Analysis date:

4/18/2024 6:42:13 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

W32/Sality.AT

7.11.30.172

File size:

99.9 KB (102,248 bytes)

Product version:

10.0

Original file name:

ShdTray.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\shield\shdtray.exe

Digital Signature

Signed by:

EAZ Solution, Inc.

Authority:

DigiCert Inc

Valid from:

12/16/2013 8:00:00 AM

Valid to:

12/24/2014 8:00:00 PM

Subject:

CN="EAZ Solution, Inc.", O="EAZ Solution, Inc.", L=McKinney, S=Texas, C=US

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

0FF0D3DF24C9C18B86919C979B0126CE

File PE Metadata

Compilation timestamp:

3/10/2014 1:38:20 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:a0GFKHrRaCO59KSpd2DnvMNJqo8Tw8RakH:uKLACO59KEWnkNJqUkH

Entry address:

0x3A9C

Entry point:

48, 83, EC, 28, E8, CF, 03, 00, 00, 48, 83, C4, 28, E9, F6, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 69, 65, 00, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 49, 04, 00, 00, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 8B, F2, 48, 8B, D9, F6, C2, 02, 74, 2A, 44, 8B, 41, F8, 4C, 8D, 0D, 8C, 05, 00, 00, BA, 18, 00, 00, 00, E8, 52, 01, 00, 00, 40, F6, C6, 01, 74, 09, 48, 8D, 4B, F8, E8, 7D, F8, FF... 
[+]

Entropy:

6.0697

Code size:

15 KB (15,360 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Shield

Command:

"C:\Program Files\shield\shdtray.exe"

Scan ShdTray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.