» ShdTray.exe
Overview
Analysis
File Details
Behaviors (1)

ShdTray.exe

Easy Repair PC

EAZ SOLUTION, INC.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Shield’.

File name:

ShdTray.exe

Publisher:

inet computer. (signed by EAZ SOLUTION, INC.)

Product:

Easy Repair PC

Description:

Shield Tray

Version:

10.0

MD5:

f5073d401f738042e5dc74f1a75bb47a

SHA-1:

12ae80c593668b3fffd76abb0ed2890bcbe515c5

SHA-256:

d59f2b229171f8be78adc19fbb6de13936c49fc2180a6915246e472b58735d8a

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 5:46:29 PM UTC (today)

File size:

86.5 KB (88,608 bytes)

Product version:

10.0

Original file name:

ShdTray.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\shield\shdtray.exe

Digital Signature

Signed by:

EAZ SOLUTION, INC.

Authority:

VeriSign, Inc.

Valid from:

12/1/2011 5:30:00 AM

Valid to:

12/12/2013 5:29:59 AM

Subject:

CN="EAZ SOLUTION, INC.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="EAZ SOLUTION, INC.", L=Richardson, S=Texas, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

67993FAE7BB348467585BFAFE14FE2B9

File PE Metadata

Compilation timestamp:

10/12/2013 10:23:19 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

1536:iRe0LiBO1io5o2dLF9bYIuqr0MdYZL10oORB:iU0LiBO1io5o2dLLYIuAex10HRB

Entry address:

0x398C

Entry point:

48, 83, EC, 28, E8, CF, 03, 00, 00, 48, 83, C4, 28, E9, F6, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 79, 66, 00, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 49, 04, 00, 00, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 8B, F2, 48, 8B, D9, F6, C2, 02, 74, 2A, 44, 8B, 41, F8, 4C, 8D, 0D, 8C, 05, 00, 00, BA, 18, 00, 00, 00, E8, 52, 01, 00, 00, 40, F6, C6, 01, 74, 09, 48, 8D, 4B, F8, E8, 7D, F8, FF... 
[+]

Entropy:

5.8522

Code size:

15 KB (15,360 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Shield

Command:

"C:\Program Files\shield\shdtray.exe"

Scan ShdTray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.