home

ShdTray.exe

SCMATE BACKUP TOOLS

Igloo systems Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Shield’.
Publisher:
WAREMATE Co., LTD.  (signed by Igloo systems Inc.)

Product:
SCMATE BACKUP TOOLS

Description:
Shield Tray

Version:
10.10

MD5:
a01ea4778d05664417f441021a2474ff

SHA-1:
9492ff326d92a85e6d759710eb41e6f3fa3d8a23

SHA-256:
d08a61b10ace151ac2473c3e8aa882f33551c754e4837201794e1cc4422d1b33

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/16/2024 4:04:30 PM UTC  (today)

File size:
63.9 KB (65,456 bytes)

Product version:
10.10

Copyright:
Copyright (C) WAREMATE Co., LTD. All rights reserved.

Original file name:
ShdTray.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\scmmrxclient\shield\shdtray.exe

Digital Signature
Signed by:
Igloo systems Inc.

Authority:
VeriSign, Inc.

Valid from:
12/29/2016 9:00:00 AM

Valid to:
1/27/2018 8:59:59 AM

Subject:
CN=Igloo systems Inc., O=Igloo systems Inc., L=Namyangju-si, S=Gyeonggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
22917BED7F897D7F85CAFEF9C1026E2B

File PE Metadata
Compilation timestamp:
1/22/2017 1:58:38 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x3C66

Entry point:
E8, 8D, 04, 00, 00, E9, 37, FD, FF, FF, 3B, 0D, 28, 90, 40, 00, 75, 02, F3, C3, E9, 0F, 05, 00, 00, 8B, FF, 55, 8B, EC, F6, 45, 08, 02, 57, 8B, F9, 74, 25, 56, 68, C4, 42, 40, 00, 8D, 77, FC, FF, 36, 6A, 0C, 57, E8, 45, 01, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 0E, F9, FF, FF, 59, 8B, C6, 5E, EB, 14, E8, 0D, 06, 00, 00, F6, 45, 08, 01, 74, 07, 57, E8, F7, F8, FF, FF, 59, 8B, C7, 5F, 5D, C2, 04, 00, 6A, 14, 68, 30, 6F, 40, 00, E8, 75, 03, 00, 00, FF, 35, 30, 9B, 40, 00, 8B, 35, A0, 50, 40, 00, FF, D6, 59...
 
[+]

Entropy:
6.5944

Code size:
14.5 KB (14,848 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Shield

Command:
"C:\Program Files\scmmrxclient\shield\shdtray.exe"


Scan ShdTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.