home

ShdTray.exe

Recovery Master Basic

Igloo systems Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Shield’.
Publisher:
Igloo Systems, INC.  (signed by Igloo systems Inc.)

Product:
Recovery Master Basic

Description:
Shield Tray

Version:
10.10

MD5:
dfd0071d9bfb423366f5600fef8e34db

SHA-1:
a2d207fcd7243ab7ed090c84fb25d5647ff462dc

SHA-256:
67e0f84098f1db19dc0f28fd45b2411d1cc20c2678be497ab00080bb79696649

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/16/2024 8:28:56 AM UTC  (today)

File size:
94.4 KB (96,688 bytes)

Product version:
10.10

Copyright:
Copyright (C) Igloo Systems, INC. All rights reserved.

Original file name:
ShdTray.exe

File type:
Executable application (Win64 EXE)

Common path:
C:\Program Files\shield\shdtray.exe

Digital Signature
Signed by:
Igloo systems Inc.

Authority:
VeriSign, Inc.

Valid from:
5/13/2016 9:00:00 AM

Valid to:
1/5/2017 8:59:59 AM

Subject:
CN=Igloo systems Inc., O=Igloo systems Inc., L=Namyangju-si, S=Gyeonggi-do, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
6E0AB58D99158D508E3DC581FEF196DD

File PE Metadata
Compilation timestamp:
6/6/2016 3:00:47 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x3AC4

Entry point:
48, 83, EC, 28, E8, D7, 03, 00, 00, 48, 83, C4, 28, E9, FA, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 39, 65, 00, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 49, 04, 00, 00, CC, 48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 8B, F2, 48, 8B, D9, F6, C2, 02, 74, 2A, 44, 8B, 41, F8, 4C, 8D, 0D, 8C, 05, 00, 00, BA, 18, 00, 00, 00, E8, 52, 01, 00, 00, 40, F6, C6, 01, 74, 09...
 
[+]

Entropy:
6.2040

Code size:
15 KB (15,360 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Shield

Command:
"C:\Program Files\shield\shdtray.exe"


Scan ShdTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.