» smbtray.exe
Overview
Analysis
File Details

smbtray.exe

TODO:

Compal Electronics, Inc.

The executable smbtray.exe, “TODO: <File description>” has been detected as malware by 7 anti-virus scanners.

File name:

smbtray.exe

Publisher:

Compal Electronics, Inc. (signed and verified)

Product:

TODO: <Product name>

Description:

TODO: <File description>

Version:

1.0.0.6

MD5:

d8e8a67fe2e9bcd45105323d32b51f2c

SHA-1:

9b1e15c9a5d97b4b973d497155ea82248903852b

SHA-256:

f3c177f686e43930d64933bd82ecb3ab1276c9054c04f4cdaffdf438feaa6bbd

Scanner detections:

7 / 68

Status:

Malware

Analysis date:

4/27/2024 3:41:27 AM UTC (today)

Scan engine

Detection

Engine version

avast!

Win32:Patched-HO [Trj]

160327-1

AVG

Win32/Slugin.A

2015.0.4565

Dr.Web

Trojan.MulDrop3.48024

9.0.1.05190

Emsisoft Anti-Malware

Win32.SlugIn.A.Dam

11.5.0.6191

F-Prot

W32/Slugin.A.gen!Eldorado (generic, damaged, not disinfectable)

4.6.5.141

Microsoft Security Essentials

Threat.Undefined

1.219.1269.0

Norman

Win32.SlugIn.A.Dam

02.04.2016 17:35:19

File size:

759.5 KB (777,747 bytes)

Product version:

1.0.0.6

Original file name:

SMBTrayVC2005.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\smbtray.exe

Digital Signature

Signed by:

Compal Electronics, Inc.

Authority:

VeriSign, Inc.

Valid from:

3/21/2007 7:00:00 AM

Valid to:

6/3/2008 6:59:59 AM

Subject:

CN="Compal Electronics, Inc.", OU=Software Application, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Compal Electronics, Inc.", L=Taipei, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

159217DBF09FE0E70B8FB10A6CA785FA

File PE Metadata

Compilation timestamp:

6/4/2007 4:25:38 PM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

12288:tN7yTJ5LGkqKfoFbhi8md7dT7nPyRING3izL4zkz:tNS5LBqKfoFbh47HNGwUkz

Entry address:

0x2EA50

Entry point:

48, 83, EC, 28, E8, 07, 87, 00, 00, 48, 83, C4, 28, E9, FE, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 48, 83, EC, 58, 48, 89, 6C, 24, 68, 48, 89, 7C, 24, 78, 49, 63, 78, 0C, 4C, 89, 64, 24, 50, 4C, 89, 6C, 24, 48, 4C, 89, 74, 24, 40, 4C, 89, 7C, 24, 38, 4C, 8B, F9, 49, 8B, C8, 4D, 8B, E1, 4D, 8B, F0, 4C, 8B, EA, E8, 26, 88, 00, 00, 85, FF, 4D, 8B, 17, 4D, 89, 14, 24, 8B, E8, 0F, 84, CE, 00, 00, 00, 48, 89, 74, 24, 70, 48, 8D, 0C, BF, 48, 89, 5C, 24, 60, 48, 8D, 34, 8D, EC, FF, FF... 
[+]

Entropy:

6.6912

Code size:

312 KB (319,488 bytes)

Remove smbtray.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.