home

systemtray64.exe

SysTray Shortcut

Ahsay Systems Corporation Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OBASystemTray’.
Publisher:
Ahsay Systems Corporation Ltd.  (signed and verified)

Product:
SysTray Shortcut

Version:
5, 0, 0, 0

MD5:
9d3ad112bf8aa55ac3f86b291a409532

SHA-1:
65079764c7bedab9923b51fa5d645ae532d49115

SHA-256:
f8285f42f3ed67cc7a8dd47fda70d719b0c4ed23193e05ca37f0e880589567cd

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 9:49:44 AM UTC  (today)

File size:
508.5 KB (520,680 bytes)

Product version:
5, 0, 0, 0

Copyright:
Copyright (C) 2006

Original file name:
SysTray.EXE

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ahsayacb\bin\systemtray64.exe

Digital Signature
Signed by:
Ahsay Systems Corporation Ltd.

Authority:
VeriSign, Inc.

Valid from:
12/9/2010 1:00:00 AM

Valid to:
2/12/2014 12:59:59 AM

Subject:
CN=Ahsay Systems Corporation Ltd., OU=Product Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ahsay Systems Corporation Ltd., L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
360D8A8DDFCA3EA9A2EDD39C727E1DF4

File PE Metadata
Compilation timestamp:
3/25/2013 10:59:51 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:lfSxg54vIi12jFydQ0uV4mTKyJibq4AJ9mlWBOlR/WgZORAy6jgDp:8xg54vIrydd64CjGJ/WgDjC

Entry address:
0x37680

Entry point:
48, 83, EC, 28, E8, 17, 0D, 01, 00, 48, 83, C4, 28, E9, FE, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 60, 48, 8B, 05, A3, 70, 02, 00, 48, 8B, DA, 48, 8D, 54, 24, 20, 48, 89, 02, 48, 8B, 05, 99, 70, 02, 00, 48, 89, 42, 08, 48, 8B, 05, 96, 70, 02, 00, 48, 89, 42, 10, 48, 8B, 05, 93, 70, 02, 00, 48, 89, 42, 18, 48, 8B, 05, 90, 70, 02, 00, 48, 89, 42, 20, 48, 8B, 05, 8D, 70, 02, 00, 48, 89, 42, 28, 48, 8B, 05, 8A, 70, 02, 00, 48, 89, 42, 30, 48, 8B, 05, 87, 70, 02...
 
[+]

Code size:
332.5 KB (340,480 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OBASystemTray

Command:
"C:\Program Files\ahsayacb\bin\systemtray64.exe"


Scan systemtray64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.