» systemtray64.exe
Overview
Analysis
File Details
Behaviors (1)

systemtray64.exe

SysTray Shortcut

Les Solutions Backup En Ligne

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OBSystemTray’.

File name:

systemtray64.exe

Publisher:

Les Solutions Backup En Ligne (signed and verified)

Product:

SysTray Shortcut

Version:

5, 0, 0, 0

MD5:

a999d74388bf3a5a5dcd071b8ccd0a59

SHA-1:

71bb7d0a3e791f5d7510b297bd406d723bbbfa94

SHA-256:

af30667fc4c0b7826ee501d406a63bfad4dd70f16b5ba90759d18fc0feec91d3

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

5/2/2024 5:10:58 PM UTC (today)

File size:

510.9 KB (523,176 bytes)

Product version:

5, 0, 0, 0

Original file name:

SysTray.EXE

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\it cloud solutions\bin\systemtray64.exe

Digital Signature

Signed by:

Les Solutions Backup En Ligne

Authority:

VeriSign, Inc.

Valid from:

2/24/2014 7:00:00 PM

Valid to:

3/27/2015 7:59:59 PM

Subject:

CN=Les Solutions Backup En Ligne, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Les Solutions Backup En Ligne, L=Trois-Rivieres, S=Quebec, C=CA

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

081450461D2506ED576CAC7AFA7B38FE

File PE Metadata

Compilation timestamp:

10/28/2014 5:27:55 AM

OS version:

4.0

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:ZPnAsDlXjxd2ZsmaPALrCy/qKpSX6xCvQSfKTMGUk+FIm4ZO+hMF2TgLWm:1lDlXjxd4aIH/qEGfElm4kF2TXm

Entry address:

0x37F30

Entry point:

48, 83, EC, 28, E8, 67, 0C, 01, 00, 48, 83, C4, 28, E9, FE, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 60, 48, 8B, 05, C3, 68, 02, 00, 48, 8B, DA, 48, 8D, 54, 24, 20, 48, 89, 02, 48, 8B, 05, B9, 68, 02, 00, 48, 89, 42, 08, 48, 8B, 05, B6, 68, 02, 00, 48, 89, 42, 10, 48, 8B, 05, B3, 68, 02, 00, 48, 89, 42, 18, 48, 8B, 05, B0, 68, 02, 00, 48, 89, 42, 20, 48, 8B, 05, AD, 68, 02, 00, 48, 89, 42, 28, 48, 8B, 05, AA, 68, 02, 00, 48, 89, 42, 30, 48, 8B, 05, A7, 68, 02... 
[+]

Code size:

334.5 KB (342,528 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

OBSystemTray

Command:

"C:\Program Files\it cloud solutions\bin\systemtray64.exe"

Scan systemtray64.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.