home

systemtray64.exe

SysTray Shortcut

Ahsay Systems Corporation Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘OBASystemTray’.
Publisher:
Ahsay Systems Corporation Ltd.  (signed and verified)

Product:
SysTray Shortcut

Version:
5, 0, 0, 0

MD5:
92fef816962859c56ee3b186c62e07c8

SHA-1:
ec01b9ddbdd21eb7fa17e079aeb29744bb4e06cb

SHA-256:
83d8c9757733af5177fc0d7e3d29ffd6863b0f42d4522c8e947b00a34cf56dff

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/2/2024 1:41:34 PM UTC  (today)

File size:
515.9 KB (528,296 bytes)

Product version:
5, 0, 0, 0

Copyright:
Copyright (C) 2006

Original file name:
SysTray.EXE

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\newangleacb\bin\systemtray64.exe

Digital Signature
Signed by:
Ahsay Systems Corporation Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/7/2009 1:00:00 AM

Valid to:
2/13/2011 12:59:59 AM

Subject:
CN=Ahsay Systems Corporation Ltd., OU=Product Development, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Ahsay Systems Corporation Ltd., L=Hong Kong, S=Hong Kong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
380625BA441E3DAC7CAE9BA9CF26AB26

File PE Metadata
Compilation timestamp:
2/16/2009 4:32:37 AM

OS version:
4.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:bnd0Hfnyxx+ME4pD9zMubGVqW72SEugFXil06A7ZJ2//O+ZOcmkqy2gEmQkUN:DGHfnyl1DmuqVZvsq0Biu+Au2OA

Entry address:
0x382D0

Entry point:
48, 83, EC, 28, E8, 67, 0F, 01, 00, 48, 83, C4, 28, E9, FE, FC, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 40, 53, 48, 83, EC, 60, 48, 8B, 05, 63, 6F, 02, 00, 48, 8B, DA, 48, 8D, 54, 24, 20, 48, 89, 02, 48, 8B, 05, 59, 6F, 02, 00, 48, 89, 42, 08, 48, 8B, 05, 56, 6F, 02, 00, 48, 89, 42, 10, 48, 8B, 05, 53, 6F, 02, 00, 48, 89, 42, 18, 48, 8B, 05, 50, 6F, 02, 00, 48, 89, 42, 20, 48, 8B, 05, 4D, 6F, 02, 00, 48, 89, 42, 28, 48, 8B, 05, 4A, 6F, 02, 00, 48, 89, 42, 30, 48, 8B, 05, 47, 6F, 02...
 
[+]

Code size:
336 KB (344,064 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
OBASystemTray

Command:
"C:\Program Files\newangleacb\bin\systemtray64.exe"


Scan systemtray64.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.