» traybar.exe
Overview
Analysis
File Details
Behaviors (1)

traybar.exe

Chicony traybar

Chicony Electronics Co., Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Camera Assistant Software’.

File name:

traybar.exe

Publisher:

Chicony (signed by Chicony Electronics Co., Ltd.)

Product:

Chicony traybar

Description:

traybar

Version:

1, 7, 64, 918

MD5:

15663597b41fa63fc85cc320d7819038

SHA-1:

c18149bc0e59685eaf9020c01fe5353c6126a314

SHA-256:

9be94edd6d20f593c0b6bd8d9e8e63832f118468537e6e00442ae028795f6e45

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 11:25:30 AM UTC (today)

File size:

586.5 KB (600,624 bytes)

Product version:

1, 7, 64, 918

Original file name:

traybar.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\video web camera\traybar.exe

Digital Signature

Signed by:

Chicony Electronics Co., Ltd.

Authority:

VeriSign, Inc.

Valid from:

9/20/2006 2:00:00 AM

Valid to:

9/20/2009 1:59:59 AM

Subject:

CN="Chicony Electronics Co., Ltd.", OU=Keyboard, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Chicony Electronics Co., Ltd.", L=Taipei, S=Taiwan, C=TW

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

4E0C01F64102A70AEE56EEF41B4D6A91

File PE Metadata

Compilation timestamp:

9/18/2009 5:32:14 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

6144:1+ZzMGWLE/gxx12ouGWLE/gxx12OKlFOxuOlI:1Znj23nj2OKl

Entry address:

0x57B6

Entry point:

55, 8B, EC, 6A, FF, 68, 18, 62, 40, 00, 68, 36, 59, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, FF, 15, E8, 60, 40, 00, 59, 83, 0D, 50, A2, 40, 00, FF, 83, 0D, 54, A2, 40, 00, FF, FF, 15, E4, 60, 40, 00, 8B, 0D, 4C, A2, 40, 00, 89, 08, FF, 15, 00, 61, 40, 00, 8B, 0D, 48, A2, 40, 00, 89, 08, A1, E0, 60, 40, 00, 8B, 00, A3, 58, A2, 40, 00, E8, 10, 01, 00, 00, 39, 1D, 30, 73, 40, 00, 75, 0C, 68, 32, 59, 40, 00, FF, 15, DC, 60... 
[+]

Developed / compiled with:

Microsoft Visual C++ v6.0

Code size:

20 KB (20,480 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Camera Assistant Software

Command:

"C:\Program Files\video web camera\traybar.exe"

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.