» traydownloader.exe
Overview
Analysis
File Details
Network (1)

traydownloader.exe

Tray downloader

Elex do Brasil Participações Ltda

The application traydownloader.exe, “downloader component” by Elex do Brasil Participaçõesa has been detected as a potentially unwanted program by 3 anti-malware scanners. While running, it connects to the Internet address 75.126.134.24-static.reverse.softlayer.com on port 80 using the HTTP protocol.

File name:

traydownloader.exe

Publisher:

Woodtale Technology Inc. (signed by Elex do Brasil Participações Ltda)

Product:

Tray downloader

Description:

downloader component

Version:

1.0.161.8472

MD5:

360491fe9114a3c4c8cec455351426fb

SHA-1:

93508ec262d0e9dba7270c083e30d9d97f53a846

SHA-256:

07055d35d0693763bdb75ed0666ab7bf164c0b07b33306279368aaf2ee106b96

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 4:58:11 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.ElexdoBrasilParticipacoesa.O

14.5.23.14

Trend Micro House Call

TROJ_GEN.F47V0128

7.2.143

Vba32 AntiVirus

AdWare.D365

3.12.24.3

File size:

145.7 KB (149,160 bytes)

Product version:

1.0.161.8472

Original file name:

TrayDown.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\isafe\traydownloader.exe

Digital Signature

Signed by:

Elex do Brasil Participações Ltda

Authority:

GlobalSign nv-sa

Valid from:

9/24/2013 5:46:21 AM

Valid to:

8/17/2014 8:28:53 AM

Subject:

CN=Elex do Brasil Participações Ltda, O=Elex do Brasil Participações Ltda, L=Consolação, S=São Paulo, C=BR

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11215F51916F2BB9F54E82871FEA88CE8F5E

File PE Metadata

Compilation timestamp:

4/22/2014 6:09:05 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

1536:evM1zqOzBPTle16wMZgOihNb7hI5SljHPVxed4BHyaQFNSTJN8lyIh96LZ:evM1OOdrM15jzIcljHPVxedqQFN68kLZ

Entry address:

0x99D6

Entry point:

E8, A6, 05, 00, 00, E9, 4C, FE, FF, FF, FF, 25, 64, B1, 40, 00, FF, 25, 68, B1, 40, 00, CC, CC, CC, CC, 57, 56, 53, 33, FF, 8B, 44, 24, 14, 0B, C0, 7D, 14, 47, 8B, 54, 24, 10, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 14, 89, 54, 24, 10, 8B, 44, 24, 1C, 0B, C0, 7D, 14, 47, 8B, 54, 24, 18, F7, D8, F7, DA, 83, D8, 00, 89, 44, 24, 1C, 89, 54, 24, 18, 0B, C0, 75, 18, 8B, 4C, 24, 18, 8B, 44, 24, 14, 33, D2, F7, F1, 8B, D8, 8B, 44, 24, 10, F7, F1, 8B, D3, EB, 41, 8B, D8, 8B, 4C, 24, 18, 8B, 54, 24, 14, 8B, 44, 24... 
[+]

Code size:

39.5 KB (40,448 bytes)

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to 75.126.134.24-static.reverse.softlayer.com (75.126.134.24:80)

Remove traydownloader.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.