TWATray.exe

AhnLab MDS Agent

AhnLab, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘TrusWatcher Session’.
Scan TWATray.exe - Powered by Reason Core Security
Publisher:
AhnLab, Inc.  (signed and verified)

Product:
AhnLab MDS Agent

Description:
AhnLab MDS Agent Session

Version:
1, 0, 0, 60

MD5:
7ce99303e799eeac6dcbe10f26bf5f91

SHA-1:
265197c8383270d3df4a7ea0089439ae9f40063c

SHA-256:
5c310d42e7c0ca8b84b749a6b1351867ef710e5eb5061806a51e92a5f5873807

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/4/2016 1:07:56 AM UTC  (today)

File size:
567.7 KB (581,360 bytes)

Product version:
1, 0, 0, 1

Copyright:
Copyright (C), AhnLab, Inc. 1988-2012, All rights reserved.

Original file name:
TWATray.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\ahnlab\twa\twatray.exe

Digital Signature
Signed by:

Authority:
VeriSign, Inc.

Valid from:
1/31/2013 9:00:00 AM

Valid to:
2/1/2014 8:59:59 AM

Subject:
CN="AhnLab, Inc.", OU=Information System Team, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="AhnLab, Inc.", L=Seongnam, S=Gyeounggi, C=KR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
01314D40B7BDB8B21D0B0466BAEC8742

File PE Metadata
Compilation timestamp:
12/20/2013 3:47:05 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12288:LwSOALojvOjvuve7vTMzj22CMK+OeO+OeNhBBhhBBEhhT7OmNw5Ro7gw5hl7ceSr:kSOA9vuvovTMzJQg4hli+z6

Entry address:
0x4C20D

Entry point:
E8, 26, 05, 00, 00, E9, 37, FD, FF, FF, 3B, 0D, 58, 30, 47, 00, 75, 02, F3, C3, E9, A8, 05, 00, 00, 6A, 14, 68, 60, A9, 46, 00, E8, 5A, 04, 00, 00, FF, 35, 10, 92, 47, 00, 8B, 35, 08, 33, 45, 00, FF, D6, 59, 89, 45, E4, 83, F8, FF, 75, 0C, FF, 75, 08, FF, 15, 0C, 33, 45, 00, 59, EB, 67, 6A, 08, E8, 84, 06, 00, 00, 59, 83, 65, FC, 00, FF, 35, 10, 92, 47, 00, FF, D6, 89, 45, E4, FF, 35, 0C, 92, 47, 00, FF, D6, 59, 59, 89, 45, E0, 8D, 45, E0, 50, 8D, 45, E4, 50, FF, 75, 08, 8B, 35, 20, 33, 45, 00, FF, D6, 59...
 
[+]

Entropy:
6.3620

Code size:
325.5 KB (333,312 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
TrusWatcher Session

Command:
"C:\Program Files\ahnlab\twa\twatray.exe" \session


Scan TWATray.exe - Powered by Reason Core Security