home

VProTray.exe

Symantec System Recovery 2013

Symantec Corporation

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Symantec System Recovery 2013’.
Publisher:
Symantec Corporation  (signed and verified)

Product:
Symantec System Recovery 2013

Description:
Tray Application

Version:
11.0.2.52448

MD5:
cefc8132b695fdbe3c8ff435c3c4e20b

SHA-1:
6644f8670ca13bc4f30a960b147f2e703f5a3881

SHA-256:
448120c0382c880325574769b37a40b134f79395e2669c353983ec7e7d952faa

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 9:44:18 AM UTC  (today)

File size:
4 MB (4,157,024 bytes)

Product version:
11.0

Copyright:
Copyright © 1994-2013 Symantec Corporation. All rights reserved.

Original file name:
VProTray.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\symantec\symantec system recovery\agent\vprotray.exe

Digital Signature
Signed by:
Symantec Corporation

Authority:
VeriSign, Inc.

Valid from:
8/12/2013 8:00:00 PM

Valid to:
8/14/2015 7:59:59 PM

Subject:
CN=Symantec Corporation, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Configuration Management, O=Symantec Corporation, L=Pune, S=Maharasthra, C=IN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4707F6AF640020FE753AC68C65B29939

File PE Metadata
Compilation timestamp:
6/10/2014 9:18:09 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x193FA4

Entry point:
48, 83, EC, 28, E8, 93, 0F, 01, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, E9, CB, 08, 00, 00, CC, CC, CC, E9, 9B, 10, 01, 00, CC, CC, CC, 48, 8D, 05, B1, B4, 17, 00, 48, 89, 01, E9, 1D, 10, 01, 00, CC, 48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8D, 05, 97, B4, 17, 00, 8B, DA, 48, 8B, F9, 48, 89, 01, E8, FE, 0F, 01, 00, F6, C3, 01, 74, 08, 48, 8B, CF, E8, B5, FF, FF, FF, 48, 8B, C7, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, C3, CC, CC, CC, E9, 1F, 12, 01, 00, CC, CC, CC, E9, 73, 11, 01, 00, CC, CC, CC...
 
[+]

Entropy:
5.6692

Code size:
2.7 MB (2,811,904 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Symantec System Recovery 2013

Command:
"C:\Program Files\symantec\symantec system recovery\agent\vprotray.exe"


herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.