home

xtray.exe

PEEPLEware xtray

PEEPLEware Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AirMovie Server Service’.
Publisher:
PEEPLEware  (signed by PEEPLEware Co., Ltd)

Product:
PEEPLEware xtray

Description:
xtray

Version:
3, 0, 1, 302

MD5:
1fa130b04d07184fb1016cf99f13ec71

SHA-1:
48b349b4d32c0aa70c9ee4409f8ac978922d1d67

SHA-256:
491d3005b5e35c73253c7eb25f0391d46475ad3a080ef183d758467bfc890e27

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 10:06:58 AM UTC  (today)

File size:
77.6 KB (79,432 bytes)

Product version:
3, 0, 0, 1

Copyright:
Copyright ⓒ 2012

Original file name:
xtray.exe

File type:
Executable application (Win32 EXE)

Language:
Korean (Korea)

Common path:
C:\Program Files\airmovie\xtray.exe

Digital Signature
Signed by:
PEEPLEware Co., Ltd

Authority:
Thawte, Inc.

Valid from:
7/12/2013 8:00:00 PM

Valid to:
9/11/2014 7:59:59 PM

Subject:
CN="PEEPLEware Co., Ltd", O="PEEPLEware Co., Ltd", L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5F2CD9FA01BA15C573869CD6F23A3F04

File PE Metadata
Compilation timestamp:
3/31/2014 3:43:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:KYdEL/qCK+j3NsRuAscNziV2NICr0SzbUGzfhc4jArJAs:FdwqqjSEGqzJYc44JAs

Entry address:
0x558C

Entry point:
55, 8B, EC, 6A, FF, 68, 18, D2, 40, 00, 68, A2, 57, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 6C, D0, 40, 00, 59, 83, 0D, 2C, 04, 41, 00, FF, 83, 0D, 30, 04, 41, 00, FF, FF, 15, 68, D0, 40, 00, 8B, 0D, 8C, 03, 41, 00, 89, 08, FF, 15, 74, D0, 40, 00, 8B, 0D, 88, 03, 41, 00, 89, 08, A1, 80, D0, 40, 00, 8B, 00, A3, 34, 04, 41, 00, E8, 54, 01, 00, 00, 39, 1D, 70, 01, 41, 00, 75, 0C, 68, 4E, 57, 40, 00, FF, 15...
 
[+]

Entropy:
5.6924

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AirMovie Server Service

Command:
C:\Program Files\airmovie\xtray.exe


Scan xtray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.