home

xtray.exe

PEEPLEware xtray

PEEPLEware Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AirMovie Server Service’.
Publisher:
PEEPLEware  (signed by PEEPLEware Co., Ltd)

Product:
PEEPLEware xtray

Description:
xtray

Version:
3, 0, 0, 224

MD5:
a07682fd2bcce5b32d3244f1d5f7a5a6

SHA-1:
7f8f966c0d9556a39a0f83dd210f1275a2d7d4fb

SHA-256:
6255c58d1064af88fc0ec83b3efda8f44b313001284f807a0df5ededf81cbcf4

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/10/2024 1:27:56 PM UTC  (today)

File size:
168 KB (172,072 bytes)

Product version:
3, 0, 0, 1

Copyright:
Copyright ⓒ 2012

Original file name:
xtray.exe

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\airmovie\xtray.exe

Digital Signature
Signed by:
PEEPLEware Co., Ltd

Authority:
Thawte, Inc.

Valid from:
7/13/2013 9:00:00 AM

Valid to:
9/12/2014 8:59:59 AM

Subject:
CN="PEEPLEware Co., Ltd", O="PEEPLEware Co., Ltd", L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
5F2CD9FA01BA15C573869CD6F23A3F04

File PE Metadata
Compilation timestamp:
10/5/2013 11:59:35 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:yPHwTMq17X6prQ6IKcRcKk0QYEM2Ux9vJuBHfQdm:yPHwb1LSjIdZx2UMB4o

Entry address:
0x7A22

Entry point:
E8, 2B, 5F, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 56, 8D, 45, 08, 50, 8B, F1, E8, 32, FB, FF, FF, C7, 06, F0, 23, 42, 00, 8B, C6, 5E, 5D, C2, 04, 00, C7, 01, F0, 23, 42, 00, E9, 76, FB, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, F0, 23, 42, 00, E8, 63, FB, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 89, F8, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08...
 
[+]

Entropy:
6.5217

Code size:
127 KB (130,048 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AirMovie Server Service

Command:
C:\Program Files\airmovie\xtray.exe


Scan xtray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.