home

xtray.exe

PEEPLEware xtray

PEEPLEware Co., Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘AirMovie Server Service’.
Publisher:
PEEPLEware  (signed by PEEPLEware Co., Ltd)

Product:
PEEPLEware xtray

Description:
xtray

Version:
3, 0, 0, 194

MD5:
a591ede68a6d1eafb689b172513ab5eb

SHA-1:
d8bfb24edc48ea6247d24bc054ef43fd1c8429ec

SHA-256:
ac88e81a9b91df7ac4c8fffc9d1f66768a9be25c3b8f211d5eb1773491782f35

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/7/2024 3:19:25 PM UTC  (today)

File size:
73.6 KB (75,368 bytes)

Product version:
3, 0, 0, 1

Copyright:
Copyright ⓒ 2012

Original file name:
xtray.exe

File type:
Executable application (Win32 EXE)

Language:
Korean

Common path:
C:\Program Files\airmovie\xtray.exe

Digital Signature
Signed by:
PEEPLEware Co., Ltd

Authority:
Thawte, Inc.

Valid from:
8/6/2012 8:00:00 PM

Valid to:
8/7/2013 7:59:59 PM

Subject:
CN="PEEPLEware Co., Ltd", O="PEEPLEware Co., Ltd", L=Gangnam-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
377FC61F6E9812D2A241D91747A636

File PE Metadata
Compilation timestamp:
8/4/2013 10:50:01 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
1536:PR15lAOWW+zItNpehOs24NBuD1OvAdiSKUEXLIv0UE4J:p1UOC8deM6uh1tKTXLIv/Eg

Entry address:
0x51CC

Entry point:
55, 8B, EC, 6A, FF, 68, E8, D1, 40, 00, 68, E2, 53, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 6C, D0, 40, 00, 59, 83, 0D, E4, FF, 40, 00, FF, 83, 0D, E8, FF, 40, 00, FF, FF, 15, 68, D0, 40, 00, 8B, 0D, 44, FF, 40, 00, 89, 08, FF, 15, 78, D0, 40, 00, 8B, 0D, 40, FF, 40, 00, 89, 08, A1, 80, D0, 40, 00, 8B, 00, A3, EC, FF, 40, 00, E8, 54, 01, 00, 00, 39, 1D, 30, FD, 40, 00, 75, 0C, 68, 8E, 53, 40, 00, FF, 15...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
48 KB (49,152 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
AirMovie Server Service

Command:
C:\Program Files\airmovie\xtray.exe


Scan xtray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.