home

sttray.exe

IDT PC Audio

IDT, Inc.

The executable sttray.exe has been detected as malware by 13 anti-virus scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SysTrayApp’. According to the AV engines that detect this, it is a detection for a file infected by members of the Win32/Ramnit malware family and may drop and load other malware.
Publisher:
IDT, Inc.

Product:
IDT PC Audio

Version:
1.0.6466.0

MD5:
2be7142043f91eeb065c9166483b4cc0

SHA-1:
725bdf1697f367657dc549088f0b8a3fe33a4ae0

SHA-256:
f852179bc2483e073296f7adf417f41a99d65b7ca8ded1c38a18dfd70ef3f5d6

Scanner detections:
13 / 68

Status:
File is infected by a Virus

Explanation:
The file is infected by a polymorphic file infector virus.

Analysis date:
5/6/2024 4:27:30 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:RmnDrp
160203-1

Boost by Reason
Optional.IDT.Startup
188838

Dr.Web
Win32.Rmnet.12
9.0.1.05190

Emsisoft Anti-Malware
Win32.Ramnit.N
10.0.0.5366

ESET NOD32
Win32/Ramnit.H virus
7.0.302.0

F-Prot
W32/Ramnit.E
4.6.5.141

F-Secure
Win32.Ramnit.N
5.15.21

Kaspersky
Virus.Win32.Nimnul
15.0.0.562

McAfee
Virus.W32/Virut.n.gen
18.0.204.0

Microsoft Security Essentials
Threat.Undefined
1.213.5352.0

Norman
Win32.Ramnit.N
03.02.2016 07:38:05

Sophos
Virus 'W32/Ramnit-A'
5.23

VIPRE Antivirus
Threat.4732184
46968

File size:
2 MB (2,064,819 bytes)

Product version:
1.0.6466.0

Copyright:
Copyright © 2004 - 2009 IDT, Inc.

Trademarks:
IDT PC Audio

Original file name:
sttray.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\idt\wdm\sttray.exe

File PE Metadata
Compilation timestamp:
11/22/2007 1:35:02 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
49152:96hDDB/rQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQQeQQQQQQQQQQQQQQp:96VBTQQQQQQQQQQQQQQQQQQQQQQQQQQ+

Entry address:
0x1A9000

Entry point:
60, E8, 00, 00, 00, 00, 5D, 8B, C5, 81, ED, A8, A6, 01, 20, 2B, 85, 0F, AE, 01, 20, 89, 85, 0B, AE, 01, 20, B0, 00, 86, 85, 40, B0, 01, 20, 3C, 01, 0F, 85, BC, 01, 00, 00, 83, BD, 3B, AF, 01, 20, 00, 74, 33, 83, BD, 3F, AF, 01, 20, 00, 74, 2A, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3B, AF, 01, 20, 8B, 00, 89, 85, 78, AF, 01, 20, 8B, 85, 0B, AE, 01, 20, 2B, 85, 3F, AF, 01, 20, 8B, 00, 89, 85, 7C, AF, 01, 20, EB, 61, 83, BD, 43, AF, 01, 20, 00, 74, 58, 8B, 85, 0B, AE, 01, 20, 2B, 85, 43, AF, 01, 20, FF, 30, 8D, 85...
 
[+]

Entropy:
5.8495

Packer / compiler:
ASPack v1.08.04

Code size:
108 KB (110,592 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SysTrayApp

Command:
C:\Program Files\idt\wdm\sttray.exe


Remove sttray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.