home

etactivator.exe

Web CEO Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘EmailTray Activator’.
Publisher:
Web CEO Ltd  (signed and verified)

MD5:
b936584fe5139f0e5b2bb40f4889404d

SHA-1:
c6fc85b0708c41cac686cd5e6236cfd23e612c59

SHA-256:
eeab14705da975169470e5409856d08f8e6e61ec14aa000637d762d98c0b4327

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/25/2024 7:48:07 AM UTC  (today)

File size:
508.5 KB (520,736 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\emailtray\bin\etactivator.exe

Digital Signature
Signed by:
Web CEO Ltd

Authority:
COMODO CA Limited

Valid from:
10/24/2014 1:00:00 AM

Valid to:
10/25/2015 12:59:59 AM

Subject:
CN=Web CEO Ltd, O=Web CEO Ltd, STREET=18 TOULOUSE DRIVE, L=WORCESTER, S=WORCESTER, PostalCode=WR5 2SA, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3B0D0AE1204B28BEA9D6BB4E2D1605E3

File PE Metadata
Compilation timestamp:
6/2/2015 9:00:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
6144:73TDOonLq/9ZEJsO7RoF/Wrj9HyN6LCYQERSQviyIF:73RG/96HCFNEf/IF

Entry address:
0x28680

Entry point:
55, 8B, EC, 81, C4, DC, FE, FF, FF, 53, 56, 57, 33, C0, 89, 45, EC, B8, 34, 7E, 42, 00, E8, 51, E2, FD, FF, 33, C0, 55, 68, 6C, 87, 42, 00, 64, FF, 30, 64, 89, 20, A1, E4, 9C, 42, 00, C7, 00, E8, 03, 00, 00, 33, C0, 55, 68, EF, 86, 42, 00, 64, FF, 30, 64, 89, 20, 6A, 01, 68, FF, 01, 00, 00, E8, 5A, E8, FD, FF, 68, 7C, 87, 42, 00, E8, D8, E7, FD, FF, E8, BB, F0, FF, FF, 8B, 15, E4, 9C, 42, 00, 89, 02, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 67, E9, 34, B8, FD, FF, 01, 00, 00, 00, E4, 71, 40, 00, 00, 87, 42, 00...
 
[+]

Entropy:
4.8920

Developed / compiled with:
Microsoft Visual C++

Code size:
158 KB (161,792 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
EmailTray Activator

Command:
"C:\Program Files\emailtray\bin\etactivator.exe" -autorun -allusers


Scan etactivator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.