nvtray.exe

Local Session Manager Service

SELCUK GUNDOGDU

While the file properties state the file is developed by 'Microsoft Corporation', this is not the case and it is designed just to look like a legitimate Microsoft system file. The executable nvtray.exe, “Local Session Manager Service” has been detected as malware by 1 anti-virus scanner.
Publisher:
Microsoft Corporation  (signed by SELCUK GUNDOGDU)

Product:
Microsoft® Windows® Operating System

Description:
Local Session Manager Service

Version:
6.1.7601.17514

MD5:
7d0ca43847c27f15f059fad0833c80a1

SHA-1:
15e970e8387da68bbb98bd1ba8ff0f54842675a4

SHA-256:
c0d3abda3d7526013cba0fb771286c1d93db5d8ca4ea813fd96721a16440a344

Scanner detections:
1 / 68

Status:
Malware

Analysis date:
11/27/2024 5:31:13 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP (M)
16.12.1.20

File size:
40.2 KB (41,184 bytes)

Product version:
6.1.7601.17514

Copyright:
© Microsoft Corporation. All rights reserved.

Original file name:
LM.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\ProgramData\nvtray.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
3/13/2015 2:00:00 AM

Valid to:
3/13/2016 1:59:59 AM

Subject:
CN=SELCUK GUNDOGDU, O=SELCUK GUNDOGDU, STREET=Esentepe mah dergiler sok no 25 deal plaza, L=ISTANBUL, S=SISLI, PostalCode=34394, C=TR

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00C33187FE848A65E8484EA492CB2CBB18

File PE Metadata
Compilation timestamp:
3/19/2015 1:32:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
768:kj+yFUZLuuyGHZkiC4u/3xXC7uyrZETwRisiLfnoVIZyhYuOh:3WAyGESnGwRi/foVIEhHm

Entry address:
0xA3DE

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 10, 00, 00, 00, 18, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 01, 00, 00, 00, 30, 00, 00, 80, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, 00, 00, 48, 00, 00, 00, 58, C0, 00, 00, 00, 04, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 04, 34, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
33 KB (33,792 bytes)

Remove nvtray.exe - Powered by Reason Core Security