home

ShdTray.exe

Reboot Restore Rx Pro

New Horizon DataSys Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Shield’.
Publisher:
Horizon Datasys, Inc.  (signed by New Horizon DataSys Inc.)

Product:
Reboot Restore Rx Pro

Description:
Shield Tray

Version:
10.6

MD5:
fa9d03d58254f1b06611251fa4382e30

SHA-1:
354d7a00f0953ca39dcfde750135b736c891ed84

SHA-256:
20874c3a44fb9ba4eeb85936bd53d7399b9824b458881212d48eabfaa8a0fd8d

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 11:43:23 AM UTC  (today)

File size:
61.4 KB (62,912 bytes)

Product version:
10.6

Copyright:
Copyright (C) Horizon Datasys, Inc. All rights reserved.

Original file name:
ShdTray.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\shield\shdtray.exe

Digital Signature
Signed by:
New Horizon DataSys Inc.

Authority:
VeriSign, Inc.

Valid from:
10/22/2015 2:00:00 AM

Valid to:
11/17/2017 12:59:59 AM

Subject:
CN=New Horizon DataSys Inc., O=New Horizon DataSys Inc., L=Vancouver, S=British Columbia, C=CA

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
584BB61B103E0C29C5C929CEED4F40CF

File PE Metadata
Compilation timestamp:
2/8/2017 6:02:24 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

Entry address:
0x38E6

Entry point:
E8, 8D, 04, 00, 00, E9, 37, FD, FF, FF, 3B, 0D, 28, 90, 40, 00, 75, 02, F3, C3, E9, 0F, 05, 00, 00, 8B, FF, 55, 8B, EC, F6, 45, 08, 02, 57, 8B, F9, 74, 25, 56, 68, 44, 3F, 40, 00, 8D, 77, FC, FF, 36, 6A, 0C, 57, E8, 45, 01, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 0E, F9, FF, FF, 59, 8B, C6, 5E, EB, 14, E8, 0D, 06, 00, 00, F6, 45, 08, 01, 74, 07, 57, E8, F7, F8, FF, FF, 59, 8B, C7, 5F, 5D, C2, 04, 00, 6A, 14, 68, 18, 6D, 40, 00, E8, 75, 03, 00, 00, FF, 35, 04, 9B, 40, 00, 8B, 35, 9C, 50, 40, 00, FF, D6, 59...
 
[+]

Code size:
13.5 KB (13,824 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Shield

Command:
"C:\Program Files\shield\shdtray.exe"


Scan ShdTray.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.