Should I block it?
Yes, 98% block recommendation.
Possible reasons:
Multiple malware detections
Performance resource utilization
Relationships
Parent process
Child process
moontray.exe
| Version: | 1.0.0.0 |
| MD5: | 3794cfb335c5e894cb633d0669c7e686 |
| SHA1: | 0bccfdcd2f204c2d93e8a8c7be34666380b88c02 |
| SHA256: | f77fbbad13b38cb150e1ee824af294a6c5039dcca88f0d72d01b115081bddef0 |
Warning 4 antivirus scanners has detected malware.
What is moontray.exe?
moontray.exe is the process that runs in the notification area system tray. Moon Secure Antivirus is just a wrapper around the open source Clam Antivirus product. Moon Secure Antivirus is typically installed via a software bundle with various toolbars and such and distributed by Freeze.com via W3i's InstallIQ.
About moontray.exe (from the publisher)
“Moon Secure Antivirus aims to be the best Free Antivirus for Windows under GPL license. It offers multiple scan engines, Net shield, Firewall, On access, on Exec scanner and rootkits preventions plus ”
Details
| File name: | moontray.exe |
| Typical file path: | C:\Program Files\moon secure antivirus\moontray.exe |
| File version: | 1.0.0.0 |
| Size: | 1.61 MB (1,685,504 bytes) |
| Digital DNA |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following program will install this file
“Moon Secure AV is an opensource antivirus currently using the clamav engine due to fast response time and huge AV database, however we are implementing another engine that is heuristic and will allow users to customize the engine on the fly. Unlike clam it has an enterprise level real-time scanner. It is built for windows and will run on XP and vista. It can scan portable drives and fixed drives. It is able to detect viruses, Trojans an...”
Behaviors
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Moon Secure Antivirus' → C:\Program Files\Moon Secure Antivirus\MoonTray.exe
Malware detections
Based on 40+ industry antivirus scanners, 4 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Comodo Internet Security |
8025 |
Heur.Suspicious |
| K7 AntiVirus |
9.94.4145 |
Trojan |
| McAfee |
5.400.1158 |
Artemis!3794CFB335C5 |
| McAfee Gateway Anti-Malware |
v2010.1C-dat |
Artemis!3794CFB335C5 |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.25917244% | |
| Kernel CPU: | 0.13082825% | |
| User CPU: | 0.12834419% | |
| Kernel CPU time: | 6,435 ms/min | |
| Memory |
| Private memory: | 6.38 MB | |
| Private (maximum): | 11.12 MB | |
| Private (minimum): | 8.7 MB | |
| Non-paged memory: | 6.38 MB | |
| Virtual memory: | 99.31 MB | |
| Virtual memory (peak): | 115.97 MB | |
| Working set: | 8.74 MB | |
| Working set (peak): | 12.93 MB | |
| Resource allocations |
| Threads: | 9 | |
| Handles: | 206 | |
| GUI GDI count: | 230 | |
| GUI GDI peak: | 240 | |
| GUI USER count: | 120 | |
| GUI USER peak: | 125 | |
Process properties
Threads
Averages
| moontray.exe (main module) |
| Total CPU: | 0.26691831% | |
| Kernel CPU: | 0.18317456% | |
| User CPU: | 0.08374375% | |
| CPU cycles: | 11,434,440/sec | |
| Memory: | 1.64 MB | |
| sendori.dll (Sendori.dll by Sendori) |
| Total CPU: | 0.00994150% | |
| Kernel CPU: | 0.00662766% | |
| User CPU: | 0.00331383% | |
| CPU cycles: | 264,090/sec | |
| Memory: | 316 KB | |
Distribution by Windows OS
| OS version | distribution |
| Windows 7 Ultimate N |
60.00% |
|
| Windows 7 Enterprise |
40.00% |
|
Distribution by country
United States installs about 100.00% of moontray.exe.
