Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

1.9.0040.0 80.00%
1.9.0040.0 20.00%
(Note, Microsoft Corporation publishes each variation of this file with the same version, but the hashes are unique.)

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
RegCloseKey, RegCreateKeyExW, RegSetValueExW, RegQueryValueExW, RegQueryValueExA, RegOpenKeyExA, RegNotifyChangeKeyValue, RegOpenKeyExW, RegEnumKeyW, RegDeleteValueW, RegQueryInfoKeyW, RegEnumValueW, CryptImportKey, RegEnumKeyExW, RegEnumKeyExA, GetCurrentHwProfileA, GetCurrentHwProfileW, RegEnumKeyA, CryptAcquireContextA, CryptCreateHash, CryptHashData, CryptDeriveKey, CryptDecrypt, CryptDestroyKey, CryptDestroyHash, CryptReleaseContext, OpenThreadToken, GetLengthSid, CopySid, LookupAccountNameW, OpenProcessToken, GetTokenInformation, RegCreateKeyExA, RegSetValueExA
comctl32.dll
InitCommonControlsEx
crypt32.dll
CryptProtectData, CryptUnprotectData, CertEnumCertificatesInStore, CertFindExtension, CryptExportPublicKeyInfo, CertVerifySubjectCertificateContext, CertFreeCertificateContext, CertGetIssuerCertificateFromStore, CertDuplicateCertificateContext, CertCreateCertificateContext, CertCloseStore, CertComparePublicKeyInfo, CertOpenStore
gdi32.dll
SelectObject, CreateCompatibleDC, CreateCompatibleBitmap, CreateFontIndirectW, GetObjectW, CreateDIBSection, BitBlt, SetTextColor, DeleteDC, CreateSolidBrush, SetBkMode, GetStockObject, DeleteObject, GetTextExtentExPointW
kernel32.dll
DllMain
ole32.dll
CLSIDFromProgID, CoCreateGuid, StringFromGUID2, CoSetProxyBlanket, CoFreeUnusedLibraries, CoCreateInstance, CoInitializeEx, CoUninitialize, IIDFromString
setupapi.dll
SetupDiGetDeviceRegistryPropertyW, SetupDiDestroyDeviceInfoList, SetupDiCreateDeviceInfoList, SetupDiGetClassDevsW, SetupDiGetClassDevsA, SetupDiGetDeviceRegistryPropertyA, SetupDiEnumDeviceInfo
shell32.dll
Shell_NotifyIconW, ShellExecuteA, ShellExecuteW, SHAppBarMessage
shlwapi.dll
SHDeleteValueW
user32.dll
PostMessageW, GetMenuItemID, DeleteMenu, GetMenuItemCount, CreateWindowExW, SetWindowLongW, LoadImageW, DestroyIcon, LoadStringW, RegisterWindowMessageW, ShowWindow, UpdateWindow, BroadcastSystemMessageA, wsprintfA, SetMenuDefaultItem, SetWindowPos, SetSysColors, SystemParametersInfoW, GetForegroundWindow, CopyRect, OffsetRect, GetDC, UpdateLayeredWindow, ReleaseDC, MapWindowPoints, InflateRect, SetRect, IsWindow, EndPaint, BeginPaint, SendMessageW, DestroyWindow, DrawTextW, GetFocus, DrawFocusRect, DrawIconEx, GetWindowTextLengthW, SetDlgItemTextW, SendDlgItemMessageW, GetClientRect, GetWindowTextW, GetSysColor, SetLayeredWindowAttributes, InvalidateRect, GetWindowRect, GetDlgItem, GetWindowLongW, EndDialog, GetDlgCtrlID, GetMessageW, TranslateMessage, DispatchMessageW, LoadIconW, LoadCursorW, RegisterClassExW, DefWindowProcW, PostQuitMessage, FindWindowW, IsWindowVisible, GetActiveWindow, DialogBoxParamW, CreateDialogParamW, GetDoubleClickTime, SetTimer, LoadMenuW, GetSubMenu, GetCursorPos, SetForegroundWindow, TrackPopupMenu, DestroyMenu, KillTimer, UnregisterClassA, SystemParametersInfoA, GetDesktopWindow, GetWindowLongA, GetParent, GetSystemMetrics, GetMonitorInfoA, GetClassNameW, SetWindowTextW, SendMessageA
version.dll
GetFileVersionInfoW, GetFileVersionInfoSizeW, VerQueryValueA
wininet.dll
InternetSetOptionA, InternetOpenA, InternetErrorDlg, InternetAutodial, InternetGetConnectedState, HttpQueryInfoA, HttpSendRequestA, InternetQueryOptionA, HttpOpenRequestA, InternetConnectA, InternetReadFile, InternetCloseHandle

WgaTray.exe

Microsoft Genuine Advantage by Microsoft Corporation (Signed)

Remove WgaTray.exe
Version:   1.9.0040.0
MD5:   f3175774b7f0173ce7ba0ece1b11f55a
SHA1:   7528acd3cf90fe6e885919a26d7485bc38999a60
SHA256:   9d692b0f283042a5029b0316effb0c96f77eb5d376518b7c833c16fc0dcbc00a

Overview

wgatray.exe executes as a process with the local user's privileges. It has been configured with a firewall exception which allows both inbound and outbound network communication without being blocked. The file is digitally signed by Microsoft Corporation.

DetailsDetails

File name:wgatray.exe
Publisher:Microsoft Corporation
Product name:Microsoft Genuine Advantage
Description:Windows Genuine Advantage Notifications
Typical file path:C:\Windows\System32\wgatray.exe
File version:1.9.0040.0
Size:946.88 KB (969,600 bytes)
Certificate
Issued to:Microsoft Corporation
Authority (CA):Microsoft Corporation
Effective date:Tuesday, January 20, 2009
Expiration date:Saturday, March 20, 2010
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Windows firewall allowed program
Exceptions allow programs to access to the Internet through an outbound connections
  • Firewall exception for 'C:\WINDOWS\system32\WgaTray.exe'

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
Memory
Private memory:4.3 MB
21.59 MB
Private (maximum):1.96 MB
Private (minimum):204 KB
Non-paged memory:4.3 MB
21.59 MB
Virtual memory:63.27 MB
140.96 MB
Virtual memory (peak):66.32 MB
169.69 MB
Working set:1.79 MB
18.61 MB
Working set (peak):10.92 MB
37.95 MB
Resource allocations
Threads:8
12
Handles:285
600
GUI GDI count:43
103
GUI USER count:28
49

BehaviorsProcess properties

Tray notification:Yes
Integrety level:Undefined
Platform:32-bit
Command line:"C:\Windows\System32\wgatray.exe"
Owner:User
Parent process:winlogon.exe (by Microsoft)

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 100.00%

Distribution by countryDistribution by country

Indonesia installs about 50.00% of Microsoft Genuine Advantage.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
Dell 100.00%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE