Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

ddd21 33.33%
58ddf 33.33%
ea60f 33.33%
(Note, McAfee publishes each variation of this file with the same version, but the hashes are unique.)

Relationships

PE structurePE file structure
Show functions
Import table
advapi32.dll
RegOpenKeyExW, RegCloseKey, GetUserNameA, SetSecurityDescriptorDacl, GetSecurityDescriptorLength, MakeSelfRelativeSD, InitializeSecurityDescriptor, GetSecurityDescriptorOwner, GetSecurityDescriptorGroup, GetSecurityDescriptorDacl, GetSecurityDescriptorSacl, MakeAbsoluteSD, GetSecurityDescriptorControl, GetAclInformation, InitializeAcl, AddAce, RegNotifyChangeKeyValue, GetSidSubAuthority, InitializeSid, RegQueryValueExW, RegEnumKeyExW, RegCreateKeyExW, RegDeleteValueW, RegDeleteKeyW, RegSetValueExW, RegQueryInfoKeyW, RegQueryValueExA, CopySid, ConvertSidToStringSidW, GetLengthSid, IsValidSid, GetTokenInformation, OpenProcessToken, CheckTokenMembership, DuplicateToken, OpenThreadToken, ImpersonateSelf, RevertToSelf, ImpersonateNamedPipeClient, GetSidLengthRequired, RegEnumValueW
gdi32.dll
GetObjectW, DeleteDC, StretchBlt, SetDIBColorTable, DeleteObject, SelectObject, GetDIBColorTable, CreateDIBSection, CreateCompatibleDC
gdiplus.dll
GdipDrawImageI, GdipCreateBitmapFromFile, GdipCreateBitmapFromScan0, GdipBitmapLockBits, GdipBitmapUnlockBits, GdipCloneImage, GdipFree, GdiplusStartup, GdipAlloc, GdiplusShutdown, GdipGetImageGraphicsContext, GdipDeleteGraphics, GdipGetImageWidth, GdipGetImageHeight, GdipDisposeImage, GdipGetImagePaletteSize, GdipGetImagePalette, GdipGetImagePixelFormat
kernel32.dll
lstrcpyW, EnterCriticalSection, LeaveCriticalSection, SetLastError, lstrlenW, GetCurrentProcess, FlushInstructionCache, lstrcpynW, RaiseException, FindClose, lstrcpynA, InterlockedExchange, OpenEventW, GetEnvironmentVariableW, LoadLibraryExW, CreateMutexW, WaitForMultipleObjects, InterlockedIncrement, InterlockedDecrement, lstrcmpiW, SetEvent, lstrcmpiA, InitializeCriticalSection, SetEnvironmentVariableW, DeleteCriticalSection, GetModuleFileNameW, Sleep, GetThreadLocale, CreateProcessW, GetDateFormatW, HeapAlloc, GetProcessHeap, HeapFree, CreateEventA, LocalFree, lstrlenA, GetCurrentThread, CreateEventW, GetModuleFileNameA, FindNextFileW, FindFirstFileW, GetPrivateProfileSectionNamesW, GetPrivateProfileSectionW, GetUserDefaultLangID, GetSystemDefaultLCID, GetUserDefaultUILanguage, GetSystemDefaultUILanguage, EnumUILanguagesW, GetUserDefaultLCID, IsValidLocale, GetLocaleInfoW, ConvertDefaultLocale, GetFileAttributesW, OutputDebugStringA, FileTimeToDosDateTime, FileTimeToLocalFileTime, GetFileAttributesExA, DeleteFileW, MoveFileW, GetFileSizeEx, WriteFile, SetFilePointer, CreateFileW, FormatMessageA, GetComputerNameA, CreateWaitableTimerA, SetWaitableTimer, SystemTimeToFileTime, ResumeThread, TlsSetValue, ResetEvent, CreateMutexA, TlsGetValue, TlsFree, TlsAlloc, ReleaseMutex, GetSystemTimeAsFileTime, QueryPerformanceCounter, GetTickCount, SetUnhandledExceptionFilter, UnhandledExceptionFilter, TerminateProcess, GetStartupInfoW, VirtualAlloc, VirtualFree, IsProcessorFeaturePresent, InterlockedCompareExchange, GetLocaleInfoA, GetACP, HeapSize, HeapReAlloc, HeapDestroy, GetVersionExA, LoadLibraryA, LocalAlloc, OpenProcess, GetProcAddress, GetModuleHandleW, FreeLibrary, WaitForSingleObject, CloseHandle, GetVersionExW, LoadLibraryW, GetLastError, GetLocalTime, GetCurrentThreadId, FindResourceW, MultiByteToWideChar, CreateThread, WideCharToMultiByte, FindResourceExW, LoadResource, LockResource, SizeofResource, GetCurrentProcessId, GetFileInformationByHandle, IsDebuggerPresent
msimg32.dll
TransparentBlt, AlphaBlend
msvcp80.dll
DllMain
msvcr80.dll
DllMain
ole32.dll
CoImpersonateClient, CoRevertToSelf, CoDisconnectObject, CoRevokeClassObject, CoTaskMemAlloc, CoCreateInstance, CoUninitialize, CoInitialize, StringFromGUID2, CoGetClassObject, CoTaskMemRealloc, CoTaskMemFree, CoInitializeEx, CoInitializeSecurity, CoRegisterClassObject
shell32.dll
SHCreateDirectoryExW, Shell_NotifyIconW, ShellExecuteW
shfolder.dll
SHGetFolderPathW
shlwapi.dll
PathIsRelativeW, PathAppendW, PathRemoveFileSpecW, PathFindExtensionA, PathFindFileNameA, StrStrIW, PathFileExistsW, PathFindFileNameW, PathRenameExtensionW, PathStripPathW, PathIsDirectoryW
user32.dll
InvalidateRect, BringWindowToTop, GetSystemMetrics, DestroyIcon, SetTimer, KillTimer, LoadImageW, CreateWindowExW, PostQuitMessage, SetWindowLongW, SetFocus, ShowWindow, UnregisterClassA, GetClientRect, GetProcessWindowStation, GetUserObjectInformationA, SetMenuDefaultItem, InsertMenuW, TrackPopupMenu, SetProcessDefaultLayout, GetProcessDefaultLayout, SetForegroundWindow, GetMenuItemID, GetAsyncKeyState, MessageBoxW, LoadAcceleratorsW, LoadMenuW, wsprintfW, CharNextW, GetLastInputInfo, GetDoubleClickTime, GetCursorPos, RegisterWindowMessageW, EndPaint, BeginPaint, GetWindow, SystemParametersInfoW, GetParent, DestroyWindow, MsgWaitForMultipleObjects, DispatchMessageW, TranslateMessage, GetWindowRect, UpdateWindow, SetWindowPos, CreatePopupMenu, SendMessageW, DestroyMenu, RegisterClassExW, TrackPopupMenuEx, PostMessageW, CallWindowProcW, DefWindowProcW, AppendMenuW, GetMenuItemCount, GetClassInfoExW, RemoveMenu, LoadStringW, GetMenuItemInfoW, MessageBeep, MonitorFromPoint, GetMonitorInfoW, MapWindowPoints, PeekMessageW, PtInRect, GetWindowLongW, LoadCursorW, LoadStringA, IsWindow
userenv.dll
UnloadUserProfile

xtray.exe

By McAfee (Signed)

Remove xtray.exe
MD5:   ea60f7d0a145f503e862dd7bfa04cff7
SHA1:   2e03101838e4dc49116440a273f2f92e85daf9b8

Overview

xtray.exe executes as a process with the local user's privileges. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by McAfee which was issued by the VeriSign certificate authority (CA).

DetailsDetails

File name:xtray.exe
Typical file path:C:\Program Files\mcafee\managed virusscan\desktopui\xtray.exe
Size:470.03 KB (481,312 bytes)
Build date:1/30/2013 12:39 AM
Certificate
Issued to:McAfee
Authority (CA):VeriSign
Effective date:Wednesday, October 5, 2011
Expiration date:Tuesday, December 31, 2013
Digital DNA
PE subsystem:Windows GUI
File packed:No
Code language:Microsoft Visual C++ 8.0
.NET CLR:No
More details

BehaviorsBehaviors

Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'MVS Splash' → "C:\Program Files\McAfee\Managed VirusScan\DesktopUI\XTray.exe"

ResourcesResource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
 
CPU
Total CPU:0.00004124%
0.028634%
Kernel CPU:0.00002000%
0.013761%
User CPU:0.00002123%
0.014873%
Kernel CPU time:765,625 ms/min
100,923,805ms/min
Memory
Private memory:3.3 MB
21.59 MB
Private (maximum):8.99 MB
Private (minimum):8.59 MB
Non-paged memory:3.3 MB
21.59 MB
Virtual memory:124.88 MB
140.96 MB
Virtual memory (peak):131.48 MB
169.69 MB
Working set:8.74 MB
18.61 MB
Working set (peak):9.58 MB
37.95 MB
Resource allocations
Threads:4
12
Handles:204
600
GUI GDI count:83
103
GUI GDI peak:87
142
GUI USER count:36
49
GUI USER peak:43
71

BehaviorsProcess properties

Integrety level:Medium
Platform:64-bit
Command line:"C:\Program Files\mcafee\managed virusscan\desktopui\xtray.exe"
Owner:User

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Windows 8 33.33%
Windows Vista Ultimate 33.33%
Windows 7 Professional 33.33%

Distribution by countryDistribution by country

Spain installs about 33.33% of xtray.exe.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 50.00%
Intel 50.00%
Back to top
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE