» clientgui.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

clientgui.exe

Trustware 101 Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BufferZone’. This is installed with BufferZone.

File name:

clientgui.exe

Publisher:

Trustware 101 Ltd. (signed and verified)

Description:

BufferZone GUI

Version:

3.42.0.2

MD5:

ff770455f9830f0797e7b3c0a8fdbb1e

SHA-1:

6c0451b05720384ed8d7da6f84e61a3ba237a77c

SHA-256:

49adfffa1e3555bbdb752b7f2fa5dd0770d7516cec4250bd99953c63c8c9727c

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/18/2024 4:05:04 PM UTC (today)

File size:

3.2 MB (3,330,368 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\bufferzone\clientgui.exe

Digital Signature

Signed by:

Trustware 101 Ltd.

Authority:

GlobalSign nv-sa

Valid from:

10/26/2010 2:00:42 PM

Valid to:

10/27/2011 2:00:40 PM

Subject:

CN=Trustware 101 Ltd., O=Trustware 101 Ltd., L=Tel Aviv, S=Israel, C=IL

Issuer:

CN=GlobalSign ObjectSign CA, OU=ObjectSign CA, O=GlobalSign nv-sa, C=BE

Serial number:

0100000000012BE8657318

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:M4YKGfAj7YLYw1LDp4Y6Kjpi7zDex0Yc+UnN9I6kT0tpRPul:i/9M7AdUnNG3KpR2l

Entry address:

0x4FB070

Entry point:

E9, A6, 00, 00, 00, 80, C9, 8F, 00, CC, 7A, 70, 00, 98, 73, 70, 00, 00, 00, 00, 00, 80, 31, 1C, 00, 32, B1, 8F, 00, 4E, 65, 6F, 4C, 69, 74, 65, 20, 45, 78, 65, 63, 75, 74, 61, 62, 6C, 65, 20, 46, 69, 6C, 65, 20, 43, 6F, 6D, 70, 72, 65, 73, 73, 6F, 72, 0D, 0A, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 63, 29, 20, 31, 39, 39, 38, 2C, 31, 39, 39, 39, 20, 4E, 65, 6F, 57, 6F, 72, 78, 20, 49, 6E, 63, 0D, 0A, 50, 6F, 72, 74, 69, 6F, 6E, 73, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 63, 29, 20, 31, 39, 39... 
[+]

Entropy:

7.3446

Packer / compiler:

NeoLite v2.0

Code size:

24.5 KB (25,088 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

BufferZone

Command:

"C:\Program Files\bufferzone\clientgui.exe" \startup

The file clientgui.exe has been discovered within the following programs.

BufferZone by Trustwave

Publisher's description - “BufferZone works by creating an isolated virtual environment where online apps and other potentially harmful sources can run completely separated from the corporate network and data, neutralizing even threats that seep through other security tiers.”

www.trustware.com

4% remove it

Scan clientgui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.