» clientgui.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

clientgui.exe

Trustware 101 Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BufferZone’. This is installed with BufferZone.

File name:

clientgui.exe

Publisher:

Trustware 101 Ltd. (signed and verified)

Description:

BufferZone GUI

Version:

3.41.0.14

MD5:

0fdb0b87b4e08de923c153941b043dce

SHA-1:

90ae545ee69a6fa67d49d754350b4667c7043575

SHA-256:

86baebfbf48eda09294674672785f387fcda69813caab5b466eaa207e8cae7ea

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 8:34:52 PM UTC (today)

File size:

3.2 MB (3,325,896 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\bufferzone\clientgui.exe

Digital Signature

Signed by:

Trustware 101 Ltd.

Authority:

The USERTRUST Network

Valid from:

1/4/2010 10:00:00 AM

Valid to:

1/5/2011 9:59:59 AM

Subject:

CN=Trustware 101 Ltd., O=Trustware 101 Ltd., STREET=2 Hanechoshet St., L=Tel Aviv, S=Israel, PostalCode=69710, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

008042A0D467722D4E8E13C7673F8B4D9A

File PE Metadata

Compilation timestamp:

6/20/1992 8:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:74YKGfAj7YLYw1LDp4YIKjpi7vuIvepeKfZmTk6kT+BDj:x/rM7dvepeMme+Nj

Entry address:

0x4FB070

Entry point:

E9, A6, 00, 00, 00, 80, C9, 8F, 00, CC, 7A, 70, 00, 98, 73, 70, 00, 00, 00, 00, 00, 80, 31, 1C, 00, 32, B1, 8F, 00, 4E, 65, 6F, 4C, 69, 74, 65, 20, 45, 78, 65, 63, 75, 74, 61, 62, 6C, 65, 20, 46, 69, 6C, 65, 20, 43, 6F, 6D, 70, 72, 65, 73, 73, 6F, 72, 0D, 0A, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 63, 29, 20, 31, 39, 39, 38, 2C, 31, 39, 39, 39, 20, 4E, 65, 6F, 57, 6F, 72, 78, 20, 49, 6E, 63, 0D, 0A, 50, 6F, 72, 74, 69, 6F, 6E, 73, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 63, 29, 20, 31, 39, 39... 
[+]

Entropy:

7.3435

Packer / compiler:

NeoLite v2.0

Code size:

24.5 KB (25,088 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

BufferZone

Command:

"C:\Program Files\bufferzone\clientgui.exe" \startup

The file clientgui.exe has been discovered within the following program.

BufferZone by Trustwave

Publisher's description - “BufferZone works by creating an isolated virtual environment where online apps and other potentially harmful sources can run completely separated from the corporate network and data, neutralizing even threats that seep through other security tiers.”

www.trustware.com

4% remove it

Scan clientgui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.