» clientgui.exe
Overview
Analysis
File Details
Behaviors (1)

clientgui.exe

Trustware 101 Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘BufferZone’.

File name:

clientgui.exe

Publisher:

Trustware 101 Ltd. (signed and verified)

Description:

BufferZone GUI

Version:

3.40.0.86

MD5:

c019ed402bf1a433df99a103932f52ae

SHA-1:

918ad1d7b6b8808c9e71d2563addd88be5445a68

SHA-256:

62ffee6ed8f49420920e32f790f3957e13609b8602bd205822dcdeafab7dded4

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/26/2024 10:25:41 AM UTC (today)

File size:

3.4 MB (3,587,080 bytes)

Product version:

1.0.0.0

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Digital Signature

Signed by:

Trustware 101 Ltd.

Authority:

The USERTRUST Network

Valid from:

1/4/2010 7:00:00 AM

Valid to:

1/5/2011 6:59:59 AM

Subject:

CN=Trustware 101 Ltd., O=Trustware 101 Ltd., STREET=2 Hanechoshet St., L=Tel Aviv, S=Israel, PostalCode=69710, C=IL

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

008042A0D467722D4E8E13C7673F8B4D9A

File PE Metadata

Compilation timestamp:

6/20/1992 5:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:vBpyYK9fijzYLYw1LDp4YLlhNoEX2RNriOesI4mMOrbvLoOnkn6c6z:uthlhN92biOZI4LOrbvLJkn6c6z

Entry address:

0x53B070

Entry point:

E9, A6, 00, 00, 00, 80, C9, 93, 00, CC, 8A, 70, 00, 98, 83, 70, 00, 00, 00, 00, 00, 80, 29, 20, 00, 32, B1, 93, 00, 4E, 65, 6F, 4C, 69, 74, 65, 20, 45, 78, 65, 63, 75, 74, 61, 62, 6C, 65, 20, 46, 69, 6C, 65, 20, 43, 6F, 6D, 70, 72, 65, 73, 73, 6F, 72, 0D, 0A, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 63, 29, 20, 31, 39, 39, 38, 2C, 31, 39, 39, 39, 20, 4E, 65, 6F, 57, 6F, 72, 78, 20, 49, 6E, 63, 0D, 0A, 50, 6F, 72, 74, 69, 6F, 6E, 73, 20, 43, 6F, 70, 79, 72, 69, 67, 68, 74, 20, 28, 63, 29, 20, 31, 39, 39... 
[+]

Entropy:

7.3926

Packer / compiler:

NeoLite v2.0

Code size:

24.5 KB (25,088 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

BufferZone

Command:

"C:\buffer\clientgui.exe" \startup

Scan clientgui.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.