home

cssauthe.exe

Client Security Solution

Lenovo Group Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘cssauthe’.
Publisher:
Lenovo Group Limited  (signed and verified)

Product:
Client Security Solution

Description:
cssauthe

Version:
6.01.0045.00

MD5:
cdfea7a02e25cca2a1039792d243c871

SHA-1:
404903c59a23e8b3fcb8bebb6acdeef82295acc6

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 2:20:47 PM UTC  (today)

File size:
1.9 MB (1,992,240 bytes)

Product version:
6.01.0045.00

Copyright:
Copyright (C) Lenovo Group Ltd. 2005 All Rights Reserved

Original file name:
cssauthe.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\ibm thinkvantage\client security solution\cssauthe.exe

Digital Signature
Signed by:
Lenovo Group Limited

Authority:
VeriSign, Inc.

Valid from:
4/19/2005 2:00:00 AM

Valid to:
4/20/2006 1:59:59 AM

Subject:
CN=Lenovo Group Limited, OU=Lenovo Transition RTP 05, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Lenovo Group Limited, L=Quarry Bay, S=Hong Kong, C=HK

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
45F28FE53CF4FD43DEC291F1BA55CC39

File PE Metadata
Compilation timestamp:
2/28/2006 9:48:25 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
7.10

CTPH (ssdeep):
49152:xHkIYx02kcA0SrJXoOkwEs83zDtugOvazch4VUkeCRt0:xHkVx02kcA0WJXZkwKu3SghlII

Entry address:
0xD1B22

Entry point:
6A, 60, 68, 58, 6B, 58, 00, E8, DA, 2A, 00, 00, BF, 94, 00, 00, 00, 8B, C7, E8, B6, 0E, 00, 00, 89, 65, E8, 8B, F4, 89, 3E, 56, FF, 15, 8C, A4, 56, 00, 8B, 4E, 10, 89, 0D, 1C, 1D, 5E, 00, 8B, 46, 04, A3, 28, 1D, 5E, 00, 8B, 56, 08, 89, 15, 2C, 1D, 5E, 00, 8B, 76, 0C, 81, E6, FF, 7F, 00, 00, 89, 35, 20, 1D, 5E, 00, 83, F9, 02, 74, 0C, 81, CE, 00, 80, 00, 00, 89, 35, 20, 1D, 5E, 00, C1, E0, 08, 03, C2, A3, 24, 1D, 5E, 00, 33, F6, 56, 8B, 3D, CC, A4, 56, 00, FF, D7, 66, 81, 38, 4D, 5A, 75, 1F, 8B, 48, 3C, 03...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v7.0

Code size:
1.4 MB (1,478,656 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
cssauthe

Command:
"C:\Program Files\ibm thinkvantage\client security solution\cssauthe.exe" silent


Scan cssauthe.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.