home

firewallgui.exe

PC Tools Firewall Plus

PC Tools

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘00PCTFW’.
Publisher:
PC Tools  (signed and verified)

Product:
PC Tools Firewall Plus

Description:
PC Tools Firewall GUI

Version:
2, 0, 0, 25

MD5:
b6a85fac761ad1ec173b8d22dc4c32b9

SHA-1:
fe247ab12b07ae98bc3cdefb3b8b0e961dbc912b

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/18/2024 3:35:58 PM UTC  (today)

File size:
2.5 MB (2,610,744 bytes)

Product version:
2, 0, 0, 0

Copyright:
Copyright (C) 2007

Original file name:
Firewall.exe

File type:
Executable application (Win32 EXE)

Language:
English (Australia)

Common path:
C:\Program Files\pc tools firewall plus\firewallgui.exe

Digital Signature
Signed by:
PC Tools

Authority:
VeriSign, Inc.

Valid from:
8/17/2006 2:00:00 AM

Valid to:
8/17/2009 1:59:59 AM

Subject:
CN=PC Tools, OU=Software, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=PC Tools, L=Melbourne, S=Victoria, C=AU

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0DBD834441EB5DA04C0C3A88C3BD42FC

File PE Metadata
Compilation timestamp:
4/27/2007 8:15:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
83.82

CTPH (ssdeep):
24576:5PPbJgvpZ5FwrALkDOU9MS1FW+6riiTjgWuc7TRw/gmmAAuncGGkN++C:5Lm/tdcM4WrngWucfRO12

Entry address:
0x11DBB3

Entry point:
55, 8B, EC, 6A, FF, 68, B8, 7F, 54, 00, 68, F0, D8, 51, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, 8C, 21, 54, 00, 33, D2, 8A, D4, 89, 15, D0, 96, 54, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, CC, 96, 54, 00, C1, E1, 08, 03, CA, 89, 0D, C8, 96, 54, 00, C1, E8, 10, A3, C4, 96, 54, 00, 33, F6, 56, E8, 78, 16, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, B0, 00, 00, 00, 59, 89, 75, FC, E8, 43, 13, 00, 00, FF, 15, 90, 20, 54, 00, A3, C4, AC, 54, 00, E8...
 
[+]

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
316 KB (323,584 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
00PCTFW

Command:
"C:\Program Files\pc tools firewall plus\firewallgui.exe" -s


Scan firewallgui.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.