home

NEGui.EXE

NeExtender GUI client

SonicWALL, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SonicWALLNetExtender’. This is installed with SonicWALL SSL-VPN NetExtender.
Publisher:
SonicWALL Inc.  (signed by SonicWALL, Inc.)

Product:
NeExtender GUI client

Version:
2, 5, 74, 1

MD5:
ea3ade63f28bb08377f0f8cf504161dc

SHA-1:
f25cf63074a35006bbff4043b05c32c117f92661

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:10:50 PM UTC  (today)

File size:
549.4 KB (562,608 bytes)

Product version:
2, 5, 74, 1

Copyright:
Copyright (C) 2008 SonicWALL Inc.

Original file name:
NEGui.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sonicwall\ssl-vpn\netextender\negui.exe

Digital Signature
Signed by:
SonicWALL, Inc.

Authority:
Thawte Consulting (Pty) Ltd.

Valid from:
3/18/2007 7:00:00 PM

Valid to:
5/13/2009 6:59:59 PM

Subject:
CN="SonicWALL, Inc.", OU=SONICWALL ENGINEERING, O="SonicWALL, Inc.", L=Sunnyvale, S=California, C=US

Issuer:
CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:
45BE16C14EF4DDFC493496AF2A972D53

File PE Metadata
Compilation timestamp:
1/16/2008 7:04:02 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
6144:+9rRhmjxtfqnXqG3WzY5bawBqhhM+Q4mHlvreMF+Oko4E8M:+9lox9qnXqvzQ1qPxNmH9Hao4M

Entry address:
0x26933

Entry point:
55, 8B, EC, 6A, FF, 68, F0, 22, 45, 00, 68, B8, C7, 42, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 58, 53, 56, 57, 89, 65, E8, FF, 15, D8, D2, 44, 00, 33, D2, 8A, D4, 89, 15, 5C, 5E, 46, 00, 8B, C8, 81, E1, FF, 00, 00, 00, 89, 0D, 58, 5E, 46, 00, C1, E1, 08, 03, CA, 89, 0D, 54, 5E, 46, 00, C1, E8, 10, A3, 50, 5E, 46, 00, 6A, 01, E8, BF, 5D, 00, 00, 59, 85, C0, 75, 08, 6A, 1C, E8, C3, 00, 00, 00, 59, E8, F9, 2C, 00, 00, 85, C0, 75, 08, 6A, 10, E8, B2, 00, 00, 00, 59, 33, F6, 89, 75...
 
[+]

Entropy:
6.5014

Developed / compiled with:
Microsoft Visual C++ v6.0

Code size:
304 KB (311,296 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SonicWALLNetExtender

Command:
C:\Program Files\sonicwall\ssl-vpn\netextender\negui.exe -hidegui -clearreboot


The file NEGui.EXE has been discovered within the following program.

SonicWALL SSL-VPN NetExtender  by SonicWALL, Inc.
Publisher's description - “SonicWALL NetExtender is a transparent software application for Windows users that enables remote users to securely connect to the remote network. With NetExtender, remote users can securely run any application on the remote network.”
www.sonicwall.com
11% remove it
 
Powered by Should I Remove It?

Scan NEGui.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.