home

PCClient.exe

Policy Central Enterprise

Forensic Software Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PCE Client’.
Publisher:
Forensic Software Ltd  (signed by Forensic Software Limited)

Product:
Policy Central Enterprise

Description:
PCClient

Version:
4, 0, 2, 1

MD5:
8fbe15cbf908695e8c2e94c57a3f22f0

SHA-1:
004745c9d6e3c8789cd65dd23ba4b0a5b27ccf7f

SHA-256:
9c023609f635de5925ff6ed661e108a6a997e442cd632c08fe693bc3990fe3f2

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
5/5/2024 8:11:05 PM UTC  (today)

File size:
1.9 MB (1,963,400 bytes)

Product version:
4, 0, 2, 1

Copyright:
Forensic Software Ltd © 2010

Original file name:
PCClient.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pcent\pcclient.exe

Digital Signature
Signed by:
Forensic Software Limited

Authority:
VeriSign, Inc.

Valid from:
10/1/2010 1:00:00 AM

Valid to:
10/2/2011 12:59:59 AM

Subject:
CN=Forensic Software Limited, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Forensic Software Limited, L=Send, S=Surrey, C=GB

Issuer:
CN=VeriSign Class 3 Code Signing 2009-2 CA, OU=Terms of use at https://www.verisign.com/rpa (c)09, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
0FE4AB257198C21A057BA14AEA8A0ADD

File PE Metadata
Compilation timestamp:
6/10/2011 11:55:45 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:AsdRQZRPSwUg1M+PgdDg05Pu0M3LNU+V7ALw8y5Fe6O:AaQZRqwUUMPF5Po+y5FVO

Entry address:
0x64CE6

Entry point:
E8, 9C, F5, 00, 00, E9, 16, FE, FF, FF, 8B, 44, 24, 04, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 44, 24, 04, D1, F8, 48, C3, CC, CC, 68, A0, 3C, 46, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, 60, 89, 50, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00, C3, 8B, 4D, F0, 64, 89, 0D, 00, 00, 00, 00, 59, 5F, 5F, 5E, 5B, 8B, E5, 5D, 51, C3, 50, 64, FF, 35, 00...
 
[+]

Entropy:
4.7837

Code size:
648 KB (663,552 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
PCE Client

Command:
"C:\Program Files\pcent\pcclient.exe"


Scan PCClient.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.