» PCClient.exe
Overview
Analysis
File Details
Behaviors (1)

PCClient.exe

Policy Central Enterprise

Forensic Software Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘PCE Client’.

File name:

PCClient.exe

Publisher:

Forensic Software Ltd (signed by Forensic Software Limited)

Product:

Policy Central Enterprise

Description:

PCClient

Version:

5.1.4.8

MD5:

9a8da107b8b645af45fbbfa1a19b7cf2

SHA-1:

9ce7f1179f917c35669b4fc3111a16bb69f0a30a

SHA-256:

287815ed47fbce83acc5e31880c1b4aa1bd5228248b80ef52b8c466f12333182

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 12:21:42 PM UTC (today)

File size:

4.2 MB (4,374,792 bytes)

Product version:

5.1.4.8

Original file name:

PCClient.exe

File type:

Executable application (Win64 EXE)

Language:

English (United States)

Common path:

C:\Program Files\pcent\pcclient.exe

Digital Signature

Signed by:

Forensic Software Limited

Authority:

DigiCert Inc

Valid from:

10/5/2012 1:00:00 AM

Valid to:

12/9/2013 12:00:00 PM

Subject:

CN=Forensic Software Limited, O=Forensic Software Limited, L=Windsor, C=GB

Issuer:

CN=DigiCert High Assurance Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

095E9C7DD190B2FC06392E0C254D5E35

File PE Metadata

Compilation timestamp:

3/25/2013 12:46:36 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:nXCKJ8DoTzKeB0V3sxqx2NpdmAXpHXnKAI/plc3OSYjAXyuy5Fh:PXTz+5+qx2W/p+3/Yzuy5Fh

Entry address:

0x1D89F0

Entry point:

48, 83, EC, 28, E8, EB, A2, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, 48, 85, C9, 74, 37, 53, 48, 83, EC, 20, 4C, 8B, C1, 48, 8B, 0D, A8, 2A, 19, 00, 33, D2, FF, 15, C8, 8B, 03, 00, 85, C0, 75, 17, E8, 9B, 57, 00, 00, 48, 8B, D8, FF, 15, 26, 91, 03, 00, 8B, C8, E8, 43, 57, 00, 00, 89, 03, 48, 83, C4, 20, 5B, C3, CC, CC, CC, 40, 53, 48, 83, EC, 20, 45, 8B, 18, 48, 8B, DA, 4C, 8B, C9, 41, 83, E3, F8, 41, F6, 00, 04, 4C, 8B, D1, 74, 13, 41, 8B, 40, 08, 4D, 63, 50, 04, F7, D8, 4C, 03, D1, 48, 63, C8... 
[+]

Entropy:

5.5470

Code size:

2.1 MB (2,160,128 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

PCE Client

Command:

"C:\Program Files\pcent\pcclient.exe"

Scan PCClient.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.