» uiWinMgr.exe
Overview
Analysis
File Details
Behaviors (1)

uiWinMgr.exe

Trend Micro Titanium

NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Security Client’.

File name:

uiWinMgr.exe

Publisher:

Trend Micro Inc. (signed by NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION)

Product:

Trend Micro Titanium

Description:

Security Client

Version:

5.21.0.2011

MD5:

2149bb6e098de89c74960855ce061273

SHA-1:

0424844657b41e04a6a2e0ede37687260efc720f

SHA-256:

aded70db6118b5bba60bf8ec90a8435ae4d7f687626e991eebeffeb96adbd7ce

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 3:34:01 PM UTC (today)

File size:

1 MB (1,057,224 bytes)

Product version:

5.21

Trademarks:

Trend Micro Titanium is a registered trademark of Trend Micro Incorporated.

Original file name:

uiWinMgr.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\ntte\virus clear\virus clear7\uiframework\uiwinmgr.exe

Digital Signature

Signed by:

NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION

Authority:

VeriSign, Inc.

Valid from:

11/9/2012 9:00:00 AM

Valid to:

11/28/2013 8:59:59 AM

Subject:

CN=NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION, OU=Consumer Business Headquarters Broadband Service Department - 1, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=NIPPON TELEGRAPH AND TELEPHONE EAST CORPORATION, L=Shinjuku-ku, S=Tokyo, C=JP

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

1E01045A5CBD1DEE55AB967ECBB1839E

File PE Metadata

Compilation timestamp:

10/25/2013 12:35:35 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

24576:RE21i1pKRoMFRGH8do8ou3ZsV08VZ+u2+ua+uwk4oD/jp5:REjSewRGVCJs28qu+2X

Entry address:

0x909BF

Entry point:

E8, 49, 06, 00, 00, E9, 3A, FD, FF, FF, 3B, 0D, FC, C7, 4C, 00, 75, 02, F3, C3, E9, C9, 06, 00, 00, FF, 25, F4, 18, 4A, 00, FF, 25, 30, 17, 4A, 00, 6A, 14, 68, B0, 71, 4B, 00, E8, 98, 05, 00, 00, 83, 65, FC, 00, FF, 4D, 10, 78, 3A, 8B, 4D, 08, 2B, 4D, 0C, 89, 4D, 08, FF, 55, 14, EB, ED, 8B, 45, EC, 89, 45, E4, 8B, 45, E4, 8B, 00, 89, 45, E0, 8B, 45, E0, 81, 38, 63, 73, 6D, E0, 74, 0B, C7, 45, DC, 00, 00, 00, 00, 8B, 45, DC, C3, E8, 76, 07, 00, 00, 8B, 65, E8, C7, 45, FC, FE, FF, FF, FF, E8, 8E, 05, 00, 00... 
[+]

Entropy:

6.3927

Code size:

640 KB (655,360 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

Security Client

Command:

"C:\Program Files\ntte\virus clear\virus clear7\uiframework\uiwinmgr.exe" -set silent "1" splashurl ""

Scan uiWinMgr.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.