home

wgncm.exe

CA DataMinder

CA, Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘CA DataMinder Client’.
Publisher:
CA  (signed by CA, Inc.)

Product:
CA DataMinder

Description:
Collection Manager

Version:
14.5.3200.4

MD5:
adedb60575fce3ded53e474b9d9f80e5

SHA-1:
ee4c6132dc5b63fc5c7f62bca67b5bd292697e7f

SHA-256:
4d40535a7f9fd67b7129cce7ffd237faf702987310ae13a8f9f20d4116bbc2b9

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 7:24:59 AM UTC  (today)

File size:
1.9 MB (2,042,152 bytes)

Product version:
14.5.3200.4

Copyright:
Copyright © 2013 CA. All rights reserved.

Original file name:
wgncm.dll

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\ca\ca dataminder\client\wgncm.exe

Digital Signature
Signed by:
CA, Inc.

Authority:
VeriSign, Inc.

Valid from:
2/26/2013 6:00:00 PM

Valid to:
2/28/2015 5:59:59 PM

Subject:
CN="CA, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=GIS, O="CA, Inc.", L=New York, S=New York, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
2F88F000D3ADB929FCBE4802313D2BA2

File PE Metadata
Compilation timestamp:
3/13/2013 10:57:55 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
24576:yTYLymUn7r3KIMOMMsg7LUbfA5JRwoN3v/WhZk2tZwwr:TuJr3KIaMZLU7A5JRwoNf/+NZJr

Entry address:
0x644F9

Entry point:
E8, E6, 03, 00, 00, E9, 3A, FD, FF, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, C0, 00, 5F, 00, 89, 0D, BC, 00, 5F, 00, 89, 15, B8, 00, 5F, 00, 89, 1D, B4, 00, 5F, 00, 89, 35, B0, 00, 5F, 00, 89, 3D, AC, 00, 5F, 00, 66, 8C, 15, D8, 00, 5F, 00, 66, 8C, 0D, CC, 00, 5F, 00, 66, 8C, 1D, A8, 00, 5F, 00, 66, 8C, 05, A4, 00, 5F, 00, 66, 8C, 25, A0, 00, 5F, 00, 66, 8C, 2D, 9C, 00, 5F, 00, 9C, 8F, 05, D0, 00, 5F, 00, 8B, 45, 00, A3, C4, 00, 5F, 00, 8B, 45, 04, A3, C8, 00, 5F, 00, 8D, 45, 08, A3, D4, 00, 5F, 00, 8B...
 
[+]

Entropy:
5.9628

Code size:
1.5 MB (1,531,904 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
CA DataMinder Client

Command:
C:\Program Files\ca\ca dataminder\client\wgncm.exe


Scan wgncm.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.