NEGui.EXE

NeExtender GUI client

SonicWall L.L.C.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SonicWALLNetExtender’.
Publisher:
Dell  (signed by SonicWall L.L.C.)

Product:
NeExtender GUI client

Version:
8, 0, 240, 1

MD5:
a624fc8f0a865ba941f404c8173a55ab

SHA-1:
c78fb4694d4fd213db84001a2741d2f00633abd8

SHA-256:
ed041818f00341425f6bb6246993558b55dd00990fcf9718a4d1b9104217c992

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
12/26/2024 2:51:57 AM UTC  (today)

File size:
3 MB (3,126,632 bytes)

Product version:
8, 0, 240, 1

Copyright:
(C) 2015 Dell

Original file name:
NEGui.EXE

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\sonicwall\ssl-vpn\netextender\negui.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
9/3/2014 9:00:00 AM

Valid to:
9/3/2017 8:59:59 AM

Subject:
CN=SonicWall L.L.C., O=SonicWall L.L.C., L=San Jose, S=California, C=US

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
4B84BF84FBA033D3455FEDD3346A2C2A

File PE Metadata
Compilation timestamp:
12/18/2015 11:29:53 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x71733

Entry point:
E8, 52, 6F, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 4F, 1A, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, D4, 1D, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 3B, 0D, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 9A, 03, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, 00, 1A, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD, 6A, 16...
 
[+]

Entropy:
6.2758

Code size:
596 KB (610,304 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SonicWALLNetExtender

Command:
C:\Program Files\sonicwall\ssl-vpn\netextender\negui.exe -hidegui


Scan NEGui.EXE - Powered by Reason Core Security