home

NEGui.EXE

NeExtender GUI client

Dell Software Inc.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SonicWALLNetExtender’. This is installed with Dell SonicWALL NetExtender.
Publisher:
Dell  (signed by Dell Software Inc.)

Product:
NeExtender GUI client

Version:
8, 0, 240, 1

MD5:
35f5729495d3dca1f1dda69752540924

SHA-1:
f2d818bd28d19bdb46291046f4a97489a50373c9

SHA-256:
38205ff47b429951b858df097e8eca1845909b4d8cbf172db4e783b824377147

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 9:39:29 AM UTC  (today)

File size:
3 MB (3,127,440 bytes)

Product version:
8, 0, 240, 1

Copyright:
(C) 2015 Dell

Original file name:
NEGui.EXE

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\sonicwall\ssl-vpn\netextender\negui.exe

Digital Signature
Signed by:
Dell Software Inc.

Authority:
Symantec Corporation

Valid from:
4/13/2015 8:00:00 PM

Valid to:
4/13/2018 7:59:59 PM

Subject:
CN=Dell Software Inc., OU=IS Administration, O=Dell Software Inc., L=Aliso Viejo, S=California, C=US, SERIALNUMBER=4645336, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.2=Delaware, OID.1.3.6.1.4.1.311.60.2.1.3=US

Issuer:
CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
44F159BA291DBDFBE929164712BD6681

File PE Metadata
Compilation timestamp:
12/9/2015 3:54:13 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

Entry address:
0x70CD3

Entry point:
E8, 42, 6F, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 3F, 1A, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, C4, 1D, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 2B, 0D, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 9A, 03, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, F0, 19, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD, 6A, 16...
 
[+]

Entropy:
6.2700

Code size:
596 KB (610,304 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SonicWALLNetExtender

Command:
"C:\Program Files\sonicwall\ssl-vpn\netextender\negui.exe" -hidegui -clearreboot


The file NEGui.EXE has been discovered within the following program.

Dell SonicWALL NetExtender  by Dell Inc.
Publisher's description - “NetExtender adds more power to the Dell™ SonicWALL™ Secure Remote Access (SRA) 4600 and 1600, adding capabilities such as seamless and secure access to any resource on the corporate network, including servers or custom applications. NetExtender is not a fat client.”
www.sonicwall.com
11% remove it
 
Powered by Should I Remove It?

Scan NEGui.EXE - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.