PanGPA.exe

GlobalProtect

Palo Alto Networks

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘GlobalProtect’.
Publisher:
Palo Alto Networks  (signed and verified)

Product:
GlobalProtect

Description:
GlobalProtect client

Version:
3.1.6-19

MD5:
3f9e8fbf5268cbb292f5264d6b7b6756

SHA-1:
11cefc9e67a3741510462a0f821e79a2d8d84f35

SHA-256:
c5393a603ccf40067eb7a88f30d14671ae982b9b4522a06756984bedb1c81396

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 3:03:59 AM UTC  (today)

File size:
2 MB (2,128,200 bytes)

Product version:
3.1.6-19

Copyright:
Palo Alto Networks 2015(C) All rights reserved.

Original file name:
PanGPA.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\Program Files\palo alto networks\globalprotect\pangpa.exe

Digital Signature
Authority:
Symantec Corporation

Subject:
CN=Palo Alto Networks, O=Palo Alto Networks, L=Santa Clara, S=California, C=US

Issuer:
CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:
3838D5414BA95488F3D1D0AE51E1BE06

File PE Metadata
Compilation timestamp:
2/21/2017 8:04:59 PM

OS version:
6.0

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
12.0

Entry address:
0xE6A10

Entry point:
48, 83, EC, 28, E8, 37, 07, 00, 00, 48, 83, C4, 28, E9, F2, FD, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 48, 3B, 0D, 39, D6, 09, 00, 75, 11, 48, C1, C1, 10, 66, F7, C1, FF, FF, 75, 02, F3, C3, 48, C1, C9, 10, E9, 59, 00, 00, 00, CC, FF, 25, FA, 7D, 01, 00, FF, 25, EC, 7D, 01, 00, 40, 53, 48, 83, EC, 20, 48, 8B, D9, FF, 15, 75, 79, 01, 00, B9, 01, 00, 00, 00, 89, 05, 0A, 81, 0E, 00, E8, ED, 07, 00, 00, 48, 8B, CB, E8, EB...
 
[+]

Code size:
1008 KB (1,032,192 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
GlobalProtect

Command:
"C:\Program Files\palo alto networks\globalprotect\pangpa.exe"


Scan PanGPA.exe - Powered by Reason Core Security