home

ReflectUI.exe

Macrium Reflect

Paramount Software UK Ltd

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Reflect UI’.
Publisher:
Paramount Software UK Ltd  (signed and verified)

Product:
Macrium Reflect

Description:
Macrium Reflect UI Watcher

Version:
7, 0, 2001, 0

MD5:
00e6c73f761614f004c76e4381994b8c

SHA-1:
1965a49004f773e90d403325a955d4284fc9248f

SHA-256:
8385329802b64ed15e61aba7a367811f1f3d00587982f2c631e20d741fc7c741

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/30/2024 10:06:24 AM UTC  (today)

File size:
2.5 MB (2,596,944 bytes)

Product version:
7, 0, 2001, 0

Copyright:
(c) Paramount Software. All rights reserved.

Original file name:
ReflectUI.exe

File type:
Executable application (Win32 EXE)

Language:
Language Neutral

Common path:
C:\Program Files\macrium\common\reflectui.exe

Digital Signature
Signed by:
Paramount Software UK Ltd

Authority:
GlobalSign nv-sa

Valid from:
2/16/2017 1:47:48 AM

Valid to:
3/24/2020 7:06:23 AM

Subject:
CN=Paramount Software UK Ltd, O=Paramount Software UK Ltd, L=Manchester, S=Greater Manchester, C=GB

Issuer:
CN=GlobalSign CodeSigning CA - G3, O=GlobalSign nv-sa, C=BE

Serial number:
7C4BA269A79BFCBA77F289AA

File PE Metadata
Compilation timestamp:
2/28/2017 11:02:19 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

Entry address:
0x14EAA3

Entry point:
E8, C9, A6, 00, 00, E9, 7F, FE, FF, FF, 3B, 0D, 20, 61, 5E, 00, 75, 02, F3, C3, E9, F0, 14, 00, 00, 51, C7, 01, 1C, 2D, 5B, 00, E8, C9, AB, 00, 00, 59, C3, 55, 8B, EC, 8D, 41, 09, 50, 8B, 45, 08, 83, C0, 09, 50, E8, A3, 60, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 55, 8B, EC, 56, 8B, F1, E8, C9, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 71, AD, EE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03...
 
[+]

Entropy:
5.9486

Code size:
1.5 MB (1,579,008 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Reflect UI

Command:
C:\Program Files\macrium\common\reflectui.exe


Scan ReflectUI.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.