home

screenconnect.client.exe

ScreenConnect Software

Publisher:
ScreenConnect Software  (signed and verified)

MD5:
455c0d103c0e145f89fd60930334515c

SHA-1:
1736bf7fdfae70dc7d0adf5f2d0ae4deec9307f8

SHA-256:
ec38952d628c553b36ef73c19c1c1bfe358ecdef1c1d14b05585dcef8ef1f26c

Scanner detections:
2 / 68

Status:
Clean  (2 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
11/30/2024 3:33:48 PM UTC  (today)

Scan engine
Detection
Engine version

Emsisoft Anti-Malware
Gen:Trojan.Heur.JP.fyY@aSamItbi
11.5.0.6191

Norman
Gen:Trojan.Heur.JP.fyY@aSamItbi
28.05.2016 15:32:18

File size:
84.6 KB (86,672 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\screenconnect.client.exe

Digital Signature
Signed by:
ScreenConnect Software

Authority:
COMODO CA Limited

Valid from:
2/2/2016 5:30:00 AM

Valid to:
2/2/2019 5:29:59 AM

Subject:
CN=ScreenConnect Software, O=ScreenConnect Software, POBox=33634, STREET="4110 George Road, Suite 200", L=Tampa, S=Florida, PostalCode=33634, C=US

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
04A03DBCE32C5A34420A419FB740AA1A

File PE Metadata
Compilation timestamp:
5/18/2016 9:37:24 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
14.0

CTPH (ssdeep):
1536:vXn1JYSnExFkcgKKjxfmqshiKW5Xs/iYQqQJtsWFcdfRMvb+xWCuorimI6:vE3x5KBDYiKWm/iSw0fRMvygC+6

Entry address:
0x16E7

Entry point:
E8, B0, 03, 00, 00, E9, 80, FE, FF, FF, 55, 8B, EC, 6A, 00, FF, 15, 54, C0, 40, 00, FF, 75, 08, FF, 15, 50, C0, 40, 00, 68, 09, 04, 00, C0, FF, 15, 58, C0, 40, 00, 50, FF, 15, 5C, C0, 40, 00, 5D, C3, 55, 8B, EC, 81, EC, 24, 03, 00, 00, 6A, 17, E8, 23, 91, 00, 00, 85, C0, 74, 05, 6A, 02, 59, CD, 29, A3, C0, 28, 41, 00, 89, 0D, BC, 28, 41, 00, 89, 15, B8, 28, 41, 00, 89, 1D, B4, 28, 41, 00, 89, 35, B0, 28, 41, 00, 89, 3D, AC, 28, 41, 00, 66, 8C, 15, D8, 28, 41, 00, 66, 8C, 0D, CC, 28, 41, 00, 66, 8C, 1D, A8...
 
[+]

Entropy:
6.2743

Code size:
43 KB (44,032 bytes)

The file screenconnect.client.exe has been seen being distributed by the following URL.

https://connect.barracuda.com/.../ScreenConnect.Client.exe

Scan screenconnect.client.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.