» appguard.exe
Overview
Analysis
File Details
Behaviors (1)

appguard.exe

appGuard

EZ-COM

The executable appguard.exe has been detected as malware by 38 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “appGuard”. Infected by the Parite virus, a polymorphic file infecting virus that infects all portable EXE and SCR files found on local and shared network drives.

File name:

appguard.exe

Publisher:

EZ-COM

Product:

appGuard

Version:

1.00

MD5:

93e8678366a834402501be8666598c5d

SHA-1:

60730e9169a4070ba32a671096616484d069c08a

SHA-256:

3ded43d384fa2dccce5b5e6313aa16fd53ed4a8b422997ddf2bda73cab690649

Scanner detections:

38 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 5:45:46 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Win32.Parite.B

6735097

Agnitum Outpost

Win32.Parite.B

7.1.1

AhnLab V3 Security

Win32/Parite

2015.03.10

Avira AntiVirus

W32/Parite

7.11.215.52

avast!

Win32:Parite

150303-0

AVG

Win32/Parite

2014.0.4253

Baidu Antivirus

Virus.Win32.Parite.$b

4.0.3.1539

Bitdefender

Win32.Parite.B

1.0.20.340

Bkav FE

W32.Pinfi.B

1.3.0.6379

Clam AntiVirus

Heuristics.W32.Parite.B

0.98/20166

Comodo Security

Virus.Win32.Parite.gen

21349

Dr.Web

Win32.Parite.2

9.0.1.05190

Emsisoft Anti-Malware

Win32.Parite

9.0.0.4799

ESET NOD32

Win32/Parite.B virus

7.0.302.0

Fortinet FortiGate

W32/Parite.B

3/9/2015

F-Prot

W32/Parite.B

4.6.5.141

F-Secure

Win32.Parite.B

5.13.68

G Data

Win32.Parite

15.3.25

IKARUS anti.virus

Virus.Win32.Parite

t3scan.1.8.6.0

K7 AntiVirus

Virus

13.200.15204

Kaspersky

Virus.Win32.Parite

15.0.0.543

McAfee

Virus.W32/Pate.b

16.8.708.2

Microsoft Security Essentials

Threat.Undefined

1.193.2090.0

MicroWorld eScan

Win32.Parite.B

16.0.0.204

NANO AntiVirus

Virus.Win32.Parite.bgvo

0.30.0.296

Norman

Win32.Parite.B

03.12.2014 13:20:04

nProtect

Virus/W32.Parite.C

15.03.09.01

Panda Antivirus

W32/Parite.B

15.03.09.11

Quick Heal

W32.Perite.A

3.15.14.00

Rising Antivirus

PE:Win32.Parite.b!16043

23.00.65.15307

Sophos

Virus 'W32/Parite-B'

5.11

Total Defense

Win32/Pinfi.A

37.0.11486

Trend Micro House Call

PE_PARITE.A

7.2.68

Trend Micro

PE_PARITE.A

10.465.09

Vba32 AntiVirus

Virus.Win32.Parite.b

3.12.26.3

VIPRE Antivirus

Threat.46249

37788

ViRobot

Win32.Parite.A[h]

2014.3.20.0

Zillya! Antivirus

Virus.Parite.Win32.9

2.0.0.2091

File size:

197.5 KB (202,200 bytes)

Product version:

1.00

Original file name:

appguard.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Windows\System32\appguard.exe

File PE Metadata

Compilation timestamp:

6/24/2011 3:42:39 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

3072:vMCDrSTFCGvY8WdGVH49C6faoLbxVlNFAm3y3jpMx10OQf9y06JhXH:FrST4a6Cw5HNum4pi05956nH

Entry address:

0x7000

Entry point:

B8, 15, 1E, 1E, 00, 90, 90, BE, 1E, 70, 40, 00, 90, 90, BF, 98, 05, 00, 00, 90, 90, 31, 04, 3E, 83, EF, 04, 90, 90, 75, F6, 90, 90, 90, FD, 63, 1F, 00, 15, 1E, 1E, 00, 15, 1E, 5E, 00, 09, 0F, 1E, 00, 15, 7E, 1E, 00, CD, 7B, 1E, 00, 15, AE, 1C, 00, 15, 1E, 1E, 00, 05, 0E, 5E, 00, 61, 5E, 5E, 00, 91, 5E, 5E, 00, 81, 21, 1E, 00, 67, 5E, 1E, 00, 97, 5E, 1E, 00, 05, 0E, 1E, 00, A8, FA, 9F, 7C, 7B, 82, 9E, 7C, 35, 1C, 1E, 00, 5D, 1E, 1E, 00, 15, 1E, 1E, 00, 15, 1E, 1E, 00, 15, 1E, 1E, 00, B2, 88, 0E, 41, 35, 1E... 
[+]

Code size:

16 KB (16,384 bytes)

Service

Display name:

appGuard

Type:

Win32OwnProcess

Remove appguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.