» guard.exe
Overview
Analysis
File Details

guard.exe

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application guard.exe by Fedorov Paul has been detected as adware by 4 anti-malware scanners.

File name:

guard.exe

Publisher:

Fedorov Paul (signed and verified)

MD5:

0059c187d9b407c28109e0a7122d9e9e

SHA-1:

85185546dfeea3d12e5f3bda86f4e49482a43a32

SHA-256:

df8477ace83d2c19b59c3c1a9d8c410392a226c4215dbf0335bb21d33c5cfe73

Scanner detections:

4 / 68

Status:

Adware

Analysis date:

4/27/2024 1:06:33 AM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

17217

Dr.Web

Adware.BGuard.31

9.0.1.0277

ESET NOD32

Win32/Toolbar.Neobar (variant)

8.9007

Reason Heuristics

PUP.WebPick

15.3.9.1

File size:

864 KB (884,784 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\gigabase\guard\guard.exe

Digital Signature

Signed by:

Fedorov Paul

Authority:

Thawte, Inc.

Valid from:

8/28/2012 3:00:00 AM

Valid to:

8/29/2013 2:59:59 AM

Subject:

CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

702D4055EE5CC734192DCBDFFE7AE8E1

File PE Metadata

Compilation timestamp:

4/20/2013 3:37:02 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:EfFjnL6K9zxzJmSN44qANAkUxvJgFMqv5uncK4XUwpNhZzzfWNwgKjIYdwb42Wb:EfJnGK9DlGeMqv8ncKgdvfWNwljIKb

Entry address:

0x8CF8C

Entry point:

E8, FD, 9D, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 34, 07, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, B6, 71, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 90, 18, 4C, 00, 74, 12, 8B, 0D, A8, 17, 4C, 00, 85, 48, 70, 75, 07, E8, 63, 2E, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 18, 1D, 4C, 00, 74, 16, 8B, 46, 08, 8B, 0D, A8, 17, 4C, 00, 85, 48... 
[+]

Code size:

677 KB (693,248 bytes)

Remove guard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.