home

guard64.dll

COMODO Internet Security

Comodo Security Solutions

Publisher:
COMODO  (signed by Comodo Security Solutions)

Product:
COMODO Internet Security

Version:
8, 2, 0, 4591

MD5:
defb2a94e0fd874e75c3a7bd9c3c5377

SHA-1:
5fa53c50231b8c8a9bad947dd6f0ededa9ac9434

SHA-256:
0680eaee468230d5a85ed470d938a0b15b6e47c5fc17455c7284efc7d858bc92

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/23/2024 5:29:35 PM UTC  (today)

File size:
563.3 KB (576,824 bytes)

Product version:
8, 2, 0, 4591

Copyright:
2005-2014 COMODO. All rights reserved.

File type:
Dynamic link library (Win64 DLL)

Language:
English (United States)

Common path:
C:\Windows\System32\guard64.dll

Digital Signature
Signed by:
Comodo Security Solutions

Authority:
COMODO CA Limited

Valid from:
4/1/2015 7:00:00 PM

Valid to:
12/31/2015 5:59:59 PM

Subject:
CN=Comodo Security Solutions, O=Comodo Security Solutions, STREET=1255 Broad St., STREET=Suite 100, L=Clifton, S=New Jersey, PostalCode=07013, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B7B845B45DA5C6005DCD7EDA4D8C2F94

File PE Metadata
Compilation timestamp:
6/5/2015 8:09:12 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:HBzjMJy0oYgxFK2T72O2x7ziP6T2HpVHSs3:h8Jy0oYgxFK2T7+SCT2/t

Entry address:
0x2A900

Entry point:
48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, DB, 47, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 48, 85, C9, 74, 37, 53, 48, 83, EC, 20, 4C, 8B, C1, 48, 8B, 0D, F4, B8, 05, 00, 33, D2, FF, 15, 64, 08, 03, 00, 85, C0, 75, 17, E8, 7B, 15, 00, 00, 48, 8B, D8, FF, 15, C2, 07, 03, 00, 8B, C8, E8, 23, 15, 00, 00, 89, 03, 48, 83, C4, 20, 5B, C3, CC, CC, CC...
 
[+]

Entropy:
5.7425

Code size:
359 KB (367,616 bytes)

The file guard64.dll has been seen being distributed by the following URL.

http://www.dllme.com/dll-download.php?code=b34c1c591ce71160b90f17d8b9cf9aea&type=dll&file=9754

Scan guard64.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.