» guardbackgroundservice.exe
Overview
Analysis
File Details
Behaviors (1)

guardbackgroundservice.exe

Fedorov Paul

The is the installer for the WebPick InstalleRex download manager which bundles applications with offers for additional 3rd party software, mostly unwanted adware, and may be installed without consent. The application guardbackgroundservice.exe by Fedorov Paul has been detected as adware by 2 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Active background guard service”.

File name:

Publisher:

Fedorov Paul (signed and verified)

MD5:

473155113dfb0a65fbf60b590d3f71bb

SHA-1:

52d17bce6df56d17889aa2f4a98d91ced09746bf

SHA-256:

2c678fe62838b05486028024a818a57f7bfffe59777dc1c661e1fbeb82cb1b04

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/26/2024 8:59:52 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.BGuard.31

9.0.1.0223

Reason Heuristics

PUP.Webpick.FedorovPaul (M)

15.8.11.13

File size:

763.5 KB (781,872 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\cashsyst\guard\guardbackgroundservice.exe

Digital Signature

Signed by:

Fedorov Paul

Authority:

Thawte, Inc.

Valid from:

9/30/2013 8:00:00 AM

Valid to:

10/17/2014 7:59:59 AM

Subject:

CN=Fedorov Paul, OU=Individual Developer, O=No Organization Affiliation, L=Saint-Petersburg, S=Saint-Petersburg, C=RU

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

4775A986F383176992FD70C1405B2DEA

File PE Metadata

Compilation timestamp:

10/2/2013 4:47:12 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:lz0oKE6fYL3KSTiDMfeGOa4nPndqitKCYl/zZdLdwg1h4xDz:lwoK7wPiAfNOaqftYlrZdDeDz

Entry address:

0x7CB4C

Entry point:

E8, 7C, B0, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, 6B, B3, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, ED, 93, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 00, AA, 4A, 00, 74, 12, 8B, 0D, 18, A9, 4A, 00, 85, 48, 70, 75, 07, E8, 45, 19, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 48, AE, 4A, 00, 74, 16, 8B, 46, 08, 8B, 0D, 18, A9, 4A... 
[+]

Code size:

603 KB (617,472 bytes)

Service

Display name:

Active background guard service

Type:

Win32OwnProcess

Remove guardbackgroundservice.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.