» guardbox.exe
Overview
Analysis
File Details
Downloads (1)

guardbox.exe

Guardbox

IncrediMail, Inc.

The application guardbox.exe by IncrediMail has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gbstorage.stgbssint.com.

File name:

guardbox.exe

Publisher:

IncrediMail, Inc. (signed and verified)

Product:

Guardbox

Version:

1.12.0.41

MD5:

7851164d0a8b50e09231fb22362162ca

SHA-1:

8762182e0b3bebb4fda82603f6c94d30f9422b22

SHA-256:

030bd2c37d22df220491a5a58e09f0af499cca56af7920378cc6b1a5e82527ff

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

4/3/2026 11:53:22 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.6379

ESET NOD32

Detection.Undefined

7.0.302.0

IKARUS anti.virus

PUA.Conduit.SearchProtect

t3scan.1.9.2.0

Reason Heuristics

PUP.Perion.Guardbox

16.2.2.15

Trend Micro House Call

Suspicious_GEN.F47V0516

7.2.210

File size:

4.7 MB (4,956,680 bytes)

Product version:

1.12.0.41

Original file name:

Guardbox

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\guardbox.exe

Digital Signature

Signed by:

IncrediMail, Inc.

Authority:

Symantec Corporation

Valid from:

3/4/2015 5:30:00 AM

Valid to:

3/5/2017 5:29:59 AM

Subject:

CN="IncrediMail, Inc.", OU=GuardBox, O="IncrediMail, Inc.", L=Redmond, S=Washington, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0A94D8A33B5A91604406868292AF29E7

File PE Metadata

Compilation timestamp:

9/26/2011 6:51:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:ySc96DNyDRIbrAsuPNTWlQycrVdiLNLjsKbsANG9w:yh96xy9nsuVTaRYXiLBrt

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Entropy:

7.9988

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file guardbox.exe has been seen being distributed by the following URL.

http://gbstorage.stgbssint.com/AutoUpdate/.../Guardbox.exe

Remove guardbox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.