» guardbox.exe
Overview
Analysis
File Details
Downloads (1)

guardbox.exe

Guardbox

IncrediMail, Inc.

The application guardbox.exe by IncrediMail has been detected as a potentially unwanted program by 5 anti-malware scanners. The program is a setup application that uses the NSIS (Nullsoft Scriptable Install System) installer. The file has been seen being downloaded from gbstorage.stgbssint.com.

File name:

guardbox.exe

Publisher:

IncrediMail, Inc. (signed and verified)

Product:

Guardbox

Version:

1.12.0.41

MD5:

f23a8b855ce62108966fa74c22238fcd

SHA-1:

e91a18f959df35aa05224c253d341556c0be8af7

SHA-256:

fbdc32bbf022849af7548e1370ebcf6086895a8814118abd99e414289e8d887c

Scanner detections:

5 / 68

Status:

Potentially unwanted

Explanation:

Bundles the Conduit Toolbar and/or Conduit Search Protect.

Analysis date:

2/17/2026 11:37:41 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Bkav FE

W32.HfsAdware

1.3.0.6379

ESET NOD32

Detection.Undefined

7.0.302.0

IKARUS anti.virus

PUA.Conduit.SearchProtect

t3scan.1.9.2.0

Reason Heuristics

PUP.Perion.Guardbox

16.2.2.15

Trend Micro House Call

Suspicious_GEN.F47V0516

7.2.210

File size:

4.7 MB (4,953,608 bytes)

Product version:

1.12.0.41

Original file name:

Guardbox

File type:

Executable application (Win32 EXE)

Installer:

NSIS (Nullsoft Scriptable Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\08145lu2\guardbox.exe

Digital Signature

Signed by:

IncrediMail, Inc.

Authority:

Symantec Corporation

Valid from:

3/4/2015 1:00:00 AM

Valid to:

3/5/2017 12:59:59 AM

Subject:

CN="IncrediMail, Inc.", OU=GuardBox, O="IncrediMail, Inc.", L=Redmond, S=Washington, C=US

Issuer:

CN=Symantec Class 3 SHA256 Code Signing CA, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

0A94D8A33B5A91604406868292AF29E7

File PE Metadata

Compilation timestamp:

9/26/2011 3:21:33 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:mSc96DNyDRIbrAsuPNTWlQycrVdiLNLjsKbsANG9J:mh96xy9nsuVTaRYXiLBrw

Entry address:

0x39E3

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, D8, 91, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B8, 80, 40, 00, 55, FF, 15, C0, 82, 40, 00, 6A, 08, A3, B8, 2E, 47, 00, E8, 37, 2A, 00, 00, 55, 68, B4, 02, 00, 00, A3, D0, 2D, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 1C, 93, 40, 00, FF, 15, 84, 81, 40, 00, 68, 04, 93, 40, 00, 68, C0, AD, 46, 00, E8, 19, 27, 00, 00, FF, 15, B4, 80, 40, 00, 50, BF, A0, 30, 4C, 00, 57, E8, 07, 27, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

28 KB (28,672 bytes)

The file guardbox.exe has been seen being distributed by the following URL.

http://gbstorage.stgbssint.com/Installer/.../Guardbox.exe

Remove guardbox.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.