home

guardis.exe

Nextar Tecnologia de Software Ltda

The executable guardis.exe has been detected as malware by 4 anti-virus scanners. It runs as a separate (within the context of its own process) windows Service named “NexCafé IS”. According to AVG, this software downloads additional adware offers during setup.
Publisher:
Nextar Tecnologia de Software Ltda  (signed and verified)

MD5:
5037e46f596c4b6d545965bbe8749e1c

SHA-1:
2dae765f8626cdfff9ddd447c82b4258a704cbef

SHA-256:
81dfb1488e09b2dd3d87b6751fc54a138377dfa120f046b026fbc67cfbcf05bd

Scanner detections:
4 / 68

Status:
Malware

Analysis date:
5/10/2024 12:18:49 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Rogue.8100371
7.11.68.166

AVG
Downloader.Generic13
2014.0.3617

Kaspersky
Trojan-Downloader.Win32.Dadobra
14.0.0.4582

Vba32 AntiVirus
Trojan-Downloader.Dadobra.guc
3.12.20.2

File size:
140.9 KB (144,272 bytes)

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
Nextar Tecnologia de Software Ltda

Authority:
DigiCert Inc

Valid from:
5/16/2012 9:00:00 PM

Valid to:
5/22/2013 9:00:00 AM

Subject:
CN=Nextar Tecnologia de Software Ltda, O=Nextar Tecnologia de Software Ltda, L=Florianopolis, S=Santa Catarina, C=BR

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
05C89EF595CDCD0B233BDBC9162340BB

File PE Metadata
Compilation timestamp:
12/1/2011 6:39:18 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
3072:a0jh4Ie1nYt2jcN4H1bhP+fcHE30kRZpvBZ5L0na+0JIv:a0jDe9jcqH1QfPEqv50na+zv

Entry address:
0x1E12C

Entry point:
55, 8B, EC, 83, C4, F0, B8, 78, D7, 41, 00, E8, 64, 6F, FE, FF, E8, EF, 6C, FF, FF, 85, C0, 74, 07, E8, 9A, ED, FF, FF, EB, 05, E8, 8B, EE, FF, FF, E8, 86, 5C, FE, FF, 8B, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
114.5 KB (117,248 bytes)

Service
Display name:
NexCafé IS

Service name:
NexGuardIS

Type:
Win32OwnProcess


Remove guardis.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.