home

GuardMailRu.exe

GuardMailRu Module

LLC Mail.Ru

The application GuardMailRu.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 11 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Guard.Mail.ru”. This file is typically installed with the program Guard.Mail.ru by Mail.Ru. While running, it connects to the Internet address mrds.mail.ru on port 80 using the HTTP protocol.
Publisher:
LLC Mail.Ru  (signed and verified)

Product:
GuardMailRu Module

Version:
1, 0, 0, 317

MD5:
998afa5dd3f294efeb13a6b75a5b656a

SHA-1:
af6587e22dce3e5e94f121469b5c017970423b3b

SHA-256:
3f80fcce989c08ce9d8824021a5714a3a1f5f764741ed3de095b6b25b8b9ba40

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
4/16/2024 4:32:48 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:BrowserTakeover-A [PUP]
2014.9-140328

AVG
MalSign.Generic
2015.0.3521

Baidu Antivirus
Trojan.Win32.RuMail
4.0.3.14328

Bkav FE
W32.Clod21c.Trojan
1.3.0.4613

Comodo Security
Application.Win32.RuMail.pwhe
17604

Dr.Web
Adware.Downware.533
9.0.1.087

McAfee
Artemis!E3169A1E78E0
5600.7177

Reason Heuristics
PUP.Optional.Service.L
14.3.28.18

Rising Antivirus
PE:Trojan.RuMail!1.6574
23.00.65.131223

Sophos
RsMall
4.94

Trend Micro House Call
TROJ_GEN.F47V0614
7.2.87

File size:
1.7 MB (1,746,496 bytes)

Product version:
1, 0, 0, 317

Copyright:
Copyright 2010

Original file name:
GuardMailRu.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mail.ru\guard\guardmailru.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 2:00:00 AM

Valid to:
2/7/2014 1:59:59 AM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
2/21/2012 3:56:13 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
24576:rUT1EW3naQQrEGGrhOyf+6hJOal/5jbhYJm/urgbUGeSzzxghbVqybeyh4n8qFmN:Q153WG1JZq9rbWghIOTh4n8qwlHT

Entry address:
0x11E15C

Entry point:
E8, 37, C3, 00, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 56, 33, C0, 50, 50, 50, 50, 50, 50, 50, 50, 8B, 55, 0C, 8D, 49, 00, 8A, 02, 0A, C0, 74, 09, 83, C2, 01, 0F, AB, 04, 24, EB, F1, 8B, 75, 08, 8B, FF, 8A, 06, 0A, C0, 74, 0C, 83, C6, 01, 0F, A3, 04, 24, 73, F1, 8D, 46, FF, 83, C4, 20, 5E, C9, C3, 8B, FF, 55, 8B, EC, 83, EC, 20, 57, 56, E8, 61, 0D, 00, 00, 33, FF, 59, 3B, F7, 75, 1D, E8, 05, 0D, 00, 00, 57, 57, 57, 57, 57, C7, 00, 16, 00, 00, 00, E8, 8F, C0, FF, FF, 83...
 
[+]

Entropy:
6.5451

Code size:
1.3 MB (1,355,776 bytes)

Service
Display name:
Guard.Mail.ru

Type:
Win32OwnProcess


The file GuardMailRu.exe has been discovered within the following program.

Guard.Mail.ru  by Mail.Ru
Guard.Mail.ru is part of the Guard Mail service.
www.mail.ru
42% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

TCP (HTTP):
Connects to mra.mail.ru  (94.100.180.127:80)

TCP (HTTP):
Connects to moscow.cdnmail.ru  (94.100.180.110:80)

TCP (HTTP):
Connects to kojura.mail.ru  (217.69.133.27:80)

Remove GuardMailRu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.