home

guidretriever.exe

Trend Micro, Inc.

Publisher:
Trend Micro, Inc.  (signed and verified)

MD5:
a2afbe32f29f80e2b566023118b72c32

SHA-1:
ff5a722fbb75628940459b0b2aa3131aad5a78f6

SHA-256:
8ded44b1c7e95d05ef00f88471ca992818efc312e22ccd0d9823369de6cbb36c

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/19/2024 3:25:45 AM UTC  (today)

File size:
27.8 KB (28,488 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\guidretriever.exe

Digital Signature
Signed by:
Trend Micro, Inc.

Authority:
VeriSign, Inc.

Valid from:
1/15/2008 6:00:00 PM

Valid to:
2/16/2011 5:59:59 PM

Subject:
CN="Trend Micro, Inc.", OU=RD, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Trend Micro, Inc.", L=Taipei, S=Taiwan, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
645212F783F4D7ABA3555729E99CE065

File PE Metadata
Compilation timestamp:
3/10/2010 12:04:04 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.56

CTPH (ssdeep):
384:ILi4TPaD6FVFtqB2J+LrbhPxGDQYJLWDwbIObT:lI8m+fWL3b7bT

Entry address:
0x1240

Entry point:
55, 89, E5, 83, EC, 08, C7, 04, 24, 02, 00, 00, 00, FF, 15, 64, 61, 40, 00, E8, A8, FE, FF, FF, 90, 8D, B4, 26, 00, 00, 00, 00, 55, 8B, 0D, 7C, 61, 40, 00, 89, E5, 5D, FF, E1, 8D, 74, 26, 00, 55, 8B, 0D, 70, 61, 40, 00, 89, E5, 5D, FF, E1, 90, 90, 90, 90, 55, 89, E5, 5D, E9, C7, 0B, 00, 00, 90, 90, 90, 90, 90, 90, 90, 55, 89, E5, 81, EC, 18, 01, 00, 00, C7, 45, F4, 00, 00, 00, 00, C7, 45, A4, 01, 00, 00, 00, C7, 45, A0, FF, 00, 00, 00, C7, 45, 9C, 00, 00, 00, 00, C7, 45, 98, 00, 40, 40, 00, C7, 45, 94, 5C...
 
[+]

Entropy:
5.1666

Packer / compiler:
MingWin32 GCC, 0x3.x

Code size:
5 KB (5,120 bytes)

The file guidretriever.exe has been seen being distributed by the following 2 URLs.

https://spnsupport.trendmicro.com/.../GuidRetriever.exe

http://spnsupport.trendmicro.com/.../GuidRetriever.exe

Scan guidretriever.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.