home

itcurguard.exe

SmartIT

LightStar Information Co.,Ltd.

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘SmartIT Client Guard’.
Publisher:
Light Star Information  (signed by LightStar Information Co.,Ltd.)

Product:
SmartIT

Description:
SmartIT ITCuruer Guard

Version:
0, 0, 0, 1

MD5:
0c945aea3d5d3f25d14defa20311b6fd

SHA-1:
48d93c2868ea8d3c9132d03bdc19a1484ce15c96

SHA-256:
1cbbde1f8fe1ae16be185d3371715ff1564bec8a4343b88c0fc21c1ec3ea6061

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:18:49 PM UTC  (today)

File size:
248.2 KB (254,160 bytes)

Product version:
8, 2, 14, 731

Copyright:
Copyright (c) Light Star Information 2015

Original file name:
ITCurGuard.exe

File type:
Executable application (Win32 EXE)

Digital Signature
Signed by:
LightStar Information Co.,Ltd.

Authority:
VeriSign, Inc.

Valid from:
1/8/2013 8:00:00 AM

Valid to:
1/9/2016 7:59:59 AM

Subject:
CN="LightStar Information Co.,Ltd.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="LightStar Information Co.,Ltd.", L=New Taipei City, S=New Taipei City, C=TW

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
3FADB844446E7C2B00077D76C011F66E

File PE Metadata
Compilation timestamp:
6/1/2015 10:17:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
3072:8AgeycdParcMOprpVg/8UF/uI+/maRidSYQrQ2M15BNIcDDGMHFC51M3rP:bJ9aQbprpVgkURhybM15hDfY1M3rP

Entry address:
0x9080

Entry point:
55, 8B, EC, E8, 38, E4, 00, 00, E8, A3, FD, FF, FF, 5D, C3, CC, 55, 8B, EC, 8B, 45, 08, 83, 3C, C5, C0, 40, 43, 00, 00, 75, 1A, 8B, 4D, 08, 51, E8, E7, 00, 00, 00, 83, C4, 04, 85, C0, 75, 0A, 6A, 11, E8, 89, B0, 00, 00, 83, C4, 04, 8B, 55, 08, 8B, 04, D5, C0, 40, 43, 00, 50, FF, 15, 04, 61, 42, 00, 5D, C3, CC, CC, CC, 55, 8B, EC, 83, EC, 0C, C7, 45, FC, 00, 00, 00, 00, EB, 09, 8B, 45, FC, 83, C0, 01, 89, 45, FC, 83, 7D, FC, 24, 7D, 4F, 8B, 4D, FC, 83, 3C, CD, C0, 40, 43, 00, 00, 74, 40, 8B, 55, FC, 83, 3C...
 
[+]

Entropy:
5.8566

Developed / compiled with:
Microsoft Visual C++

Code size:
144.5 KB (147,968 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
SmartIT Client Guard

Command:
"C:\smartit\itcurguard.exe"


Scan itcurguard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.