home

NexGuard.exe

NexCafé

Nextar Tecnologia de Software Ltda

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘nexguard’.
Publisher:
Nextar  (signed by Nextar Tecnologia de Software Ltda)

Product:
NexCafé

Description:
NexGuard

Version:
5.0.0.206

MD5:
1c4e2398d99efde4b92755371f4c4038

SHA-1:
b200f8700715fa1149ffb8761e5a6dbb5e40d1b5

SHA-256:
44ca15bae9bc48dbfe3a90513f2755fe47c750e0016ae8f5d5b13015caeddcc3

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/27/2024 2:53:18 AM UTC  (today)

File size:
17.5 MB (18,391,944 bytes)

Product version:
5.0

Original file name:
NexGuard.exe

File type:
Executable application (Win32 EXE)

Language:
Brazilian Portuguese

Digital Signature
Signed by:
Nextar Tecnologia de Software Ltda

Authority:
DigiCert Inc

Valid from:
4/22/2013 9:00:00 PM

Valid to:
6/25/2014 9:00:00 AM

Subject:
CN=Nextar Tecnologia de Software Ltda, O=Nextar Tecnologia de Software Ltda, L=Florianopolis, S=Santa Catarina, C=BR

Issuer:
CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:
08AB9AEE73535B9AAF15488455B74CC3

File PE Metadata
Compilation timestamp:
4/11/2014 10:22:48 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
393216:X81j+d5vzECrxO5ehKUzB4Tdo/Hp08rlQfUzAxx+RcxvGk+eWvrIvrEZ:AK3ZvpLyImx+GxvyvcDO

Entry address:
0x829C78

Entry point:
55, 8B, EC, B9, 0E, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 78, BA, C1, 00, E8, 9F, E9, 7D, FF, 33, C0, 55, 68, 4B, A6, C2, 00, 64, FF, 30, 64, 89, 20, A1, B0, 2C, C8, 00, BA, 64, A6, C2, 00, E8, 26, C0, 7D, FF, E8, A1, D1, FC, FF, 33, C9, B2, 01, A1, 74, 58, BF, 00, E8, AB, 54, 80, FF, C6, 40, 0F, 01, 33, D2, B8, 78, A6, C2, 00, E8, A7, A8, 8D, FF, A1, 1C, 2E, C8, 00, 8B, 00, E8, AB, 61, 86, FF, E8, 0A, CA, FC, FF, C6, 05, 10, E3, E0, 00, 00, 8D, 55, E8, 33, C0, E8, 61, 99, 7D, FF, 8B...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
8.2 MB (8,558,592 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
nexguard

Command:
"C:\nexcafe\nexguard.exe"


Scan NexGuard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.