» NexGuard.exe
Overview
Analysis
File Details
Behaviors (1)

NexGuard.exe

NexCafé

Nextar Tecnologia de Software Ltda

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘nexguard’.

File name:

NexGuard.exe

Publisher:

Nextar (signed by Nextar Tecnologia de Software Ltda)

Product:

NexCafé

Description:

NexGuard

Version:

5.0.0.205

MD5:

65cf51dd82708441dd394444715abb95

SHA-1:

e5d0a37e546d31c8f1d983777ce82337cb483426

SHA-256:

22ad653fa44e22a04f9c239372ce841125415ad6103883abf36f871cad106a6d

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/24/2024 3:11:56 AM UTC (today)

File size:

17.5 MB (18,321,800 bytes)

Product version:

5.0

Original file name:

NexGuard.exe

File type:

Executable application (Win32 EXE)

Language:

Brazilian Portuguese

Digital Signature

Signed by:

Nextar Tecnologia de Software Ltda

Authority:

DigiCert Inc

Valid from:

4/23/2013 1:00:00 AM

Valid to:

6/25/2014 1:00:00 PM

Subject:

CN=Nextar Tecnologia de Software Ltda, O=Nextar Tecnologia de Software Ltda, L=Florianopolis, S=Santa Catarina, C=BR

Issuer:

CN=DigiCert Assured ID Code Signing CA-1, OU=www.digicert.com, O=DigiCert Inc, C=US

Serial number:

08AB9AEE73535B9AAF15488455B74CC3

File PE Metadata

Compilation timestamp:

2/26/2014 6:01:36 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

393216:mlbP1DHhxIz3OPcoehKUzlDOFdflQfUzAxx+RcxvGk+eWvrIvrET:2pBxbyImx+GxvyvcDo

Entry address:

0x8189E4

Entry point:

55, 8B, EC, B9, 0E, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 51, 53, 56, 57, B8, 5C, AA, C0, 00, E8, 33, FC, 7E, FF, 33, C0, 55, 68, B7, 93, C1, 00, 64, FF, 30, 64, 89, 20, A1, B0, 1C, C7, 00, BA, D0, 93, C1, 00, E8, BA, D2, 7E, FF, E8, 9D, 05, FD, FF, 33, C9, B2, 01, A1, DC, 79, BE, 00, E8, 3F, 67, 81, FF, C6, 40, 0F, 01, 33, D2, B8, E4, 93, C1, 00, E8, D7, BA, 8E, FF, A1, 1C, 1E, C7, 00, 8B, 00, E8, 3F, 74, 87, FF, E8, 06, FE, FC, FF, C6, 05, D4, D2, DF, 00, 00, 8D, 55, E8, 33, C0, E8, F5, AB, 7E, FF, 8B... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

8.1 MB (8,488,448 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

nexguard

Command:

"C:\nexcafe\nexguard.exe"

Scan NexGuard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.