» tamguard.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

tamguard.exe

Guard Tam

Qzoneinteractive

The application tamguard.exe by Qzoneinteractive has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘guardtam’. This file is typically installed with the program Micro theam secure softwear profile by Micro Theam Corporation.

File name:

tamguard.exe

Publisher:

Qzoneinteractive (signed and verified)

Product:

Guard Tam

Version:

1, 0, 0, 1

MD5:

55ae6ffa80641df6ab30b40d20728fd6

SHA-1:

88649794bc0819840acae80552e6d48e0add21c0

SHA-256:

0b0dec7d4c1df03ec0ed6e754cfe9425055e3ce786c61b97361563171da0dba0

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:52:14 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Qzoneinteractive

15.6.16.17

Trend Micro House Call

TROJ_GEN.F47V0206

7.2.234

Vba32 AntiVirus

suspected of Trojan.Downloader.gen.h

3.12.26.0

File size:

169.5 KB (173,576 bytes)

Product version:

1, 0, 0, 1

Original file name:

Guard tam.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\users\{user}\appdata\roaming\theam\common\bin\tamguard.exe

Digital Signature

Signed by:

Qzoneinteractive

Authority:

Thawte, Inc.

Valid from:

11/30/2013 9:00:00 AM

Valid to:

12/31/2014 8:59:59 AM

Subject:

CN=Qzoneinteractive, O=Qzoneinteractive, L=Gwangjin-gu, S=Seoul, C=KR

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

0ED8386A77DD8C93F3CA811C375EA680

File PE Metadata

Compilation timestamp:

1/2/2014 2:24:14 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:EPsGj+AX9BmLYGVXrGp4YWj9YfB3OHieyh1AUYxX+Ww5CL:UsGj+AHmLYGVXrGpVq+FeyUPvP

Entry address:

0x833A

Entry point:

E8, C2, 30, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, CF, 03, 00, 00, 3B, 0D, 90, 50, 42, 00, 75, 02, F3, C3, E9, 39, 31, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, CB, 35, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, C9, 0C, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, F8, 31, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, A7, 1B, 00, 00, 83... 
[+]

Entropy:

6.4539

Code size:

112.5 KB (115,200 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

guardtam

Command:

C:\users\{user}\appdata\roaming\theam\common\bin\tamguard.exe

The file tamguard.exe has been discovered within the following program.

Micro theam secure softwear profile by Micro Theam Corporation

About 1% of users remove it

Remove tamguard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.