» THGuard.exe
Overview
Analysis
File Details
Behaviors (1)

THGuard.exe

TrojanHunter Guard

Mischel Internet Security Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘THGuard’.

File name:

THGuard.exe

Publisher:

Mischel Internet Security (signed by Mischel Internet Security Limited)

Product:

TrojanHunter Guard

Version:

5.2.0.278

MD5:

dea2d2a3abc3356c873542606b6fdd81

SHA-1:

2948580b77755062db52f07b79ecaa49bca9019e

SHA-256:

c80fa100c9f8812a4b499da7ff85771833b266cf162ddfe1822133a1ad54a84b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/25/2024 5:06:56 PM UTC (today)

File size:

1 MB (1,088,280 bytes)

Product version:

5.2.0.0

Mischel Internet Security Ltd

Trademarks:

TrojanHunter is a trademark of Mischel Internet Security

Original file name:

THGuard.exe

File type:

Executable application (Win32 EXE)

Language:

Swedish (Sweden)

Common path:

C:\Program Files\trojanhunter 5.5\thguard.exe

Digital Signature

Signed by:

Mischel Internet Security Limited

Authority:

The USERTRUST Network

Valid from:

9/16/2010 8:00:00 PM

Valid to:

9/16/2012 7:59:59 PM

Subject:

CN=Mischel Internet Security Limited, O=Mischel Internet Security Limited, STREET=18 South City Curt, L=54 Peckham Grove, S=London, PostalCode=SE156PN, C=GB

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00BA5023A8D5667682F1E1D1B0BD3903A2

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:172SlXX72ifZPCEt0Cko2HsJc484JJ5WpyWWS/S+uEXl:172SlSuC/HL4gpLhXl

Entry address:

0xCA440

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 30, 9E, 4C, 00, E8, 63, C9, F3, FF, 8B, 1D, 1C, 13, 4D, 00, E8, 48, F6, FF, FF, E8, BB, F0, FF, FF, 8B, 03, E8, 90, B6, F9, FF, 8B, 03, C6, 40, 58, 00, 8B, 03, BA, B0, A4, 4C, 00, E8, 62, B1, F9, FF, 8B, 0D, 18, 10, 4D, 00, 8B, 03, 8B, 15, 88, 63, 4C, 00, E8, 83, B6, F9, FF, 6A, 00, 8B, 03, 8B, 40, 30, 50, E8, 5E, D9, F3, FF, 8B, 03, E8, EF, B6, F9, FF, 5B, E8, 4D, A2, F3, FF, 00, FF, FF, FF, FF, 12, 00, 00, 00, 54, 72, 6F, 6A, 61, 6E, 48, 75, 6E, 74, 65, 72, 20, 47, 75, 61... 
[+]

Entropy:

6.4667

Developed / compiled with:

Microsoft Visual C++

Code size:

805.5 KB (824,832 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

THGuard

Command:

"C:\Program Files\trojanhunter 5.5\thguard.exe"

Scan THGuard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.