» THGuard.exe
Overview
Analysis
File Details
Behaviors (1)

THGuard.exe

TrojanHunter Guard

Mischel Internet Security

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘THGuard’.

File name:

THGuard.exe

Publisher:

Mischel Internet Security (signed and verified)

Product:

TrojanHunter Guard

Version:

5.5.0.278

MD5:

594df6f5263b80eee10adddb0fd8f253

SHA-1:

5bffc1d52a861449782c53ddda94c91af69aa866

SHA-256:

807c497e4b711674d272b9b561b2713dec06475d0977291e9889dae86b15614b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/27/2024 2:57:42 AM UTC (today)

File size:

1 MB (1,086,880 bytes)

Product version:

5.2.0.0

Mischel Internet Security Ltd

Trademarks:

TrojanHunter is a trademark of Mischel Internet Security

Original file name:

THGuard.exe

File type:

Executable application (Win32 EXE)

Language:

Swedish (Sweden)

Common path:

C:\Program Files\trojanhunter 5.5\thguard.exe

Digital Signature

Signed by:

Mischel Internet Security

Authority:

COMODO CA Limited

Valid from:

10/8/2012 8:00:00 PM

Valid to:

10/9/2013 7:59:59 PM

Subject:

CN=Mischel Internet Security, O=Mischel Internet Security, STREET=Vibyholmsv. 29, STREET=12542, L=Stockholm, S=NA, PostalCode=12542, C=SE

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

5A3DCB8DD2902A5A0035796FCFC3E218

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:+3zTDcXJDC/ik8X+HVAD1XoGY6JJ5dj5mML6za+uyCL:+LYCU+wm2j5mVVCL

Entry address:

0xC9F74

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 64, 99, 4C, 00, E8, 2F, CE, F3, FF, 8B, 1D, 18, 03, 4D, 00, E8, 48, F6, FF, FF, E8, BB, F0, FF, FF, 8B, 03, E8, 5C, BB, F9, FF, 8B, 03, C6, 40, 58, 00, 8B, 03, BA, E4, 9F, 4C, 00, E8, 2E, B6, F9, FF, 8B, 0D, 18, 00, 4D, 00, 8B, 03, 8B, 15, B4, 5E, 4C, 00, E8, 4F, BB, F9, FF, 6A, 00, 8B, 03, 8B, 40, 30, 50, E8, 2A, DE, F3, FF, 8B, 03, E8, BB, BB, F9, FF, 5B, E8, 19, A7, F3, FF, 00, FF, FF, FF, FF, 12, 00, 00, 00, 54, 72, 6F, 6A, 61, 6E, 48, 75, 6E, 74, 65, 72, 20, 47, 75, 61... 
[+]

Entropy:

6.4673

Developed / compiled with:

Microsoft Visual C++

Code size:

804 KB (823,296 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

THGuard

Command:

"C:\Program Files\trojanhunter 5.5\thguard.exe"

Scan THGuard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.