» THGuard.exe
Overview
Analysis
File Details
Behaviors (1)

THGuard.exe

TrojanHunter Guard

Mischel Internet Security Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘THGuard’.

File name:

THGuard.exe

Publisher:

Mischel Internet Security (signed by Mischel Internet Security Limited)

Product:

TrojanHunter Guard

Version:

5.0.0.278

MD5:

33d2cda19cc8b6423e989eb1c97acc30

SHA-1:

a6bd7e00bfc3d3bba751c539f9024862c50d9169

SHA-256:

bdb6d6059df3ae075239983d84a46350affb7ac58e7a0b0f3a62a7c1dc75c03b

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/16/2024 9:30:24 AM UTC (today)

File size:

1 MB (1,061,536 bytes)

Product version:

0.0.0.0

Mischel Internet Security Ltd

Trademarks:

TrojanHunter is a trademark of Mischel Internet Security

Original file name:

THGuard.exe

File type:

Executable application (Win32 EXE)

Language:

Swedish (Sweden)

Common path:

C:\Program Files\trojanhunter 5.0\thguard.exe

Digital Signature

Signed by:

Mischel Internet Security Limited

Authority:

The USERTRUST Network

Valid from:

8/31/2007 10:00:00 AM

Valid to:

8/31/2010 9:59:59 AM

Subject:

CN=Mischel Internet Security Limited, O=Mischel Internet Security Limited, STREET=18 South City Court, STREET=54 Peckham Grove, L=London, S=London, PostalCode=SE15 6PN, C=GB

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00C1056AF1334F718680927C8180E0B1FD

File PE Metadata

Compilation timestamp:

6/20/1992 8:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:fsuOsrPODxooD0155dkCd0eYgBRJJJ5MOvB2JrsmI+u6oXnyTn:f/s/JeL+OvBQPpoXns

Entry address:

0xC4D0C

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 2C, 47, 4C, 00, E8, DF, 20, F4, FF, 8B, 1D, 1C, B2, 4C, 00, 8B, 03, E8, EE, 0E, FA, FF, 8B, 03, C6, 40, 5B, 00, 8B, 03, BA, 74, 4D, 4C, 00, E8, BC, 09, FA, FF, 8B, 0D, 3C, AF, 4C, 00, 8B, 03, 8B, 15, DC, 1A, 4C, 00, E8, E1, 0E, FA, FF, 6A, 00, 8B, 03, 8B, 40, 30, 50, E8, CC, 30, F4, FF, 8B, 03, E8, 4D, 0F, FA, FF, 5B, E8, DB, F9, F3, FF, 00, 00, 00, FF, FF, FF, FF, 12, 00, 00, 00, 54, 72, 6F, 6A, 61, 6E, 48, 75, 6E, 74, 65, 72, 20, 47, 75, 61, 72, 64, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.4560

Developed / compiled with:

Microsoft Visual C++

Code size:

783.5 KB (802,304 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

THGuard

Command:

"C:\Program Files\trojanhunter 5.0\thguard.exe"

Scan THGuard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.