» THGuard.exe
Overview
Analysis
File Details
Behaviors (1)

THGuard.exe

TrojanHunter Guard

Mischel Internet Security Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘THGuard’.

File name:

THGuard.exe

Publisher:

Mischel Internet Security (signed by Mischel Internet Security Limited)

Product:

TrojanHunter Guard

Version:

5.2.0.278

MD5:

2af1e91b242dde204d8835d49249b4bd

SHA-1:

cf9e98d297c7ac199841f1d1a2a1447507bbe36a

SHA-256:

0226fbfad7b74b4ca00b0280b0251be043456bd146a1dfa3ec89cc21d0286c01

Scanner detections:

0 / 68

Status:

Clean (as of last analysis)

Analysis date:

4/19/2024 3:12:04 AM UTC (today)

File size:

1 MB (1,088,280 bytes)

Product version:

5.2.0.0

Mischel Internet Security Ltd

Trademarks:

TrojanHunter is a trademark of Mischel Internet Security

Original file name:

THGuard.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\trojanhunter 5.5\thguard.exe

Digital Signature

Signed by:

Mischel Internet Security Limited

Authority:

The USERTRUST Network

Valid from:

9/17/2010 3:00:00 AM

Valid to:

9/17/2012 2:59:59 AM

Subject:

CN=Mischel Internet Security Limited, O=Mischel Internet Security Limited, STREET=18 South City Curt, L=54 Peckham Grove, S=London, PostalCode=SE156PN, C=GB

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00BA5023A8D5667682F1E1D1B0BD3903A2

File PE Metadata

Compilation timestamp:

6/20/1992 1:22:17 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:u72SlXX72ifZPCEt0Cko2HsJc484JJ5WpyWWS/S+uEXB:u72SlSuC/HL4gpLhXB

Entry address:

0xCA440

Entry point:

55, 8B, EC, 83, C4, F0, 53, B8, 30, 9E, 4C, 00, E8, 63, C9, F3, FF, 8B, 1D, 1C, 13, 4D, 00, E8, 48, F6, FF, FF, E8, BB, F0, FF, FF, 8B, 03, E8, 90, B6, F9, FF, 8B, 03, C6, 40, 58, 00, 8B, 03, BA, B0, A4, 4C, 00, E8, 62, B1, F9, FF, 8B, 0D, 18, 10, 4D, 00, 8B, 03, 8B, 15, 88, 63, 4C, 00, E8, 83, B6, F9, FF, 6A, 00, 8B, 03, 8B, 40, 30, 50, E8, 5E, D9, F3, FF, 8B, 03, E8, EF, B6, F9, FF, 5B, E8, 4D, A2, F3, FF, 00, FF, FF, FF, FF, 12, 00, 00, 00, 54, 72, 6F, 6A, 61, 6E, 48, 75, 6E, 74, 65, 72, 20, 47, 75, 61... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

805.5 KB (824,832 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

THGuard

Command:

"C:\aa\trojanhunter 5.5\thguard.exe"

Scan THGuard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.