» USBGuard.exe
Overview
Analysis
File Details
Behaviors (1)

USBGuard.exe

USB Disk Security

Zbshareware Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USB Security’.

File name:

USBGuard.exe

Publisher:

Zbshareware Lab (signed by Zbshareware Limited)

Product:

USB Disk Security

Version:

6.0.0.126

MD5:

f37a38b381a580b8a0cdbcc3511fa763

SHA-1:

61918051e5dd04370117a22ab917656c5a21b78e

Scanner detections:

9 / 68

Status:

Clean (9 probable false positive detections)

Explanation:

These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:

4/19/2024 10:07:57 AM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

TR/Patched.Ren.Gen

7.11.207.178

Baidu Antivirus

Worm.Win32.Autorun

4.0.3.16212

Bkav FE

HW32.Packed

1.3.0.6379

F-Prot

W32/Patched.Y.gen

v6.4.7.1.166

IKARUS anti.virus

Trojan.Patched

t3scan.1.8.6.0

McAfee

Artemis!7A529B5CC7F5

5600.6492

Rising Antivirus

PE:Junk.FileBroken!1.9A81[F1]

23.00.65.16210

Trend Micro House Call

Suspicious_GEN.F47V0110

7.2.43

Zillya! Antivirus

Trojan.KillAV.Win32.9586

2.0.0.2117

File size:

608.9 KB (623,520 bytes)

Product version:

6.0.0.126

Trademarks:

Zbshareware Lab

Original file name:

USBGuard.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\usb disk security\usbguard.exe

Digital Signature

Signed by:

Zbshareware Limited

Authority:

The USERTRUST Network

Valid from:

6/3/2010 2:00:00 AM

Valid to:

6/3/2012 1:59:59 AM

Subject:

CN=Zbshareware Limited, O=Zbshareware Limited, STREET="FLAT 01A2, 10/F, CARNIVAL COMMERCIAL BUILDING, 18 JAVA ROAD, NORTH POINT", L=HONG KONG, S=HONG KONG, PostalCode=999077, C=CN

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

5D55B75AAA0B9FDFE138EDCA88D3DFF5

File PE Metadata

Compilation timestamp:

1/29/2011 5:23:19 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

8.0

CTPH (ssdeep):

6144:qOYPfpQmwKaliAOzQQTm9En3nbu0QbrPLpwIn+Z037NyrcbzpzTGVpOE76AenbM6:qOYHymwKalieEn3S0Qbr1whZ2r1y/eD/

Entry address:

0x160E5

Entry point:

E8, 76, 04, 00, 00, E9, 36, FD, FF, FF, 3B, 0D, 28, 30, 42, 00, 75, 02, F3, C3, E9, F6, 04, 00, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, 28, 67, 41, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 45, 01, 00, 00, F6, C3, 01, 74, 07, 57, E8, 91, F8, FF, FF, 59, 8B, C7, 5F, EB, 13, E8, F4, 05, 00, 00, F6, C3, 01, 74, 07, 56, E8, 7B, F8, FF, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, CC, FF, 25, 14, 96, 41, 00, 6A, 14, 68, E8, E4, 41, 00, E8, 5E, 03, 00, 00, FF, 35, C8, 3D, 42, 00, 8B, 35, AC, 95, 41... 
[+]

Code size:

96 KB (98,304 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

USB Security

Command:

C:\Program Files\usb disk security\usbguard.exe

Scan USBGuard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.