home

USBGuard.exe

USB Disk Security

Zbshareware Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USB Security’.
Publisher:
Zbshareware Lab  (signed by Zbshareware Limited)

Product:
USB Disk Security

Version:
6.0.0.126

MD5:
80ff0902c03b841b227ee5603bf8b298

SHA-1:
716be42844ebf22241e2709a0142021406d08917

SHA-256:
21c4c1fa3ad9073f3a01cf7569ff1a1ce5ad38eaba01e1d4637dc132ad0a3bc6

Scanner detections:
9 / 68

Status:
Clean  (9 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/27/2024 4:01:07 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Ren.Gen
7.11.207.178

Baidu Antivirus
Worm.Win32.Autorun
4.0.3.16211

Bkav FE
HW32.Packed
1.3.0.6379

F-Prot
W32/Patched.Y.gen
v6.4.7.1.166

IKARUS anti.virus
Trojan.Patched
t3scan.1.8.6.0

McAfee
Artemis!7A529B5CC7F5
5600.6493

Rising Antivirus
PE:Junk.FileBroken!1.9A81[F1]
23.00.65.16209

Trend Micro House Call
Suspicious_GEN.F47V0110
7.2.42

Zillya! Antivirus
Trojan.KillAV.Win32.9586
2.0.0.2117

File size:
612 KB (626,688 bytes)

Product version:
6.0.0.126

Copyright:
Zbshareware Lab All rights reserved.

Trademarks:
Zbshareware Lab

Original file name:
USBGuard.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\usb disk security\usbguard.exe

Digital Signature
Signed by:
Zbshareware Limited

Authority:
The USERTRUST Network

Valid from:
6/3/2010 2:00:00 AM

Valid to:
6/3/2012 1:59:59 AM

Subject:
CN=Zbshareware Limited, O=Zbshareware Limited, STREET="FLAT 01A2, 10/F, CARNIVAL COMMERCIAL BUILDING, 18 JAVA ROAD, NORTH POINT", L=HONG KONG, S=HONG KONG, PostalCode=999077, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
5D55B75AAA0B9FDFE138EDCA88D3DFF5

File PE Metadata
Compilation timestamp:
1/29/2011 6:23:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:tOYPfpQmwKaliAOzQQTm9En3nbu0QbrPLpwIn+Z037NyrcbzpzTGVpOE76AenbMw:tOYHymwKalieEn3S0Qbr1whZ2r1y/eD

Entry address:
0x160E5

Entry point:
E8, 76, 04, 00, 00, E9, 36, FD, FF, FF, 3B, 0D, 28, 30, 42, 00, 75, 02, F3, C3, E9, F6, 04, 00, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, 28, 67, 41, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 45, 01, 00, 00, F6, C3, 01, 74, 07, 57, E8, 91, F8, FF, FF, 59, 8B, C7, 5F, EB, 13, E8, F4, 05, 00, 00, F6, C3, 01, 74, 07, 56, E8, 7B, F8, FF, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, CC, FF, 25, 14, 96, 41, 00, 6A, 14, 68, E8, E4, 41, 00, E8, 5E, 03, 00, 00, FF, 35, C8, 3D, 42, 00, 8B, 35, AC, 95, 41...
 
[+]

Entropy:
7.2482

Code size:
264 KB (270,336 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Security

Command:
C:\Program Files\usb disk security\usbguard.exe


Scan USBGuard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.