home

USBGuard.exe

USB Disk Security

Zbshareware Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USB Security’.
Publisher:
Zbshareware Lab  (signed by Zbshareware Limited)

Product:
USB Disk Security

Version:
6.0.0.126

MD5:
83bfbc4c35e66a96ef64be5f10b130ed

SHA-1:
8effa9f0fbd49bb13262cb43675fef9649750f7a

SHA-256:
4a46eb89a2e887efa105ace586ee1638ef5dfe17cb36adf1a0efd396282c4d87

Scanner detections:
9 / 68

Status:
Clean  (9 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/25/2024 5:12:04 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Ren.Gen
7.11.207.178

Baidu Antivirus
Worm.Win32.Autorun
4.0.3.1629

Bkav FE
HW32.Packed
1.3.0.6379

F-Prot
W32/Patched.Y.gen
v6.4.7.1.166

IKARUS anti.virus
Trojan.Patched
t3scan.1.8.6.0

McAfee
Artemis!7A529B5CC7F5
5600.6494

Rising Antivirus
PE:Junk.FileBroken!1.9A81[F1]
23.00.65.16207

Trend Micro House Call
Suspicious_GEN.F47V0110
7.2.40

Zillya! Antivirus
Trojan.KillAV.Win32.9586
2.0.0.2117

File size:
608.9 KB (623,520 bytes)

Product version:
6.0.0.126

Copyright:
Zbshareware Lab All rights reserved.

Trademarks:
Zbshareware Lab

Original file name:
USBGuard.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\usb disk security\usbguard.exe

Digital Signature
Signed by:
Zbshareware Limited

Authority:
The USERTRUST Network

Valid from:
6/3/2010 7:00:00 AM

Valid to:
6/3/2012 6:59:59 AM

Subject:
CN=Zbshareware Limited, O=Zbshareware Limited, STREET="FLAT 01A2, 10/F, CARNIVAL COMMERCIAL BUILDING, 18 JAVA ROAD, NORTH POINT", L=HONG KONG, S=HONG KONG, PostalCode=999077, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
5D55B75AAA0B9FDFE138EDCA88D3DFF5

File PE Metadata
Compilation timestamp:
1/29/2011 11:23:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:BOYPfpQmwKaliAOzQQTm9En3nbu0QbrPLpwIn+Z037NyrcbzpzTGVpOE76AenbM6:BOYHymwKalieEn3S0Qbr1whZ2r1y/eD/

Entry address:
0x160E5

Entry point:
E8, 76, 04, 00, 00, E9, 36, FD, FF, FF, 3B, 0D, 28, 30, 42, 00, 75, 02, F3, C3, E9, F6, 04, 00, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, 28, 67, 41, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 45, 01, 00, 00, F6, C3, 01, 74, 07, 57, E8, 91, F8, FF, FF, 59, 8B, C7, 5F, EB, 13, E8, F4, 05, 00, 00, F6, C3, 01, 74, 07, 56, E8, 7B, F8, FF, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, CC, FF, 25, 14, 96, 41, 00, 6A, 14, 68, E8, E4, 41, 00, E8, 5E, 03, 00, 00, FF, 35, C8, 3D, 42, 00, 8B, 35, AC, 95, 41...
 
[+]

Entropy:
7.2705

Code size:
96 KB (98,304 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Security

Command:
C:\Program Files\usb disk security\usbguard.exe


Scan USBGuard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.