home

USBGuard.exe

USB Disk Security

Zbshareware Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USB Security’.
Publisher:
Zbshareware Lab  (signed by Zbshareware Limited)

Product:
USB Disk Security

Version:
6.0.0.126

MD5:
a2b07c5dcfa39972a5f5523fabc76ff3

SHA-1:
af9b07421990a86ffc243c38bab8f0c6449e8c13

SHA-256:
32cc779b73193f0f33549d29819cc26124418757af8fd9b30ab64ac102c751c6

Scanner detections:
9 / 68

Status:
Clean  (9 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/23/2024 12:15:44 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Ren.Gen
7.11.207.178

Baidu Antivirus
Worm.Win32.Autorun
4.0.3.16210

Bkav FE
HW32.Packed
1.3.0.6379

F-Prot
W32/Patched.Y.gen
v6.4.7.1.166

IKARUS anti.virus
Trojan.Patched
t3scan.1.8.6.0

McAfee
Artemis!7A529B5CC7F5
5600.6493

Rising Antivirus
PE:Junk.FileBroken!1.9A81[F1]
23.00.65.16208

Trend Micro House Call
Suspicious_GEN.F47V0110
7.2.41

Zillya! Antivirus
Trojan.KillAV.Win32.9586
2.0.0.2117

File size:
608.9 KB (623,520 bytes)

Product version:
6.0.0.126

Copyright:
Zbshareware Lab All rights reserved.

Trademarks:
Zbshareware Lab

Original file name:
USBGuard.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\usb disk security\usbguard.exe

Digital Signature
Signed by:
Zbshareware Limited

Authority:
The USERTRUST Network

Valid from:
6/3/2010 7:00:00 AM

Valid to:
6/3/2012 6:59:59 AM

Subject:
CN=Zbshareware Limited, O=Zbshareware Limited, STREET="FLAT 01A2, 10/F, CARNIVAL COMMERCIAL BUILDING, 18 JAVA ROAD, NORTH POINT", L=HONG KONG, S=HONG KONG, PostalCode=999077, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
5D55B75AAA0B9FDFE138EDCA88D3DFF5

File PE Metadata
Compilation timestamp:
1/29/2011 11:23:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:yOYPfpQmwKaliAOzQQTm9En3nbu0QbrPLpwIn+Z037NyrcbzpzTGVpOE76AenbM6:yOYHymwKalieEn3S0Qbr1whZ2r1y/eD/

Entry address:
0x160E5

Entry point:
E8, 76, 04, 00, 00, E9, 36, FD, FF, FF, 3B, 0D, 28, 30, 42, 00, 75, 02, F3, C3, E9, F6, 04, 00, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, 28, 67, 41, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 45, 01, 00, 00, F6, C3, 01, 74, 07, 57, E8, 91, F8, FF, FF, 59, 8B, C7, 5F, EB, 13, E8, F4, 05, 00, 00, F6, C3, 01, 74, 07, 56, E8, 7B, F8, FF, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, CC, FF, 25, 14, 96, 41, 00, 6A, 14, 68, E8, E4, 41, 00, E8, 5E, 03, 00, 00, FF, 35, C8, 3D, 42, 00, 8B, 35, AC, 95, 41...
 
[+]

Entropy:
7.2705

Code size:
96 KB (98,304 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Security

Command:
C:\Program Files\usb disk security\usbguard.exe


Scan USBGuard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.