home

USBGuard.exe

USB Disk Security

Zbshareware Limited

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘USB Security’.
Publisher:
Zbshareware Lab  (signed by Zbshareware Limited)

Product:
USB Disk Security

Version:
6.0.0.126

MD5:
a6d7d4492699d52b40c1828094dc51c8

SHA-1:
e56325696ffdd42baf7d9b82671f8ab1b0fbe66e

SHA-256:
188cf9b66e18780a304f07cf84ccb0990aff6756b7ede49caf42da1e1c5e5a30

Scanner detections:
9 / 68

Status:
Clean  (9 probable false positive detections)

Explanation:
These detections are probably false positives (erroneous), the file is probably malware free.

Analysis date:
4/16/2024 9:42:40 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/Patched.Ren.Gen
7.11.207.178

Baidu Antivirus
Worm.Win32.Autorun
4.0.3.16214

Bkav FE
HW32.Packed
1.3.0.6379

F-Prot
W32/Patched.Y.gen
v6.4.7.1.166

IKARUS anti.virus
Trojan.Patched
t3scan.1.8.6.0

McAfee
Artemis!7A529B5CC7F5
5600.6490

Rising Antivirus
PE:Junk.FileBroken!1.9A81[F1]
23.00.65.16212

Trend Micro House Call
Suspicious_GEN.F47V0110
7.2.45

Zillya! Antivirus
Trojan.KillAV.Win32.9586
2.0.0.2117

File size:
608.9 KB (623,520 bytes)

Product version:
6.0.0.126

Copyright:
Zbshareware Lab All rights reserved.

Trademarks:
Zbshareware Lab

Original file name:
USBGuard.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\usb disk security\usbguard.exe

Digital Signature
Signed by:
Zbshareware Limited

Authority:
The USERTRUST Network

Valid from:
6/3/2110 3:00:00 AM

Valid to:
6/3/2112 2:59:59 AM

Subject:
CN=Zbshareware Limited, O=Zbshareware Limited, STREET="FLAT 01A2, 10/F, CARNIVAL COMMERCIAL BUILDING, 18 JAVA ROAD, NORTH POINT", L=HONG KONG, S=HONG KONG, PostalCode=999077, C=CN

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
5D55B75AAA0B9FDFE138EDCA88D3DFF5

File PE Metadata
Compilation timestamp:
1/29/2011 7:23:19 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:vOYPfpQmwKaliAOzQQTm9En3nbu0QbrPLpwIn+Z037NyrcbzpzTGVpOE76AenbM6:vOYHymwKalieEn3S0Qbr1whZ2r1y/eD/

Entry address:
0x160E5

Entry point:
E8, 76, 04, 00, 00, E9, 36, FD, FF, FF, 3B, 0D, 28, 30, 42, 00, 75, 02, F3, C3, E9, F6, 04, 00, 00, 53, 8A, 5C, 24, 08, F6, C3, 02, 56, 8B, F1, 74, 24, 57, 68, 28, 67, 41, 00, 8D, 7E, FC, FF, 37, 6A, 0C, 56, E8, 45, 01, 00, 00, F6, C3, 01, 74, 07, 57, E8, 91, F8, FF, FF, 59, 8B, C7, 5F, EB, 13, E8, F4, 05, 00, 00, F6, C3, 01, 74, 07, 56, E8, 7B, F8, FF, FF, 59, 8B, C6, 5E, 5B, C2, 04, 00, CC, FF, 25, 14, 96, 41, 00, 6A, 14, 68, E8, E4, 41, 00, E8, 5E, 03, 00, 00, FF, 35, C8, 3D, 42, 00, 8B, 35, AC, 95, 41...
 
[+]

Entropy:
7.2705

Code size:
96 KB (98,304 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
USB Security

Command:
C:\Program Files\usb disk security\usbguard.exe


Scan USBGuard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.