home

xvirus_web_guard.exe

Xvirus Web Guard

Mysecuritywin

This is a setup program which is used to install the application. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘Xvirus Web Guard’. The file has been seen being downloaded from www.weebly.com.
Publisher:
Mysecuritywin

Product:
Xvirus Web Guard

Version:
1.2.0.0

MD5:
97e18c472be43bb84f3704839b8ad2b2

SHA-1:
58048697acb2085f86cd90c2b7c4f1725070028c

SHA-256:
7df76b6d97cce1dcd77c4331f8296bfbb694a0585030197399e3a17731dce5a8

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/26/2024 8:53:48 PM UTC  (today)

File size:
1.3 MB (1,392,128 bytes)

Product version:
1.2.0.0

Copyright:
Copyright © Mysecuritywin 2014

Trademarks:
Mysecuritywin

Original file name:
Xvirus Web Guard.exe

File type:
Executable application (Win32 EXE)

Language:
Turkish (Turkey)

Common path:
C:\users\{user}\downloads\xvirus_web_guard.exe

File PE Metadata
Compilation timestamp:
8/15/2014 7:42:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

.NET CLR dependent:
Yes

CTPH (ssdeep):
24576:UYNVYNpyqt5eYNLYNrHshEpHXjwm8iNYNM:4fKMqjui

Entry address:
0x12C96E

Entry point:
FF, 25, 00, 20, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C# / Basic .NET

Code size:
1.2 MB (1,223,168 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
Xvirus Web Guard

Command:
C:\users\{user}\downloads\xvirus_web_guard.exe


The file xvirus_web_guard.exe has been seen being distributed by the following URL.

http://www.weebly.com/uploads/1/6/2/6/.../xvirus_web_guard.exe

Scan xvirus_web_guard.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.