guar64.exe

Guardian AntiVirus

Quick Heal Technologies (Pvt) Ltd.

This is a self-extracting archive and installer. The file has been seen being downloaded from bitcast-b.bitgravity.com.
Publisher:
Quick Heal Technologies (P) Ltd.  (signed by Quick Heal Technologies (Pvt) Ltd.)

Product:
Guardian AntiVirus

Description:
Installer Application

Version:
8.0.0.1

MD5:
b2f30c98faf7bf17179a9b84a2240e02

SHA-1:
b5ea51ea9fade775f34bb6561426a1a0ade14292

SHA-256:
e04862fb7da8047bb90eadf566ecd8fdcd6b04341e67189636775bd48a12b3bb

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/24/2024 1:48:57 PM UTC  (today)

File size:
455.9 MB (478,086,376 bytes)

Product version:
15.00

Copyright:
© Quick Heal Technologies (P) Ltd. All rights reserved.

Original file name:
qhunpack.exe

File type:
Executable application (Win64 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\programs\guar64.exe

Digital Signature
Authority:
VeriSign, Inc.

Valid from:
8/14/2013 5:30:00 AM

Valid to:
10/13/2016 5:29:59 AM

Subject:
CN=Quick Heal Technologies (Pvt) Ltd., OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Quick Heal Technologies (Pvt) Ltd., L=Pune, S=Maharashtra, C=IN

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
1B1E84B021B58A4729D1069BA28480BB

File PE Metadata
Compilation timestamp:
8/11/2014 4:55:10 PM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
12582912:vDs+ouedgqf+rsKLXgemFOMfCD6nQaFvitI4i:vDs+heGqf8GIMfC3iAi

Entry address:
0xAE78

Entry point:
48, 83, EC, 28, E8, E7, 76, 00, 00, 48, 83, C4, 28, E9, 16, FE, FF, FF, CC, CC, 48, 89, 4C, 24, 08, 48, 81, EC, 88, 00, 00, 00, 48, 8D, 0D, 31, 8B, 01, 00, FF, 15, DB, E3, 00, 00, 4C, 8B, 1D, 1C, 8C, 01, 00, 4C, 89, 5C, 24, 58, 45, 33, C0, 48, 8D, 54, 24, 60, 48, 8B, 4C, 24, 58, E8, 19, B2, 00, 00, 48, 89, 44, 24, 50, 48, 83, 7C, 24, 50, 00, 74, 41, 48, C7, 44, 24, 38, 00, 00, 00, 00, 48, 8D, 44, 24, 48, 48, 89, 44, 24, 30, 48, 8D, 44, 24, 40, 48, 89, 44, 24, 28, 48, 8D, 05, DC, 8A, 01, 00, 48, 89, 44, 24...
 
[+]

Entropy:
7.9942  (probably packed)

Code size:
93 KB (95,232 bytes)

The file guar64.exe has been seen being distributed by the following URL.