» guard.exe
Overview
Analysis
File Details
Behaviors (1)

guard.exe

Macte! Labs, Inc.

The application guard.exe by Macte! Labs has been detected as a potentially unwanted program by 3 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘KursRuGuard’.

File name:

guard.exe

Publisher:

Macte! Labs, Inc. (signed and verified)

MD5:

d5b1603edde27aab023bf39c4c872d10

SHA-1:

85830795a3223cbd4eab490add6b4debdda47108

SHA-256:

8e4ae89cb18e436b6bf66a774952d1b4a9616cbab77db1449b05ae6e0edf0cb0

Scanner detections:

3 / 68

Status:

Potentially unwanted

Analysis date:

11/15/2024 3:19:09 PM UTC (today)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

17031

ESET NOD32

Win32/Toolbar.Neobar (variant)

9.8863

Reason Heuristics

PUP.MacteLabs (M)

15.7.19.17

File size:

855.6 KB (876,104 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\gigabase\guard\guard.exe

Digital Signature

Signed by:

Macte! Labs, Inc.

Authority:

Thawte, Inc.

Valid from:

10/4/2011 6:00:00 AM

Valid to:

10/4/2013 5:59:59 AM

Subject:

CN="Macte! Labs, Inc.", O="Macte! Labs, Inc.", L=Vancouver, S=British Columbia, C=CA

Issuer:

CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:

1DFFCC714238EF3B3588A3C647077C47

File PE Metadata

Compilation timestamp:

8/10/2012 12:46:37 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:eAJAftpctsmooSD8UIjLjct0bY09o4efNTBqxYyPAZCbjIkdwgmDO:eAyfLcavo3jLjct+R9ob0xhPAZIjI5i

Entry address:

0x8BC8C

Entry point:

E8, 5C, 90, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 8D, 45, 14, 50, 6A, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, F5, 0A, 00, 00, 83, C4, 14, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, A5, 6E, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 90, E8, 4B, 00, 74, 12, 8B, 0D, A8, E7, 4B, 00, 85, 48, 70, 75, 07, E8, 53, 2B, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 18, ED, 4B, 00, 74, 16, 8B, 46, 08, 8B, 0D, A8, E7, 4B, 00, 85, 48... 
[+]

Code size:

672 KB (688,128 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

KursRuGuard

Command:

C:\Program Files\gigabase\guard\guard.exe

Remove guard.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.