» hgvpnc.exe
Overview
Analysis
File Details
Behaviors (1)
Programs (1)

hgvpnc.exe

HideGuard VPN

ITVA Limited Liability Company

The application hgvpnc.exe, “HideGuard VPN Client” by ITVA Limited Liability Company has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It is set to automatically start when a user logs into Windows via the current user run registry key under the display name ‘HideGuard VPN’. This file is typically installed with the program HideGuard VPN by ITVA LLC.

File name:

hgvpnc.exe

Publisher:

iTVA LLC (signed by ITVA Limited Liability Company)

Product:

HideGuard VPN

Description:

HideGuard VPN Client

Version:

2.4.0.18

MD5:

be1f6b5ce2cc9189ec7b404d6ed34319

SHA-1:

c10af4e62b0df0b4f9aa3712e40bb0cfcb37716d

SHA-256:

20d1629448b1454df46a1da53c1e1513ac7050b8edf829815f3aad45733a7758

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

11/26/2024 3:34:41 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ITVALimi (M)

16.6.6.2

File size:

3.2 MB (3,404,896 bytes)

Product version:

2.4

iTVA LLC

Trademarks:

HideGuard

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\hideguard vpn\hgvpnc.exe

Digital Signature

Signed by:

ITVA Limited Liability Company

Authority:

Symantec Corporation

Valid from:

6/19/2015 12:00:00 AM

Valid to:

6/18/2016 11:59:59 PM

Subject:

CN=ITVA Limited Liability Company, O=ITVA Limited Liability Company, L=Saint-Petersburg, S=Saint-Petersburg, C=RU, SERIALNUMBER=1107847001591, OID.2.5.4.15=Private Organization, OID.1.3.6.1.4.1.311.60.2.1.3=RU

Issuer:

CN=Symantec Class 3 Extended Validation Code Signing CA - G2, OU=Symantec Trust Network, O=Symantec Corporation, C=US

Serial number:

6C4A84526DCED5358913EBDBAAEDF729

File PE Metadata

Compilation timestamp:

2/10/2016 1:28:24 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:H5NqsV86at1ybHSABVpz2NpCEATIakLkDE6g3k:H5EsZaGOCEj4X

Entry address:

0x20E7DC

Entry point:

55, 8B, EC, 83, C4, DC, 53, 56, 57, 33, C0, 89, 45, EC, B8, 20, 54, 60, 00, E8, 30, 08, E0, FF, 33, C0, 55, 68, B0, E9, 60, 00, 64, FF, 30, 64, 89, 20, E8, 9D, 85, DF, FF, 48, 75, 49, 8D, 55, EC, B8, 01, 00, 00, 00, E8, ED, 85, DF, FF, 8B, 55, EC, B9, 01, 00, 00, 00, B8, CC, E9, 60, 00, E8, 27, C5, DF, FF, 85, C0, 7E, 26, B0, 01, E8, 64, 4F, FF, FF, 6A, 00, 68, B8, 0B, 00, 00, B9, E4, E9, 60, 00, BA, FC, E9, 60, 00, 33, C0, E8, 94, 52, FF, FF, 33, C0, E8, A5, AE, DF, FF, 68, 10, EA, 60, 00, 6A, FF, 6A, 00... 
[+]

Developed / compiled with:

Microsoft Visual C++

Code size:

2.1 MB (2,151,424 bytes)

Startup File (User Run)

Registry location:

HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

HideGuard VPN

Command:

C:\Program Files\hideguard vpn\hgvpnc.exe

The file hgvpnc.exe has been discovered within the following program.

HideGuard VPN by ITVA LLC

www.itva.ru

42% remove it

Remove hgvpnc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.