installguardsetup.exe

InstallGuard

DanuSoft Software

It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. The file has been seen being downloaded from download.informer.com and multiple other hosts.
Publisher:
DanuSoft Software

Product:
InstallGuard

Description:
This installer database contains the logic and data required to install InstallGuard.

Version:
0.95

MD5:
2f6194e2570e0948f90815fd5ca4f019

SHA-1:
03afbbafb29a2771aba94e621ad23577769fc9bd

SHA-256:
b90810a0ec4b7d65b7fba4da87201b2fbb0c3f1fac8350c68fd54da4a40179ba

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
11/22/2024 5:59:12 PM UTC  (today)

File size:
3 MB (3,170,523 bytes)

Product version:
0.95

Copyright:
Copyright (C) DanuSoft Software

Original file name:
InstallGuard.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installguardsetup.exe

File PE Metadata
Compilation timestamp:
7/26/2012 5:57:51 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
98304:iabY74JWYekY5AKDoSo1pyoG8OWel9CkDICdyT:9J4fBhspyohb9ksCK

Entry address:
0xA8AF9

Entry point:
E8, 28, B9, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 51, 53, 56, 8B, F0, 33, DB, 3B, F3, 75, 1E, E8, E9, 44, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, CB, EB, FF, FF, 83, C4, 14, 8B, C6, E9, C2, 00, 00, 00, 57, 39, 5D, 0C, 77, 1E, E8, C5, 44, 00, 00, 6A, 16, 5E, 53, 53, 53, 53, 53, 89, 30, E8, A7, EB, FF, FF, 83, C4, 14, 8B, C6, E9, 9D, 00, 00, 00, 33, C0, 39, 5D, 14, 66, 89, 06, 0F, 95, C0, 40, 39, 45, 0C, 77, 09, E8, 96, 44, 00, 00, 6A, 22, EB, CF, 8B, 45, 10, 83, C0, FE, 83, F8, 22, 77...
 
[+]

Entropy:
6.9974

Code size:
870.5 KB (891,392 bytes)

Scheduled Task
Task name:
{01E62658-83A3-4E4B-AEB7-64B423B88D97}

Trigger:
Logon (Runs on logon)

Action:
installguardsetup.exe \i "C:\users\{user}\appdata\roaming\danusoft sof


The file installguardsetup.exe has been seen being distributed by the following 2 URLs.

Scan installguardsetup.exe - Powered by Reason Core Security