home

GuardMailRu.exe

GuardMailRu Module

LLC Mail.Ru

The application GuardMailRu.exe by LLC Mail.Ru has been detected as a potentially unwanted program by 11 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Guard.Mail.ru”. This file is typically installed with the program Guard@Mail.Ru by Mail.Ru. While running, it connects to the Internet address moscow.cdnmail.ru on port 80 using the HTTP protocol.
Publisher:
LLC Mail.Ru  (signed and verified)

Product:
GuardMailRu Module

Version:
1, 0, 0, 443

MD5:
6219aaf8a18683ebed9ebc96e8b74be2

SHA-1:
ace14d63c7e67408838a5c8329595d9b0e8f8130

SHA-256:
95cc98fbf047b9cd17d28a98081139362d584e840ad3c537c9fcde60955a2a5a

Scanner detections:
11 / 68

Status:
Potentially unwanted

Analysis date:
9/27/2024 4:10:15 PM UTC  (today)

Scan engine
Detection
Engine version

avast!
Win32:BrowserTakeover-A [PUP]
2014.9-140328

AVG
MalSign.Generic
2015.0.3521

Baidu Antivirus
Trojan.Win32.RuMail
4.0.3.14328

Bkav FE
W32.Clod21c.Trojan
1.3.0.4613

Comodo Security
Application.Win32.RuMail.pwhe
17604

Dr.Web
Adware.Downware.533
9.0.1.0358

McAfee
Artemis!E3169A1E78E0
5600.7177

Reason Heuristics
PUP.Optional.Service.L
14.3.28.18

Rising Antivirus
Trojan.RuMail!4986
23.00.65.131222

Sophos
RsMall
4.94

Trend Micro House Call
TROJ_GEN.F47V0614
7.2.87

File size:
2.1 MB (2,228,328 bytes)

Product version:
1, 0, 0, 443

Copyright:
Copyright 2010

Original file name:
GuardMailRu.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\mail.ru\guard\guardmailru.exe

Digital Signature
Signed by:
LLC Mail.Ru

Authority:
Thawte, Inc.

Valid from:
12/9/2011 12:00:00 AM

Valid to:
2/6/2014 11:59:59 PM

Subject:
CN=LLC Mail.Ru, O=LLC Mail.Ru, L=Moscow, S=Moscow, C=RU

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
1C09DBBC732D4B58F7A88EBACF323417

File PE Metadata
Compilation timestamp:
10/5/2012 10:21:48 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
49152:j8pCiAdF7JW8AVKzfk7YtGy6sAHnwrrMQ40e6gbgM:clAn7TEKzsYYnQggM

Entry address:
0xE3610

Entry point:
E8, 34, A1, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 4E, 14, 00, 00, 8B, FF, 51, C7, 01, C0, A2, 5B, 00, E8, B1, A1, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, CC, FF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, F5, A1, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1...
 
[+]

Code size:
1.6 MB (1,683,968 bytes)

Service
Display name:
Guard.Mail.ru

Type:
Win32OwnProcess


The file GuardMailRu.exe has been discovered within the following program.

Guard@Mail.Ru  by Mail.Ru
Guard@Mail.Ru is part of the Guard Mail service.
www.mail.ru
42% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to kojura.mail.ru  (217.69.133.27:80)

TCP (HTTP):
Connects to moscow.cdnmail.ru  (217.69.139.110:80)

TCP (HTTP):
Connects to mra.mail.ru  (217.69.139.127:80)

TCP (HTTP):
Connects to webs3040.aruba.it  (62.149.133.50:80)

TCP (HTTP):
Connects to mrds.mail.ru  (217.69.139.245:80)

Remove GuardMailRu.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.