× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: b4158f63dfa50577b1ed4c50758c6d9d51915cf9e820af1f301ee9d6d2ab63d9
File name: a2guard
Detection ratio: 0 / 68
Analysis date: 2018-09-16 13:37:23 UTC ( 5 months, 1 week ago )
Antivirus Result Update
Ad-Aware 20180913
AegisLab 20180916
AhnLab-V3 20180916
Alibaba 20180713
ALYac 20180916
Antiy-AVL 20180916
Arcabit 20180916
Avast 20180916
Avast-Mobile 20180916
AVG 20180916
Avira (no cloud) 20180916
AVware 20180916
Babable 20180907
Baidu 20180914
BitDefender 20180916
Bkav 20180915
CAT-QuickHeal 20180915
ClamAV 20180916
CMC 20180916
Comodo 20180916
CrowdStrike Falcon (ML) 20180723
Cybereason 20180225
Cylance 20180916
Cyren 20180916
DrWeb 20180916
eGambit 20180916
Emsisoft 20180916
Endgame 20180730
ESET-NOD32 20180916
F-Prot 20180916
F-Secure 20180916
Fortinet 20180916
GData 20180916
Ikarus 20180916
Sophos ML 20180717
Jiangmin 20180916
K7AntiVirus 20180916
K7GW 20180916
Kaspersky 20180916
Kingsoft 20180916
Malwarebytes 20180916
MAX 20180916
McAfee 20180916
McAfee-GW-Edition 20180916
Microsoft 20180916
eScan 20180916
NANO-Antivirus 20180916
Palo Alto Networks (Known Signatures) 20180916
Panda 20180916
Qihoo-360 20180916
Rising 20180916
SentinelOne (Static ML) 20180830
Sophos AV 20180916
SUPERAntiSpyware 20180907
Symantec 20180915
Symantec Mobile Insight 20180911
TACHYON 20180916
Tencent 20180916
TheHacker 20180914
TotalDefense 20180915
TrendMicro 20180916
TrendMicro-HouseCall 20180916
Trustlook 20180916
VBA32 20180914
VIPRE 20180916
ViRobot 20180916
Webroot 20180916
Yandex 20180915
Zillya 20180914
ZoneAlarm by Check Point 20180916
Zoner 20180915
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
(C) 2003-2013 Emsisoft GmbH

Product Emsisoft Anti-Malware
Original name a2guard.exe
Internal name a2guard
File version 7.0.0.15
Description Background Guard
Signature verification Signed file, verified signature
Signing date 2:57 AM 3/7/2013
Signers
[+] Emsisoft GmbH
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert High Assurance Code Signing CA-1
Valid from 1:00 AM 4/12/2012
Valid to 1:00 PM 6/16/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint D3CC33CA288846F50ECAAF7674C7AEE08EFE106B
Serial number 0D 26 4B A9 5F 92 C7 A5 5D 53 EC 2B 55 1D E9 80
[+] DigiCert High Assurance Code Signing CA-1
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 PM 2/11/2011
Valid to 1:00 PM 2/10/2026
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint E308F829DC77E80AF15EDD4151EA47C59399AB46
Serial number 02 C4 D1 E5 8A 4A 68 0C 56 8D A3 04 7E 7E 4D 5F
[+] DigiCert
Status Valid
Issuer DigiCert High Assurance EV Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbprint 5FB7EE0633E259DBAD0C4C9AE6D38F1A61C7DC25
Serial number 02 AC 5C 26 6A 0B 40 9B 8F 0B 79 F2 AE 46 25 77
Counter signers
[+] DigiCert Timestamp Responder
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer DigiCert Assured ID CA-1
Valid from 1:00 AM 4/4/2012
Valid to 1:00 AM 4/18/2013
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 51AEC7BA27E71A65D36BE1125B6909EE031119AC
Serial number 03 8B 96 F0 70 D9 E2 1E 55 A5 42 67 92 E1 C8 3A
[+] DigiCert Assured ID CA-1
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2021
Valid usage Server Auth, Client Auth, Code Signing, Email Protection, Timestamp Signing
Algorithm sha1RSA
Thumbrint 19A09B5A36F4DD99727DF783C17A51231A56C117
Serial number 06 FD F9 03 96 03 AD EA 00 0A EB 3F 27 BB BA 1B
[+] DigiCert
Status Valid
Issuer DigiCert Assured ID Root CA
Valid from 1:00 AM 11/10/2006
Valid to 1:00 AM 11/10/2031
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing
Algorithm sha1RSA
Thumbrint 0563B8630D62D75ABBC8AB1E4BDFB5A899B24D43
Serial number 0C E7 E0 E5 17 D8 46 FE 8F E5 60 FC 1B F0 30 39
Packers identified
PEiD BobSoft Mini Delphi -> BoB / BobSoft
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-03-06 08:01:35
Entry Point 0x0020C3C4
Number of sections 11
PE sections
Overlays
MD5 e1eb55e7de5e87aad344db89da583716
File type data
Offset 3355648
Size 8104
Entropy 6.96
PE imports
RegCreateKeyExW
CryptDestroyKey
RegCloseKey
RegDeleteKeyW
RegQueryValueExA
AdjustTokenPrivileges
CryptEncrypt
LookupPrivilegeValueW
RegRestoreKeyW
RegQueryValueExW
CryptImportKey
LookupAccountSidW
RegFlushKey
OpenProcessToken
RegConnectRegistryW
RegOpenKeyExW
RegReplaceKeyW
RegOpenKeyExA
EqualSid
GetTokenInformation
LookupPrivilegeNameW
CryptReleaseContext
GetUserNameW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
OpenThreadToken
GetUserNameA
RegLoadKeyW
LookupPrivilegeNameA
RegEnumKeyExA
CryptAcquireContextW
RegDeleteValueW
RevertToSelf
LogonUserW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
RegSaveKeyW
ImpersonateLoggedOnUser
RegUnLoadKeyW
ImageList_BeginDrag
ImageList_GetImageCount
ImageList_SetBkColor
ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_SetImageCount
FlatSB_GetScrollInfo
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Remove
ImageList_DragMove
ImageList_DrawEx
ImageList_SetIconSize
ImageList_Write
ImageList_Read
ImageList_Replace
ImageList_SetOverlayImage
ImageList_Destroy
_TrackMouseEvent
ImageList_Draw
ImageList_GetIconSize
ImageList_DragLeave
ImageList_GetBkColor
ImageList_GetIcon
FlatSB_SetScrollPos
ImageList_ReplaceIcon
ImageList_DragEnter
ImageList_Add
InitializeFlatSB
FlatSB_GetScrollPos
ImageList_DragShowNolock
ImageList_Create
ImageList_Copy
ImageList_LoadImageW
ImageList_EndDrag
GetOpenFileNameW
DirectDrawCreateEx
SetDIBits
GetTextMetricsW
SetMapMode
GetWindowOrgEx
ResizePalette
GetPaletteEntries
CombineRgn
CopyEnhMetaFileW
SetPixel
EndDoc
IntersectClipRect
CreatePalette
CreateDIBitmap
GetDIBits
GetEnhMetaFileBits
GetDCOrgEx
StretchBlt
StretchDIBits
Pie
Arc
SetBkColor
SetWinMetaFileBits
GetDIBColorTable
DeleteEnhMetaFile
GetSystemPaletteEntries
SetStretchBltMode
EnumFontsW
GetCurrentPositionEx
TextOutA
CreateFontIndirectA
CreateRectRgnIndirect
GetPixel
GetBrushOrgEx
ExcludeClipRect
TranslateCharsetInfo
SetBkMode
BitBlt
CreateFontA
SetAbortProc
FrameRgn
CreateBrushIndirect
SelectPalette
SetROP2
EndPage
AbortDoc
GetNearestPaletteIndex
SetDIBColorTable
DeleteObject
CreatePenIndirect
PatBlt
GetClipBox
Rectangle
GetDeviceCaps
LineTo
DeleteDC
GetMapMode
CreateFontIndirectW
StartPage
GetObjectW
CreateDCW
RealizePalette
SetEnhMetaFileBits
CreateBitmap
RectVisible
GetStockObject
PlayEnhMetaFile
UnrealizeObject
GdiFlush
RoundRect
GetTextExtentPoint32A
GetWinMetaFileBits
GetEnhMetaFileDescriptionW
GetEnhMetaFileHeader
SetWindowOrgEx
GetTextExtentPoint32W
Polygon
CreateHalftonePalette
GetRgnBox
SaveDC
CreateICW
MaskBlt
RemoveFontMemResourceEx
GetEnhMetaFilePaletteEntries
RestoreDC
GetBitmapBits
CreateDIBSection
SetTextColor
ExtFloodFill
GetCurrentObject
MoveToEx
EnumFontFamiliesExW
SetViewportOrgEx
ExtTextOutW
CreateRoundRectRgn
CreateCompatibleDC
PolyBezierTo
PolyBezier
Chord
SetBrushOrgEx
CreateRectRgn
SelectObject
CreateCompatibleBitmap
CreateSolidBrush
Polyline
StartDocW
Ellipse
SetThreadLocale
GetStdHandle
GetDriveTypeW
ReleaseMutex
GetFileAttributesA
WaitForSingleObject
SignalObjectAndWait
GetHandleInformation
GetFileAttributesW
DuplicateHandle
SystemTimeToTzSpecificLocalTime
GetVolumePathNamesForVolumeNameW
DeleteCriticalSection
GetCurrentProcess
FileTimeToDosDateTime
GetThreadLocale
GetLocaleInfoA
LocalAlloc
GetSystemWindowsDirectoryW
SetErrorMode
GetThreadContext
GetLocaleInfoW
GetTempPathA
WideCharToMultiByte
LoadLibraryW
GetDiskFreeSpaceW
InterlockedExchange
WriteFile
FormatMessageW
GetThreadPriority
InterlockedExchangeAdd
SetEvent
LocalFree
MoveFileA
ResumeThread
GetExitCodeProcess
SetWaitableTimer
InitializeCriticalSection
OutputDebugStringW
EnumCalendarInfoW
FindClose
TlsGetValue
QueryDosDeviceW
SetFileAttributesW
OutputDebugStringA
GetCurrentThread
GetEnvironmentVariableW
SetLastError
GetUserDefaultUILanguage
GetSystemTime
GetEnvironmentVariableA
GlobalFindAtomW
lstrcpynW
LoadResource
GetModuleFileNameW
TryEnterCriticalSection
IsDebuggerPresent
ExitProcess
GetModuleFileNameA
FindNextVolumeW
SetProcessWorkingSetSize
GetPriorityClass
LoadLibraryExA
GetPrivateProfileStringA
SetThreadPriority
GetUserDefaultLCID
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
GetLocalTime
FlushInstructionCache
GetPrivateProfileStringW
GetModuleHandleA
GlobalMemoryStatus
GlobalAddAtomW
CreateThread
SetEnvironmentVariableW
GetSystemDefaultUILanguage
GetExitCodeThread
SetUnhandledExceptionFilter
CreateMutexW
MulDiv
ExitThread
SetEnvironmentVariableA
WaitForMultipleObjectsEx
TerminateProcess
GetVersion
SetCurrentDirectoryW
CreateWaitableTimerW
VirtualQuery
VirtualQueryEx
CreateEventW
SetEndOfFile
GetCurrentThreadId
HeapFree
EnterCriticalSection
TerminateThread
lstrcmpiA
FindVolumeClose
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
VirtualProtect
LoadLibraryA
RtlUnwind
GetStartupInfoA
GetWindowsDirectoryW
GetFileSize
OpenProcess
DeleteFileA
GetWindowsDirectoryA
GetDateFormatW
CreateDirectoryW
DeleteFileW
GetProcAddress
GetProcessHeap
GetComputerNameW
CompareStringW
lstrcpyW
FindNextFileW
GetProfileStringA
ResetEvent
GetComputerNameA
FindFirstFileW
IsValidLocale
lstrcmpW
WaitForMultipleObjects
CreateFileMappingW
GetTempPathW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
FindFirstVolumeW
LeaveCriticalSection
GetLastError
GlobalDeleteAtom
GetSystemInfo
GlobalFree
FindResourceW
GetProcessTimes
SetProcessShutdownParameters
GlobalUnlock
GlobalAlloc
lstrlenW
CreateProcessW
SwitchToThread
SizeofResource
GetCurrentDirectoryW
WritePrivateProfileStringA
GetCurrentProcessId
LockResource
GetCommandLineW
GetCPInfo
InterlockedCompareExchange
WritePrivateProfileStringW
SuspendThread
GetSystemDefaultLangID
RaiseException
MapViewOfFile
SetFilePointer
GetFullPathNameW
ReadFile
FindFirstFileA
CloseHandle
OpenMutexW
EnumSystemLocalesA
GetACP
GlobalLock
GetModuleHandleW
FreeResource
FileTimeToLocalFileTime
GetLongPathNameW
CreateProcessA
UnmapViewOfFile
OpenEventW
VirtualFree
Sleep
IsBadReadPtr
FindResourceA
VirtualAlloc
AlphaBlend
NtClose
RtlInitUnicodeString
NtOpenDirectoryObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
OleUninitialize
CLSIDFromString
IsEqualGUID
OleInitialize
CoCreateGuid
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CoTaskMemAlloc
VariantChangeType
SafeArrayGetLBound
SafeArrayPtrOfIndex
SysAllocStringLen
VariantCopyInd
VariantClear
SafeArrayCreate
SysReAllocStringLen
SafeArrayGetUBound
VariantCopy
SysFreeString
VariantInit
Shell_NotifyIconW
ShellExecuteW
ExtractAssociatedIconW
ExtractIconExW
SHGetSpecialFolderPathW
ShellExecuteA
DoEnvironmentSubstW
MapWindowPoints
GetMessagePos
SetWindowRgn
RedrawWindow
LoadBitmapW
EnableScrollBar
DestroyMenu
PostQuitMessage
GetForegroundWindow
LoadBitmapA
SetWindowPos
IsWindow
DispatchMessageA
EndPaint
WindowFromPoint
CopyRect
DrawIcon
CharUpperBuffW
SetMenuItemInfoW
SetActiveWindow
GetMenuItemID
GetCursorPos
ReleaseDC
GetMenuStringW
SendMessageW
SendMessageA
UnregisterClassW
GetClientRect
GetMenuItemInfoW
DefMDIChildProcW
DrawTextW
SetScrollPos
CallNextHookEx
GetSysColor
GetKeyboardState
ClientToScreen
GetTopWindow
GetWindowTextW
LockWindowUpdate
MsgWaitForMultipleObjects
ScrollWindow
GetWindowTextA
InvalidateRgn
PtInRect
DrawEdge
GetParent
UpdateWindow
GetPropW
SetClassLongW
EnumWindows
ShowWindow
DrawFrameControl
SetPropW
GetDesktopWindow
PeekMessageW
TranslateMDISysAccel
InsertMenuItemW
SetWindowPlacement
PeekMessageA
ChildWindowFromPoint
TranslateMessage
IsWindowEnabled
GetWindow
ActivateKeyboardLayout
RegisterClassW
GetIconInfo
SetParent
SetClipboardData
IsZoomed
GetWindowPlacement
LoadStringW
GetKeyboardLayoutList
DrawMenuBar
IsIconic
GetSubMenu
SetTimer
GetActiveWindow
IsDialogMessageW
FillRect
EnumThreadWindows
CreateAcceleratorTableW
WaitForInputIdle
GetSysColorBrush
IsWindowUnicode
CreateWindowExW
GetWindowLongW
GetUpdateRect
CharNextW
IsChild
IsDialogMessageA
SetFocus
RegisterWindowMessageW
BeginPaint
OffsetRect
DefWindowProcW
GetScrollPos
CopyIcon
GetKeyboardLayoutNameW
KillTimer
MapVirtualKeyW
DefWindowProcA
GetClipboardData
GetSystemMetrics
SetWindowLongW
SetScrollRange
GetWindowRect
InflateRect
SetCapture
ReleaseCapture
EnumChildWindows
GetScrollRange
GetMessageExtraInfo
CharLowerW
PostMessageW
GetKeyNameTextW
EndDialog
DrawTextExW
WaitMessage
CreatePopupMenu
CheckMenuItem
DrawFocusRect
GetClassLongW
GetLastActivePopup
DrawIconEx
SetWindowTextW
GetDCEx
GetDlgItem
RemovePropW
CreateDialogParamA
BringWindowToTop
GetSystemMenu
ScreenToClient
LoadCursorA
TrackPopupMenu
GetMenuItemCount
AttachThreadInput
GetMenuState
ShowOwnedPopups
LoadCursorW
LoadIconW
FindWindowExW
GetDC
InsertMenuW
SetForegroundWindow
ExitWindowsEx
OpenClipboard
EmptyClipboard
DrawTextA
IntersectRect
GetScrollInfo
CharLowerBuffW
GetKeyboardLayout
FindWindowW
GetCapture
MessageBeep
RemoveMenu
GetWindowThreadProcessId
ShowScrollBar
MessageBoxW
GetMenu
DestroyIcon
UnhookWindowsHookEx
MoveWindow
LoadKeyboardLayoutW
MessageBoxA
GetClassNameA
GetWindowDC
DestroyCursor
AdjustWindowRectEx
DialogBoxParamA
GetFocus
MsgWaitForMultipleObjectsEx
RegisterClipboardFormatW
SetScrollInfo
GetKeyState
SystemParametersInfoA
EnableMenuItem
DefFrameProcW
IsWindowVisible
SetCursorPos
SystemParametersInfoW
UnionRect
DispatchMessageW
FrameRect
SetRect
DeleteMenu
InvalidateRect
AnimateWindow
CreateIcon
CallWindowProcW
GetClassNameW
DestroyWindow
GetClassInfoW
SetWindowsHookExW
GetCursor
SendMessageTimeoutW
CreateMenu
EnableWindow
CloseClipboard
SetMenu
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA
ClosePrinter
DocumentPropertiesW
GetDefaultPrinterW
EnumPrintersW
OpenPrinterW
PE exports
Number of PE resources by type
RT_BITMAP 126
RT_STRING 20
RT_RCDATA 18
RT_ICON 12
RT_DIALOG 10
RT_GROUP_CURSOR 9
RT_CURSOR 9
RT_GROUP_ICON 6
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
ENGLISH US 138
NEUTRAL 58
RUSSIAN 16
PE resources
ExifTool file metadata
SubsystemVersion
5.0

InitializedDataSize
1214464

ImageVersion
0.0

ProductName
Emsisoft Anti-Malware

FileVersionNumber
7.0.0.15

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi

CharacterSet
Windows, Latin1

LinkerVersion
2.25

FileTypeExtension
exe

OriginalFileName
a2guard.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.0.0.15

TimeStamp
2013:03:06 09:01:35+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
a2guard

ProductVersion
7.0.0.0

FileDescription
Background Guard

OSVersion
5.0

FileOS
Win32

LegalCopyright
(C) 2003-2013 Emsisoft GmbH

MachineType
Intel 386 or later, and compatibles

CompanyName
Emsisoft GmbH

CodeSize
2140160

FileSubtype
0

ProductVersionNumber
7.0.0.15

EntryPoint
0x20c3c4

ObjectFileType
Executable application

File identification
MD5 e6476b55ab986a74aadf55700c4d466d
SHA1 fbbce0331262efae637912685b2fceddd4a0fdeb
SHA256 b4158f63dfa50577b1ed4c50758c6d9d51915cf9e820af1f301ee9d6d2ab63d9
ssdeep
49152:5h5seE5SlFHG6FQCPnCoDvlX2+t7xiTcQGSSdMLsimo0/az6Td+i1P0MU:5P5fbvlX2+t7I4imo0/azei

authentihash 46449597a5cf9a322a183bf77ac1ac33b2c1580960e3d0fce51f76dcbc9d827a
imphash 0a55bd39bd1a44cd1836ded511bc0b4c
File size 3.2 MB ( 3363752 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID Inno Setup installer (47.6%)
InstallShield setup (18.7%)
Win32 EXE PECompact compressed (generic) (18.0%)
Windows screen saver (5.6%)
DOS Borland compiled Executable (generic) (4.3%)
Tags
bobsoft peexe signed overlay

VirusTotal metadata
First submission 2013-03-11 02:32:29 UTC ( 5 years, 11 months ago )
Last submission 2016-11-04 19:29:59 UTC ( 2 years, 3 months ago )
File names a2guard.exe
a2guard.exe
a2guard.exe
vt-upload-E3Zw5m
a2guard
Advanced heuristic and reputation engines
ClamAV
Possibly Unwanted Application. While not necessarily malicious, the scanned file presents certain characteristics which depending on the user policies and environment may or may not represent a threat. For full details see: https://www.clamav.net/documents/potentially-unwanted-applications-pua .

Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.