Should I block it?

No, this file is 100% safe to run.

Relationships

Parent process

explorer.exe (Windows Explorer by Microsoft Corporation)

Related files

PE file structure

Show functions

Import table

advapi32.dll

GetSidIdentifierAuthority, IsValidSid, GetSidSubAuthorityCount, RegSetValueExW, RegCloseKey, RegEnumKeyExW, RegOpenKeyExW, RegDeleteValueW, RegDeleteKeyW, RegQueryInfoKeyW, RegCreateKeyExW, GetSidSubAuthority, OpenProcessToken, GetTokenInformation, RegQueryValueExW

gdi32.dll

SelectObject, CreateDIBSection, DeleteDC, GetStockObject, BitBlt, CreateCompatibleDC, GetObjectW, GetDeviceCaps, CreateCompatibleBitmap, DeleteObject, CreateSolidBrush

gdiplus.dll

GdipGetImageHeight, GdiplusStartup, GdiplusShutdown, GdipSetInterpolationMode, GdipSetPixelOffsetMode, GdipGetImageDimension, GdipDrawImageRectRect, GdipCreateFromHDC, GdipDeleteGraphics, GdipGetImageWidth, GdipCreateBitmapFromFile, GdipCloneImage, GdipAlloc, GdipDisposeImage, GdipSetSmoothingMode, GdipDrawImageRectI, GdipReleaseDC, GdipFree

kernel32.dll

CloseHandle, Process32NextW, Process32FirstW, CreateToolhelp32Snapshot, FindResourceExW, LockResource, DeleteCriticalSection, lstrcmpiW, GetProcAddress, GetLastError, RaiseException, lstrlenW, MultiByteToWideChar, GetModuleFileNameW, SizeofResource, InitializeCriticalSection, GetModuleHandleW, InterlockedDecrement, InterlockedIncrement, LoadLibraryExW, LoadResource, FreeLibrary, FindResourceW, SetEnvironmentVariableA, CompareStringW, CompareStringA, WriteConsoleW, GetConsoleOutputCP, WriteConsoleA, SetStdHandle, GetLocaleInfoW, InitializeCriticalSectionAndSpinCount, GetStringTypeW, GetStringTypeA, IsValidLocale, EnumSystemLocalesA, GetLocaleInfoA, GetUserDefaultLCID, GetTimeZoneInformation, GetConsoleMode, GetConsoleCP, IsValidCodePage, GetOEMCP, GetACP, GetStartupInfoA, GetFileType, SetHandleCount, GetCommandLineW, GetEnvironmentStringsW, FreeEnvironmentStringsW, TlsFree, TlsSetValue, TlsAlloc, TlsGetValue, GetModuleFileNameA, GetStdHandle, ExitProcess, EnterCriticalSection, LeaveCriticalSection, WideCharToMultiByte, LocalFree, GetVersionExW, LoadLibraryW, GetTempPathW, WritePrivateProfileStringW, GetPrivateProfileStringW, GetPrivateProfileIntW, GetFileAttributesW, GetCurrentProcess, HeapAlloc, GetProcessHeap, HeapFree, GetSystemTime, InterlockedExchange, FindFirstFileW, FindNextFileW, DeleteFileW, FindClose, CreateFileW, lstrlenA, GetCurrentThreadId, SetLastError, FlushInstructionCache, GlobalUnlock, GlobalAlloc, GlobalLock, GetTickCount, MulDiv, lstrcmpW, GetFullPathNameW, GetFullPathNameA, CreateFileA, GetFileSize, SetFilePointer, MapViewOfFile, UnmapViewOfFile, SetEndOfFile, QueryPerformanceCounter, InterlockedCompareExchange, UnlockFile, LockFile, UnlockFileEx, GetSystemTimeAsFileTime, FormatMessageA, WriteFile, Sleep, FormatMessageW, GetFileAttributesA, ReadFile, FlushFileBuffers, LockFileEx, GetDiskFreeSpaceW, LoadLibraryA, CreateFileMappingA, GetDiskFreeSpaceA, GetSystemInfo, GetFileAttributesExW, GetVersionExA, GetCurrentProcessId, GetTempPathA, AreFileApisANSI, DeleteFileA, HeapDestroy, HeapReAlloc, HeapSize, IsProcessorFeaturePresent, VirtualFree, VirtualAlloc, GetStartupInfoW, TerminateProcess, UnhandledExceptionFilter, SetUnhandledExceptionFilter, IsDebuggerPresent, RtlUnwind, LCMapStringA, LCMapStringW, GetCPInfo, HeapCreate, GetModuleHandleA

ole32.dll

OleInitialize, CLSIDFromString, CoGetClassObject, OleLockRunning, StringFromGUID2, OleUninitialize, CreateStreamOnHGlobal, CoUninitialize, CoTaskMemAlloc, CoInitialize, CoTaskMemFree, CoTaskMemRealloc, CLSIDFromProgID, CoCreateInstance

user32.dll

LoadAcceleratorsW, GetMessageW, SetTimer, TranslateMessage, DispatchMessageW, KillTimer, LoadStringW, CharNextW, TranslateAcceleratorW, LoadIconW, LoadCursorW, RegisterClassExW, GetDC, GetWindowRect, GetClientRect, GetWindowLongW, FillRect, SendMessageW, GetDesktopWindow, SetForegroundWindow, DefWindowProcW, SetLayeredWindowAttributes, IsWindow, SetWindowPos, DestroyWindow, GetForegroundWindow, ShowWindow, SetWindowLongW, GetClassInfoExW, CreateWindowExW, CallWindowProcW, GetActiveWindow, GetParent, GetClassNameW, CallNextHookEx, PostMessageW, SetWindowsHookExW, UnhookWindowsHookEx, DestroyAcceleratorTable, InvalidateRect, InvalidateRgn, ReleaseCapture, SetCapture, ScreenToClient, ClientToScreen, CreateAcceleratorTableW, RedrawWindow, GetSysColor, GetDlgItem, GetWindow, SetFocus, GetFocus, IsChild, EndPaint, BeginPaint, SetWindowTextW, GetWindowTextW, GetWindowTextLengthW, RegisterWindowMessageW, UnregisterClassA, ReleaseDC, MoveWindow

guard.exe

By No Organization Affiliation (Signed)

Remove guard.exe

MD5:	4db27319753eaa6aee1ba12fc51a436c
SHA1:	6e501662d51df65908df4f9c9139288c6935b629
SHA256:	d403b312f8a0f6ed344dd3165f63b6bd757319437dc45ab824db272c9ce941cd

Overview

guard.exe executes as a process with the local user's privileges usually within the context of Windows Explorer. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by No Organization Affiliation which was issued by the Thawte certificate authority (CA). This particular version is usually found on Windows 7 Home Basic (6.1.7601.65536). Note, some antivirus scanners have flagged this file, however it is not necessarily considered malware (see below for details).

Details

File name:	guard.exe
Typical file path:	C:\Program Files\gigabase\guard\guard.exe
Size:	863.55 KB (884,272 bytes)
Build date:	4/22/2013 11:25 AM
Certificate
Issued to:	No Organization Affiliation
Authority (CA):	Thawte
Digital DNA
PE subsystem:	Windows GUI
File packed:	No
.NET CLR:	No

More details

Behaviors

Startup files (all users) run

Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'

'KursRuGuard' → C:\Program Files\Gigabase\Guard\Guard.exe

Resource utilization

(Note: statistics below are averages based on a minimum sample size of 200 unique participants)

Averages

CPU
Total CPU:	0.00066887%	0.028634%
Kernel CPU:	0.00048788%	0.013761%
User CPU:	0.00018099%	0.014873%
Kernel CPU time:	1,248,008 ms/min	100,923,805ms/min
Memory
Private memory:	1.67 MB	21.59 MB
Private (maximum):	4.36 MB
Private (minimum):	3.17 MB
Non-paged memory:	1.67 MB	21.59 MB
Virtual memory:	52.89 MB	140.96 MB
Virtual memory (peak):	54.52 MB	169.69 MB
Working set:	3.88 MB	18.61 MB
Working set (peak):	4.36 MB	37.95 MB
Resource allocations
Threads:	2	12
Handles:	62	600
GUI GDI count:	20	103
GUI GDI peak:	22	142
GUI USER count:	9	49
GUI USER peak:	9	71

Process properties

Integrety level:	High
Platform:	32-bit
Command line:	"C:\Program Files\gigabase\guard\guard.exe"
Owner:	User
Parent process:	explorer.exe (Windows Explorer by Microsoft Corporation)

Distribution by Windows OS

OS version	distribution
Windows 7 Home Basic	100.00%

Distribution by PC manufacturer

PC Manufacturer	distribution
Lenovo	100.00%

Remove Adware and Spyware Programs, FREE Download!