Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Relationships
Parent process
Related files
GUARDM~1.exe
GuardMailRu Module by LLC Mail.Ru (Signed)
Version: | 1, 0, 0, 548 |
MD5: | 456af036c6282252297dba9b5f217064 |
SHA1: | 3453d8106a27de51bd1d221f9516afc6b90ba587 |
SHA256: | 6eec4e968aee3429147c6a8b95811ed005181668789ec8b659735676cdbcc8ea |
Warning 3 antivirus scanners has detected malware.
Overview
GUARDM~1.EXE is malware that runs as a service under the name Guard.Mail.ru within the local user context. It is installed with a couple of know programs including
[email protected] published by Mail.Ru, Guard.Mail.ru from Mail.Ru and Guard.Mail.ru by Mail.Ru. The file is digitally signed by LLC Mail.Ru which was issued by the Thawte certificate authority (CA). This particular version is usually found on Windows 7 Home Premium (6.1.7601.65536).
Details
File name: | GUARDM~1.EXE |
Product name: | GuardMailRu Module |
Typical file path: | C:\Program Files\Mail.Ru\Guard\GUARDM~1.EXE |
Original name: | GuardMailRu.exe |
File version: | 1, 0, 0, 548 |
Size: | 2.21 MB (2,312,224 bytes) |
Build date: | 4/12/2013 1:24 PM |
Certificate |
Issued to: | LLC Mail.Ru |
Authority (CA): | Thawte |
Effective date: | Monday, September 12, 2011 |
Expiration date: | Wednesday, July 2, 2014 |
Digital DNA |
File packed: | No |
.NET CLR: | No |
More details
Programs
The following programs will install this file
Guard.Mail.ru is part of the Guard Mail service.
Behaviors
Service
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Network connections
[TCP] kojura.mail.ru (217.69.133.27:80)
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
Antivirus engine | Engine version | Detection |
avast! |
8.0.1489.320 |
Win32:PUP-gen [PUP] |
Kingsoft |
2013.4.9.267 |
Win32.HeurC.KVM019.a.(kcloud) |
Rising Antivirus |
24.81.06.04 |
Trojan.Win32.Generic.147C82FC |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00030458% | |
Kernel CPU: | 0.00027722% | |
User CPU: | 0.00002736% | |
Kernel CPU time: | 907,691,819 ms/min | |
CPU cycles: | 9,052,041/sec | |
Memory |
Private memory: | 5.4 MB | |
Private (maximum): | 9.61 MB | |
Private (minimum): | 3.19 MB | |
Non-paged memory: | 5.4 MB | |
Virtual memory: | 96.92 MB | |
Virtual memory (peak): | 107.91 MB | |
Working set: | 5.9 MB | |
Working set (peak): | 9.74 MB | |
Page faults: | 743,081/min | |
I/O |
I/O read transfer: | 745.29 KB/sec | |
I/O read operations: | 274/sec | |
I/O write transfer: | 7 Bytes/sec | |
I/O write operations: | 1/sec | |
I/O other transfer: | 18.8 KB/sec | |
I/O other operations: | 1,072/sec | |
Resource allocations |
Threads: | 10 | |
Handles: | 217 | |
GUI GDI count: | 62 | |
GUI GDI peak: | 65 | |
GUI USER count: | 45 | |
GUI USER peak: | 47 | |
Process properties
Integrety level: | System |
Platform: | 64-bit |
Command line: | "C:\Program Files\mail.ru\guard\guardm~1.exe" |
Owner: | User |
Windows Service |
Service name: | Guard.Mail.ru |
Type: | Win32OwnProcess |
Parent processes: |
|
Distribution by Windows OS
OS version | distribution |
Windows 7 Home Premium |
100.00% |
|
Distribution by PC manufacturer
PC Manufacturer | distribution |
Acer |
100.00% |
|