Should I block it?
No, this file is 100% safe to run.
Additional versions
1, 0, 0, 596 |
16.33% |
|
1, 0, 0, 556 |
8.16% |
|
1, 0, 0, 549 |
2.04% |
|
1, 0, 0, 548 |
2.04% |
|
1, 0, 0, 545 |
24.49% |
|
1, 0, 0, 501 |
4.08% |
|
1, 0, 0, 501 |
2.04% |
|
1, 0, 0, 493 |
8.16% |
|
1, 0, 0, 462 |
22.45% |
|
1, 0, 0, 453 |
2.04% |
|
1, 0, 0, 448 |
2.04% |
|
1, 0, 0, 339 |
2.04% |
|
1, 0, 0, 241 |
2.04% |
|
1, 0, 0, 210 |
2.04% |
|
Relationships
GuardMailRu.exe
GuardMailRu Module by LLC Mail.Ru (Signed)
Version: | 1, 0, 0, 501 |
MD5: | 3017a7af50b0e72cc2a022592993ff79 |
SHA1: | 2c2b1f55b92bc6159d573dfa2d48c4d7767d3f29 |
SHA256: | 2fdcb5b67fe37899ef213f71ab031a8dc207c9904d3162363020f0b14937cd96 |
Overview
guardmailru.exe runs as a service under the name Guard.Mail.ru with extensive SYSTEM privileges (full administrator access). It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). It is installed with a couple of know programs including
[email protected] published by Mail.Ru, Guard.Mail.ru from Mail.Ru and Guard.Mail.ru by Mail.Ru. The file is digitally signed by LLC Mail.Ru which was issued by the Thawte certificate authority (CA).
Details
File name: | guardmailru.exe |
Product name: | GuardMailRu Module |
Typical file path: | C:\Program Files\mail.ru\guard\guardmailru.exe |
File version: | 1, 0, 0, 501 |
Size: | 2.17 MB (2,276,384 bytes) |
Certificate |
Issued to: | LLC Mail.Ru |
Authority (CA): | Thawte |
Effective date: | Monday, September 12, 2011 |
Expiration date: | Wednesday, July 2, 2014 |
Digital DNA |
PE subsystem: | Windows GUI |
File packed: | No |
.NET CLR: | No |
More details
Programs
The following programs will install this file
Guard.Mail.ru is part of the Guard Mail service.
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Guard.Mail.ru.gui' → "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
CPU |
Total CPU: | 0.00332370% | |
Kernel CPU: | 0.00259062% | |
User CPU: | 0.00073308% | |
Kernel CPU time: | 436,875 ms/min | |
Context switches: | 5/sec | |
Memory |
Private memory: | 3.35 MB | |
Private (maximum): | 9.74 MB | |
Private (minimum): | 3.94 MB | |
Non-paged memory: | 3.35 MB | |
Virtual memory: | 74.01 MB | |
Virtual memory (peak): | 77.02 MB | |
Working set: | 9.54 MB | |
Working set (peak): | 10 MB | |
Resource allocations |
Threads: | 8 | |
Handles: | 231 | |
GUI GDI count: | 48 | |
GUI USER count: | 26 | |
Process properties
Distribution by Windows OS
OS version | distribution |
Microsoft Windows XP |
42.86% |
|
Windows 7 Ultimate |
24.49% |
|
Windows 7 Home Basic |
14.29% |
|
Windows 7 Home Premium |
12.24% |
|
Windows 7 Professional |
6.12% |
|
Distribution by country
Russia installs about 32.65% of GuardMailRu Module.
Distribution by PC manufacturer
PC Manufacturer | distribution |
ASUS |
43.24% |
|
Samsung |
13.51% |
|
Dell |
10.81% |
|
Hewlett-Packard |
10.81% |
|
GIGABYTE |
8.11% |
|
American Megatrends |
5.41% |
|
Lenovo |
5.41% |
|
Acer |
2.70% |
|