Should I block it?

No, this file is 100% safe to run.

VersionsAdditional versions

1, 0, 0, 596 16.33%
1, 0, 0, 556 8.16%
1, 0, 0, 549 2.04%
1, 0, 0, 548 2.04%
1, 0, 0, 545 24.49%
1, 0, 0, 501 4.08%
1, 0, 0, 501 2.04%
1, 0, 0, 493 8.16%
1, 0, 0, 462 22.45%
1, 0, 0, 453 2.04%
1, 0, 0, 448 2.04%
1, 0, 0, 339 2.04%
1, 0, 0, 241 2.04%
1, 0, 0, 210 2.04%

Relationships


PE structurePE file structure

Show functions
Import table
advapi32.dll
ControlService, RegCloseKey, RegQueryValueExW, LookupAccountNameW, ConvertStringSidToSidW, GetLengthSid, SetTokenInformation, GetUserNameW, AllocateAndInitializeSid, FreeSid, EqualSid, RegEnumValueW, QueryServiceStatus, QueryServiceStatusEx, DeleteService, OpenSCManagerW, CreateServiceW, OpenServiceW, ChangeServiceConfigW, CloseServiceHandle, ChangeServiceConfig2W, StartServiceW, StartServiceCtrlDispatcherW, RegisterServiceCtrlHandlerW, SetServiceStatus, RegQueryInfoKeyW, RegDeleteValueW, CreateProcessAsUserW, DuplicateTokenEx, RegSetValueExW, RegEnumKeyExW, RegDeleteKeyW, RegOpenKeyExW, OpenProcessToken, GetTokenInformation, LookupAccountSidW, ConvertSidToStringSidW, RegCreateKeyExW, InitializeSecurityDescriptor, SetSecurityDescriptorDacl, LookupPrivilegeValueW, AdjustTokenPrivileges, SetEntriesInAclW
comctl32.dll
InitCommonControlsEx, _TrackMouseEvent
gdi32.dll
GetObjectW, CreateSolidBrush, SelectObject, CreateFontIndirectW, DeleteDC, DPtoLP, GetDeviceCaps, GetStockObject, SetBkMode, SetTextColor, CreateCompatibleDC, SetViewportOrgEx, CreateCompatibleBitmap, MoveToEx, LineTo, CreatePen, BitBlt, DeleteObject
kernel32.dll
DllMain
ole32.dll
CoGetClassObject, OleLockRunning, StringFromGUID2, CLSIDFromProgID, CoUninitialize, CoTaskMemFree, CoCreateInstance, CoTaskMemAlloc, CLSIDFromString, OleInitialize, CreateStreamOnHGlobal, CoInitialize, CoCreateGuid, OleUninitialize, StringFromCLSID, CoTaskMemRealloc
psapi.dll
EnumProcesses, EnumProcessModules, GetModuleFileNameExW, GetModuleBaseNameW, GetProcessImageFileNameA
rpcrt4.dll
RpcMgmtWaitServerListen, RpcServerUnregisterIf, NdrServerCall2, NdrClientCall2, RpcStringBindingComposeW, RpcBindingFromStringBindingW, RpcBindingSetOption, RpcBindingFree, RpcStringFreeW, RpcServerUseProtseqEpW, RpcServerRegisterIf, RpcServerListen, RpcMgmtStopServerListening
shell32.dll
ShellExecuteW, CommandLineToArgvW, SHGetSpecialFolderPathW, SHGetFolderPathW, ShellExecuteExW, FindExecutableW
shlwapi.dll
PathIsURLW, PathFindFileNameW, wvnsprintfA
urlmon.dll
CoInternetParseUrl
user32.dll
IsWindow, ShowWindow, GetClientRect, SendMessageW, GetWindowTextLengthW, GetWindowTextW, GetDlgItem, GetWindowLongW, CreateWindowExW, SetWindowLongW, wsprintfW, LoadStringA, LoadStringW, GetParent, SetWindowTextW, SetWindowPos, DrawTextW, DefWindowProcW, ReleaseDC, GetDC, CharNextW, OffsetRect, SetRectEmpty, LoadCursorW, GetClassNameW, DestroyWindow, ScreenToClient, UpdateWindow, InvalidateRect, IsWindowEnabled, SetCapture, SetFocus, GetDlgCtrlID, CallWindowProcW, PtInRect, FillRect, IsWindowVisible, DrawFocusRect, UnregisterClassA, CharUpperW, CharLowerW, EnableWindow, PostQuitMessage, SetTimer, EndDialog, MapDialogRect, IsDialogMessageW, SetWindowContextHelpId, CreateDialogIndirectParamW, RegisterWindowMessageW, CreateAcceleratorTableW, RegisterClassExW, GetClassInfoExW, GetWindow, DestroyAcceleratorTable, GetDesktopWindow, IsChild, RedrawWindow, InvalidateRgn, ClientToScreen, MoveWindow, CreateDialogParamW, PostMessageW, MessageBoxW, PeekMessageW, GetMessageW, TranslateMessage, DispatchMessageW, SystemParametersInfoW, KillTimer, GetWindowRect, MapWindowPoints, GetSystemMetrics, LoadImageW, GetSysColor, GetFocus, GetCapture, ReleaseCapture, EndPaint, BeginPaint, GetCursorPos, SetCursor, wsprintfA
userenv.dll
DestroyEnvironmentBlock, CreateEnvironmentBlock, UnloadUserProfile, LoadUserProfileW
version.dll
VerQueryValueW, GetFileVersionInfoW, GetFileVersionInfoSizeW
wininet.dll
InternetOpenUrlW, InternetCloseHandle, InternetSetOptionW, InternetOpenW, InternetReadFile, InternetQueryDataAvailable, HttpQueryInfoW
ws2_32.dll
freeaddrinfo, WSARecv, WSASend, WSASocketW, getaddrinfo
wtsapi32.dll
WTSFreeMemory, WTSEnumerateSessionsW, WTSQueryUserToken

GuardMailRu.exe

GuardMailRu Module by LLC Mail.Ru (Signed)

Remove GuardMailRu.exe
Version:   1, 0, 0, 339
MD5:   63b94e5f3063d6fd631b6bdca4a6f4ff
SHA1:   9e2518a5799e41cd3e89d3576fc0ae82bafc66b8

Overview

guardmailru.exe runs as a service under the name Guard.Mail.ru within the local user context. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). The file is digitally signed by LLC Mail.Ru which was issued by the Thawte certificate authority (CA).

DetailsDetails

File name:guardmailru.exe
Product name:GuardMailRu Module
Typical file path:C:\Program Files\mail.ru\guard\guardmailru.exe
File version:1, 0, 0, 339
Size:1.71 MB (1,790,016 bytes)
Build date:4/13/2012 7:21 AM
Certificate
Issued to:LLC Mail.Ru
Authority (CA):Thawte
Effective date:Monday, September 12, 2011
Expiration date:Wednesday, July 2, 2014
Digital DNA
PE subsystem:Windows GUI
File packed:No
.NET CLR:No
More details

BehaviorsBehaviors

Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
  • 'Guard.Mail.ru'
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
  • 'Guard.Mail.ru.gui' → "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui

Windows OS versionsDistribution by Windows OS

OS versiondistribution
Microsoft Windows XP 42.86%
Windows 7 Ultimate 24.49%
Windows 7 Home Basic 14.29%
Windows 7 Home Premium 12.24%
Windows 7 Professional 6.12%

Distribution by countryDistribution by country

Russia installs about 32.65% of GuardMailRu Module.

OEM distributionDistribution by PC manufacturer

PC Manufacturerdistribution
ASUS 43.24%
Samsung 13.51%
Dell 10.81%
Hewlett-Packard 10.81%
GIGABYTE 8.11%
American Megatrends 5.41%
Lenovo 5.41%
Acer 2.70%
Should I remove It? Clean your PC of unwanted adware, toolbars and bloatware.

Download it for FREE