Should I block it?
90% of PCs block this file from running.
Possible reason:
Multiple malware detections
Additional versions
| 1, 0, 0, 596 |
16.33% |
|
| 1, 0, 0, 556 |
8.16% |
|
| 1, 0, 0, 549 |
2.04% |
|
| 1, 0, 0, 548 |
2.04% |
|
| 1, 0, 0, 545 |
24.49% |
|
| 1, 0, 0, 501 |
4.08% |
|
| 1, 0, 0, 501 |
2.04% |
|
| 1, 0, 0, 493 |
8.16% |
|
| 1, 0, 0, 462 |
22.45% |
|
| 1, 0, 0, 453 |
2.04% |
|
| 1, 0, 0, 448 |
2.04% |
|
| 1, 0, 0, 339 |
2.04% |
|
| 1, 0, 0, 241 |
2.04% |
|
| 1, 0, 0, 210 |
2.04% |
|
Relationships
Parent process
Related files
GuardMailRu.exe
GuardMailRu Module by LLC Mail.Ru (Signed)
| Version: | 1, 0, 0, 556 |
| MD5: | c3a0e7e5dea0414344c23d47faa45804 |
| SHA1: | 25b914bf6fe9e550b54d4a3c0fb8f0ad78d77c32 |
| SHA256: | a7829c8c27fc34ed7c4abcc8e80e626b9f4d49b21d438bd7362eb822e220570d |
Warning 3 antivirus scanners has detected malware.
Overview
guardmailru.exe is malware that runs as a service under the name Guard.Mail.ru within the local user context. It is set to be start when the PC boots and any user logs into Windows (added to the Run registry key for the all users under the local machine). It is installed with a couple of know programs including
[email protected] published by Mail.Ru,
[email protected] from Mail.Ru and
[email protected] by Mail.Ru. The file is digitally signed by LLC Mail.Ru which was issued by the Thawte certificate authority (CA).
Details
| File name: | guardmailru.exe |
| Product name: | GuardMailRu Module |
| Typical file path: | C:\Program Files\mail.ru\guard\guardmailru.exe |
| File version: | 1, 0, 0, 556 |
| Size: | 2.29 MB (2,400,640 bytes) |
| Build date: | 8/8/2013 4:37 PM |
| Certificate |
| Issued to: | LLC Mail.Ru |
| Authority (CA): | Thawte |
| Effective date: | Monday, September 12, 2011 |
| Expiration date: | Wednesday, July 2, 2014 |
| Digital DNA |
| PE subsystem: | Windows GUI |
| File packed: | No |
| .NET CLR: | No |
More details
Programs
The following programs will install this file
Guard.Mail.ru is part of the Guard Mail service.
Behaviors
Services
Runs under 'SYSTEM\CurrentControlSet\Services' by the Service Controller (services.exe)
Startup files (all users) run
Runs under the registry key 'HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run'
- 'Guard.Mail.ru.gui' → "C:\Program Files\Mail.Ru\Guard\GuardMailRu.exe" /gui
Network connections
[TCP] kojura.mail.ru (217.69.133.27:80)
Malware detections
Based on 40+ industry antivirus scanners, 3 of them detected the following malware.
| Antivirus engine | Engine version | Detection |
| Baidu Antivirus |
3.5.1.41473 |
Trojan.RuMail.4986 |
| Kingsoft |
2013.4.9.267 |
Win32.HeurC.KVM019.a.(kcloud) |
| Rising Antivirus |
24.83.02.04 |
Trojan.RuMail!4986 |
Resource utilization
(Note: statistics below are averages based on a minimum sample size of 200 unique participants)
Averages
| CPU |
| Total CPU: | 0.00085079% | |
| Kernel CPU: | 0.00040175% | |
| User CPU: | 0.00044904% | |
| Kernel CPU time: | 185,055,365 ms/min | |
| Context switches: | 9/sec | |
| Memory |
| Private memory: | 4.21 MB | |
| Private (maximum): | 11.22 MB | |
| Private (minimum): | 5.71 MB | |
| Non-paged memory: | 4.21 MB | |
| Virtual memory: | 81.34 MB | |
| Virtual memory (peak): | 88.72 MB | |
| Working set: | 8.32 MB | |
| Working set (peak): | 11.35 MB | |
| Resource allocations |
| Threads: | 9 | |
| Handles: | 234 | |
| GUI GDI count: | 50 | |
| GUI GDI peak: | 70 | |
| GUI USER count: | 32 | |
| GUI USER peak: | 50 | |
Process properties
| Integrety level: | System |
| Platform: | 64-bit |
| Command line: | "C:\Program Files\mail.ru\guard\guardmailru.exe" |
| Owner: | User |
| Windows Service |
| Service name: | Guard.Mail.ru |
| Type: | Win32OwnProcess |
| Parent processes: |
|
Distribution by Windows OS
| OS version | distribution |
| Microsoft Windows XP |
42.86% |
|
| Windows 7 Ultimate |
24.49% |
|
| Windows 7 Home Basic |
14.29% |
|
| Windows 7 Home Premium |
12.24% |
|
| Windows 7 Professional |
6.12% |
|
Distribution by country
Russia installs about 32.65% of GuardMailRu Module.
Distribution by PC manufacturer
| PC Manufacturer | distribution |
| ASUS |
43.24% |
|
| Samsung |
13.51% |
|
| Dell |
10.81% |
|
| Hewlett-Packard |
10.81% |
|
| GIGABYTE |
8.11% |
|
| American Megatrends |
5.41% |
|
| Lenovo |
5.41% |
|
| Acer |
2.70% |
|
