» forcebindip.exe
Overview
Analysis
File Details

forcebindip.exe

Richard Stanway

The executable forcebindip.exe has been detected as malware by 20 anti-virus scanners.

File name:

forcebindip.exe

Publisher:

Richard Stanway (signed and verified)

MD5:

8aa202bea0bef569ba474776a04ecea5

SHA-1:

e43e54b042fff813e46fee09aa99582a44b1b043

SHA-256:

6470e4f9e3840135b40234b3cc998de3cb3fb535b6143e7c5cf087374128976b

Scanner detections:

20 / 68

Status:

Malware

Analysis date:

5/8/2024 8:07:03 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Trojan.ForceBindIP

7.1.1

AhnLab V3 Security

Malware/Win32.Trojan Horse

2013.08.05

Bitdefender

Trojan.Generic.1567557

1.0.20.1795

Comodo Security

TrojWare.Win32.Patcher.~G

16707

Emsisoft Anti-Malware

Trojan.Generic.1567557

8.13.12.25.09

ESET NOD32

Win32/ForceBindIP

7.8647

Fortinet FortiGate

W32/Malware_fam.NB

12/25/2013

F-Prot

W32/SecRisk-ProcessPatcher-Sml-

v6.4.7.1.166

F-Secure

Trojan.Generic.1567557

11.2013-25-12_4

G Data

Trojan.Generic.1567557

13.12.22

IKARUS anti.virus

Trojan.Win32.Genome

t3scan.2.0.3.0

K7 AntiVirus

Virus

13.170.9164

McAfee

Generic.dx!8AA202BEA0BE

5600.7271

Microsoft Security Essentials

Trojan:Win32/Bumat!rts

1.163.1557.0

MicroWorld eScan

Trojan.Generic.1567557

14.0.0.1077

Norman

Suspicious_Gen2.TAPVN

11.20131225

nProtect

Trojan/W32.Agent.9912.B

13.08.04.03

Panda Antivirus

Trj/CI.A

13.12.25.09

Trend Micro House Call

TROJ_GEN.F47V0220

7.2.359

VIPRE Antivirus

RiskTool.Win32.ProcessPatcher.Sml!cobra

20148

File size:

9.7 KB (9,912 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\windows\syswow64\forcebindip.exe

Digital Signature

Signed by:

Richard Stanway

Authority:

The USERTRUST Network

Valid from:

6/3/2008 1:00:00 AM

Valid to:

6/4/2009 12:59:59 AM

Subject:

CN=Richard Stanway, O=Richard Stanway, STREET=11850 Dr MLK JR St. N, STREET=Apt 22109, L=St. Petersburg, S=Florida, PostalCode=33716, C=US

Issuer:

CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:

00DCC2D17CAED59F1D8E5894D262F7679F

File PE Metadata

Compilation timestamp:

10/30/2005 12:31:10 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

192:LEPQJ+oQI6vnYbUGqCxGPmoynkyowJL/TgkSwg2y9iM:LdcoQI6YemCYJLC9Z

Entry address:

0x1B1F

Entry point:

55, 8B, EC, 6A, FF, 68, 00, 16, 40, 00, 68, D0, 1C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 68, 53, 56, 57, 89, 65, E8, 33, DB, 89, 5D, FC, 6A, 02, 5F, 57, FF, 15, 78, 10, 40, 00, 59, 83, 0D, EC, 1C, 40, 00, FF, 83, 0D, F0, 1C, 40, 00, FF, FF, 15, 74, 10, 40, 00, 8B, 0D, E8, 1C, 40, 00, 89, 08, FF, 15, 70, 10, 40, 00, 8B, 0D, E4, 1C, 40, 00, 89, 08, A1, 6C, 10, 40, 00, 8B, 00, A3, F4, 1C, 40, 00, E8, 35, 01, 00, 00, 39, 1D, B0, 10, 40, 00, 75, 0C, 68, C2, 1C, 40, 00, FF, 15... 
[+]

Code size:

4.5 KB (4,608 bytes)

Remove forcebindip.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.