home

ForexCodeGuardLoader.exe

ForexCodeGuardLoader

Matchpeg

It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘ForexCodeGuardLoader’. This is installed with ForexCodeGuard.
Publisher:
MTIntelligence.com  (signed by Matchpeg)

Product:
ForexCodeGuardLoader

Description:
Boot-time loader for ForexCodeGuardLoader

Version:
1.02

MD5:
679fbaa6ca31c470b89716cf470da694

SHA-1:
55ca42f3a9d2d39a96ac117f53faafecb07fd193

SHA-256:
2e6f5f8117dd3241cf4cc1fd2207ca0182876348f37de3a2e2bb04cec2f01a68

Scanner detections:
0 / 68

Status:
Clean (as of last analysis)

Analysis date:
4/25/2024 1:17:31 PM UTC  (today)

File size:
48.2 KB (49,336 bytes)

Product version:
1.02

Copyright:
Copyright (C) 2008-2010 MTIntelligence.com

Original file name:
ForexCodeGuardLoader.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\forexcodeguard\forexcodeguardloader.exe

Digital Signature
Signed by:
Matchpeg

Authority:
The USERTRUST Network

Valid from:
7/9/2009 2:00:00 AM

Valid to:
7/10/2010 1:59:59 AM

Subject:
CN=Matchpeg, OU=Website, O=Matchpeg, STREET=94 New Bond Street, L=London, S=London, PostalCode=W1S 1SJ, C=GB

Issuer:
CN=UTN-USERFirst-Object, OU=http://www.usertrust.com, O=The USERTRUST Network, L=Salt Lake City, S=UT, C=US

Serial number:
37BEFB4EC8918FC92B6FC9BA0E7472BD

File PE Metadata
Compilation timestamp:
4/30/2010 6:21:44 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
768:CUi7oJwXQ4zPgKZGfCw3PG661uH/952UYmJLYK:C3Tg4URff3Ps852UYmJ8K

Entry address:
0x15B2

Entry point:
E8, 05, 17, 00, 00, E9, 78, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 78, AD, 40, 00, 89, 0D, 74, AD, 40, 00, 89, 15, 70, AD, 40, 00, 89, 1D, 6C, AD, 40, 00, 89, 35, 68, AD, 40, 00, 89, 3D, 64, AD, 40, 00, 66, 8C, 15, 90, AD, 40, 00, 66, 8C, 0D, 84, AD, 40, 00, 66, 8C, 1D, 60, AD, 40, 00, 66, 8C, 05, 5C, AD, 40, 00, 66, 8C, 25, 58, AD, 40, 00, 66, 8C, 2D, 54, AD, 40, 00, 9C, 8F, 05, 88, AD, 40, 00, 8B, 45, 00, A3, 7C, AD, 40, 00, 8B, 45, 04, A3, 80, AD, 40, 00, 8D, 45, 08, A3, 8C, AD, 40...
 
[+]

Code size:
26 KB (26,624 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
ForexCodeGuardLoader

Command:
C:\Program Files\forexcodeguard\forexcodeguardloader.exe


The file ForexCodeGuardLoader.exe has been discovered within the following program.

ForexCodeGuard  by MTIntelligence.com
About 6% of users remove it
 
Powered by Should I Remove It?

Scan ForexCodeGuardLoader.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.