» forwarddaemon.exe
Overview
Analysis
File Details
Behaviors (1)

forwarddaemon.exe

Motorola ForwardDemon

Motorola

The executable forwarddaemon.exe has been detected as malware by 3 anti-virus scanners. It runs as a windows Service named “PST Service”.

File name:

forwarddaemon.exe

Publisher:

Motorola

Product:

Motorola ForwardDemon

Description:

ForwardDemon

Version:

1, 0, 0, 0

MD5:

78f16addce4d25f58e8b37b99220e8c6

SHA-1:

76a52d44c63f249be71cfe22923f27bc545b251d

SHA-256:

79af94462893e005997638f752794759693085bd7421e8c12104b09404d13d16

Scanner detections:

3 / 68

Status:

File is infected by a Virus

Explanation:

The file is infected by a polymorphic file infector virus.

Analysis date:

4/26/2024 11:31:36 AM UTC (today)

Scan engine

Detection

Engine version

ESET NOD32

Win32/Floxif.H virus

6.3.12010.0

F-Prot

W32/Floxif.B

4.6.5.141

F-Secure

Win32.Floxif.A

5.16.24

File size:

140.6 KB (143,936 bytes)

Product version:

1, 0, 0, 0

Motorola Copyright ? 2010

Original file name:

ForwardDemon.exe

File type:

Executable application (Win32 EXE)

Language:

Chinese (Simplified, PRC)

Common path:

C:\Program Files\motorola\motforwarddaemon\forwarddaemon.exe

File PE Metadata

Compilation timestamp:

8/10/2011 12:44:48 AM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows Console

Linker version:

6.0

Entry address:

0x6B46

Entry point:

E9, DF, E8, FF, FF, 68, A8, A3, 40, 00, 68, 5C, 6C, 40, 00, 64, A1, 00, 00, 00, 00, 50, 64, 89, 25, 00, 00, 00, 00, 83, EC, 20, 53, 56, 57, 89, 65, E8, 83, 65, FC, 00, 6A, 01, FF, 15, 14, D8, 40, 00, 59, 83, 0D, 8C, C4, 40, 00, FF, 83, 0D, 9C, C4, 40, 00, FF, FF, 15, 18, D8, 40, 00, 8B, 0D, 7C, C4, 40, 00, 89, 08, FF, 15, 1C, D8, 40, 00, 8B, 0D, 78, C4, 40, 00, 89, 08, A1, 20, D8, 40, 00, 8B, 00, A3, 80, C4, 40, 00, E8, F3, 00, 00, 00, 83, 3D, 50, C1, 40, 00, 00, 75, 0C, 68, A4, 6C, 40, 00, FF, 15, 24, D8... 
[+]

Entropy:

6.7099

Packer / compiler:

tElock 0.99 - 1.0 private

Code size:

36 KB (36,864 bytes)

Service

Display name:

PST Service

Description:

Route and execute the requests/commands from PST

Type:

Win32OwnProcess, InteractiveProcess

Depends on:

lanmanworkstation

Remove forwarddaemon.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.