» 7520.tmp
Overview
Analysis
File Details

7520.tmp

ForwardTech Inc

This is the Performersoft setup installer. The file 7520.tmp by ForwardTech Inc has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from the user's temporary directory.

File name:

7520.tmp

Publisher:

ForwardTech Inc (signed and verified)

Version:

2.4.897.175

MD5:

08cfa6137e6d503025aa414c0e8a21c4

SHA-1:

fecb6008fd9ce619038ceb9c8426a776c2c3e671

SHA-256:

9e8d28f088036d9ea0c815ae0f83ea1b0acfc2c0a239015f1f0a25ccd5384f3e

Scanner detections:

3 / 68

Status:

Adware

Explanation:

This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 3:25:03 AM UTC (today)

Scan engine

Detection

Engine version

herdProtect (fuzzy)

variant of browsermanagersetup.exe (Adware)

2014.11.18.15

Reason Heuristics

PUP.ForwardTech.H

14.9.16.16

VIPRE Antivirus

Bprotector

23744

File size:

147.5 KB (151,080 bytes)

Bundler/Installer:

InstallBrain (using Nullsoft Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\7520.tmp

Digital Signature

Signed by:

ForwardTech Inc

Authority:

GoDaddy.com, Inc.

Valid from:

9/11/2012 10:46:30 PM

Valid to:

9/11/2015 10:46:30 PM

Subject:

CN=ForwardTech Inc, O=ForwardTech Inc, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07BCB9E09D11D2

File PE Metadata

Compilation timestamp:

9/9/2009 9:23:14 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:8Uc061qnIgiFwmg7ySCQsdbEwhiwpAlxo69nsdNeOeMwhCJ1oW5VEMbADgW3aMa:w0agmQyb9hic89cNeOeMm4t5iMbAslb

Entry address:

0x33E9

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

Remove 7520.tmp - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.