» component_568
Overview
Analysis
File Details

component_568

ForwardTech Inc

This is the Performersoft setup installer. The file component_568 by ForwardTech Inc has been detected as adware by 2 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from the user's temporary directory.

File name:

component_568

Publisher:

ForwardTech Inc (signed and verified)

Version:

2.5.912.8

MD5:

2a67cf39595aa4125cc88d46bb19afa4

SHA-1:

f1a9da8e271fb086504f91b9fc7bea9064952190

SHA-256:

8b925db8c00df2c116f72296977f0b6206cfa8b97fb8ab36090d18c833355b53

Scanner detections:

2 / 68

Status:

Adware

Explanation:

This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 3:31:51 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.ForwardTech.N

14.12.11.21

VIPRE Antivirus

Bprotector

24658

File size:

147.5 KB (151,088 bytes)

Bundler/Installer:

InstallBrain (using Nullsoft Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\component_568

Digital Signature

Signed by:

ForwardTech Inc

Authority:

GoDaddy.com, Inc.

Valid from:

9/11/2012 9:46:30 PM

Valid to:

9/11/2015 9:46:30 PM

Subject:

CN=ForwardTech Inc, O=ForwardTech Inc, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07BCB9E09D11D2

File PE Metadata

Compilation timestamp:

9/9/2009 8:23:14 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:AUc061qnIgiFwmg7yCCC8cdbEwhiwpAlxo69nsdNeOeMwhCJ1oW5VEMbADgW3aMf:80agWCRb9hic89cNeOeMm4t5iMbAslI

Entry address:

0x33E9

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.7957

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

Remove component_568 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.