» component_569
Overview
Analysis
File Details

component_569

ForwardTech Inc

This is the Performersoft setup installer. The file component_569 by ForwardTech Inc has been detected as adware by 3 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from the user's temporary directory.

File name:

component_569

Publisher:

ForwardTech Inc (signed and verified)

Version:

2.5.945.13

MD5:

9029e8342e893f97ed97941bd8bc7513

SHA-1:

12a0b05cdd553f54130829b595e14351b02737f1

SHA-256:

e569c7c7f9957b397e31b5dcda271a7f508ef236b543e915d60cbd7a3fede1e9

Scanner detections:

3 / 68

Status:

Adware

Explanation:

This service will prevent resources from modifying the web browser's home and search pages as well as the search provider set by the product, an affiliate search engine partner.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/26/2024 10:34:43 AM UTC (today)

Scan engine

Detection

Engine version

Dr.Web

Adware.BGuard.10

9.0.1.0148

Reason Heuristics

PUP.Performersoft.Bundler

15.5.28.17

VIPRE Antivirus

Bprotector

22482

File size:

147.5 KB (151,088 bytes)

Bundler/Installer:

InstallBrain (using Nullsoft Install System)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\component_569

Digital Signature

Signed by:

ForwardTech Inc

Authority:

GoDaddy.com, Inc.

Valid from:

9/11/2012 10:46:30 PM

Valid to:

9/11/2015 10:46:30 PM

Subject:

CN=ForwardTech Inc, O=ForwardTech Inc, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07BCB9E09D11D2

File PE Metadata

Compilation timestamp:

9/9/2009 9:23:14 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

3072:9Uc061qnIgiFwmg7ylCydbEwhiwpAlxo69nsdNeOeMwhCJ1oW5VEMbADgW3aMC:d0ag1cb9hic89cNeOeMm4t5iMbAslb

Entry address:

0x33E9

Entry point:

81, EC, D4, 02, 00, 00, 53, 55, 56, 57, 6A, 20, 33, ED, 5E, 89, 6C, 24, 18, C7, 44, 24, 10, 70, 85, 40, 00, 89, 6C, 24, 14, FF, 15, 30, 80, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 80, 40, 00, 55, FF, 15, B0, 82, 40, 00, 6A, 08, A3, 78, 06, 47, 00, E8, 67, 27, 00, 00, 55, 68, B4, 02, 00, 00, A3, 90, 05, 47, 00, 8D, 44, 24, 38, 50, 55, 68, 6C, 85, 40, 00, FF, 15, 80, 81, 40, 00, 68, 54, 85, 40, 00, 68, 80, 85, 46, 00, E8, 35, 26, 00, 00, FF, 15, B0, 80, 40, 00, 50, BF, A0, 10, 4C, 00, 57, E8, 23, 26, 00, 00... 
[+]

Entropy:

7.7954

Packer / compiler:

Nullsoft install system v2.x

Code size:

25 KB (25,600 bytes)

Remove component_569 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.