home

PFPortChecker.exe

Portforward, LLC

The application PFPortChecker.exe by Portforward has been detected as a potentially unwanted program by 4 anti-malware scanners. This is a setup program which is used to install the application. The installer uses the InstallMonetizer platform which will donwload and install adware toolbars and other potentially unwanted software offers during setup. The file has been seen being downloaded from pfportchecker.software.informer.com and multiple other hosts.
Publisher:
Portforward, LLC  (signed and verified)

MD5:
b1981d98908be793bbadc4a777e7402d

SHA-1:
b043fd92fc4b98389b29bad46f09f98542bce7f8

SHA-256:
6c0386a9abf35de6fd3de28ecdd725b32a88a357cbf6bbd4ff2303dccaaea44c

Scanner detections:
4 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallMonetizer distribution platform to bundle adware.

Analysis date:
5/4/2024 1:59:20 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/InstallMonetizer.AN
7.9190

Reason Heuristics
PUP.InstallMonetizer.Bundle (M)
16.3.10.15

Trend Micro House Call
TROJ_GEN.F47V0717
7.2.211

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
3.12.24.3

File size:
157.4 KB (161,184 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\downloads\pfportchecker.exe

Digital Signature
Signed by:
Portforward, LLC

Authority:
COMODO CA Limited

Valid from:
6/6/2012 8:00:00 PM

Valid to:
6/7/2015 7:59:59 PM

Subject:
CN="Portforward, LLC", O="Portforward, LLC", STREET=3380 Riverbanks Rd., L=Grants Pass, S=OR, PostalCode=97527, C=US

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
0082C14B9DF94DA5247E8AB7AED30A32CC

File PE Metadata
Compilation timestamp:
12/5/2009 5:50:46 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
6.0

CTPH (ssdeep):
3072:QQIURTXJ/45H5j/xnGlwyuSSIjvv4qsVl9r+MX9NvR4aks9fhS:Qsps57hGw6Hn4VVl9pXXv0

Entry address:
0x323C

Entry point:
81, EC, 80, 01, 00, 00, 53, 55, 56, 33, DB, 57, 89, 5C, 24, 18, C7, 44, 24, 10, 30, 91, 40, 00, 33, F6, C6, 44, 24, 14, 20, FF, 15, 30, 70, 40, 00, 68, 01, 80, 00, 00, FF, 15, B4, 70, 40, 00, 53, FF, 15, 7C, 72, 40, 00, 6A, 08, A3, 58, 3F, 42, 00, E8, 09, 2C, 00, 00, A3, A4, 3E, 42, 00, 53, 8D, 44, 24, 34, 68, 60, 01, 00, 00, 50, 53, 68, 58, F4, 41, 00, FF, 15, 58, 71, 40, 00, 68, B8, 91, 40, 00, 68, A0, 36, 42, 00, E8, BC, 28, 00, 00, FF, 15, B0, 70, 40, 00, BF, 00, 90, 42, 00, 50, 57, E8, AA, 28, 00, 00...
 
[+]

Entropy:
7.7187  (probably packed)

Code size:
23 KB (23,552 bytes)

The file PFPortChecker.exe has been seen being distributed by the following 4 URLs.

http://pfportchecker.software.informer.com/.../

http://www.portforward.com/.../PFPortChecker.exe

http://127.0.0.1:37848/continue?TiCredToken=3416&Source=WTP&URL=http://portforward.com/.../PFPortChecker.exe&Permanent=1

http://portforward.com/.../PFPortChecker.exe

Remove PFPortChecker.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.