× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22f3ca36eb80670c5eedfd8ffb72422a576e4f473e1ff92abd28f754f11df184
File name: privatefirewall.exe
Detection ratio: 0 / 55
Analysis date: 2016-02-09 10:38:06 UTC ( 3 years ago ) View latest
Antivirus Result Update
Ad-Aware 20160209
AegisLab 20160209
Yandex 20160206
AhnLab-V3 20160208
Alibaba 20160204
ALYac 20160209
Antiy-AVL 20160209
Arcabit 20160209
Avast 20160209
AVG 20160209
Avira (no cloud) 20160209
Baidu-International 20160209
BitDefender 20160209
Bkav 20160204
ByteHero 20160209
CAT-QuickHeal 20160209
ClamAV 20160209
CMC 20160205
Comodo 20160209
Cyren 20160209
DrWeb 20160209
Emsisoft 20160209
ESET-NOD32 20160209
F-Prot 20160129
F-Secure 20160209
Fortinet 20160209
GData 20160209
Ikarus 20160209
Jiangmin 20160209
K7AntiVirus 20160209
K7GW 20160209
Kaspersky 20160209
Malwarebytes 20160209
McAfee 20160209
McAfee-GW-Edition 20160209
Microsoft 20160209
eScan 20160209
NANO-Antivirus 20160209
nProtect 20160205
Panda 20160208
Qihoo-360 20160209
Rising 20160209
Sophos AV 20160209
SUPERAntiSpyware 20160209
Symantec 20160208
Tencent 20160209
TheHacker 20160208
TotalDefense 20160208
TrendMicro 20160209
TrendMicro-HouseCall 20160209
VBA32 20160208
VIPRE 20160209
ViRobot 20160209
Zillya 20160208
Zoner 20160209
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2003 InstallShield Software Corp.

Product Privatefirewall 7.0
Original name setup.exe
Internal name setup.exe
File version 7.0.30.3
Description Setup Launcher
Comments
Signature verification Signed file, verified signature
Signing date 8:49 PM 12/16/2013
Signers
[+] PWI, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 11:00 PM 05/06/2013
Valid to 10:59 PM 07/06/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 5439E0E6BB07544053E4100D4AD26DB15D6157FB
Serial number 50 16 2F 95 81 5C 2D 31 01 27 D6 87 A5 CD 7B 15
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 10:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 11:00 PM 10/17/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-09-03 09:09:31
Entry Point 0x000194EC
Number of sections 4
PE sections
Overlays
MD5 4fd7bbb31e34d84cc30c2eb12f67c896
File type data
Offset 229376
Size 3520264
Entropy 7.98
PE imports
GetTokenInformation
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
EqualSid
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
GetObjectA
GetDeviceCaps
SelectObject
DeleteDC
GetSystemPaletteEntries
GetTextExtentPointA
BitBlt
CreatePalette
TranslateCharsetInfo
CreateDIBitmap
GetStockObject
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SetBkMode
CreateCompatibleDC
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
GetEnvironmentVariableA
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
VerLanguageNameA
InitializeCriticalSection
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
QueryPerformanceFrequency
GetPrivateProfileStringA
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
_lclose
CreateThread
GetPrivateProfileSectionA
GetExitCodeThread
SetUnhandledExceptionFilter
TerminateProcess
VirtualQuery
LocalFileTimeToFileTime
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
SystemTimeToFileTime
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GetProcAddress
CompareStringW
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
CompareStringA
GetTempFileNameA
CreateFileMappingA
GlobalLock
RemoveDirectoryA
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
GetShortPathNameA
OpenFile
SizeofResource
SearchPathA
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocStringLen
SysFreeString
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
CharPrevA
RegisterClassA
GetParent
UpdateWindow
IntersectRect
EndDialog
BeginPaint
MoveWindow
KillTimer
FindWindowA
DefWindowProcA
GetClassInfoA
SetWindowPos
GetDesktopWindow
GetSystemMetrics
IsWindow
PostQuitMessage
GetWindowRect
DispatchMessageA
EnableWindow
PostMessageA
DrawIcon
GetDlgItemTextA
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetSysColor
SendDlgItemMessageA
GetDC
ReleaseDC
GetDlgCtrlID
SetWindowTextA
DestroyIcon
LoadStringA
ShowWindow
GetWindowPlacement
SendMessageA
SubtractRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
CharLowerBuffA
LoadCursorA
ClientToScreen
SetRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
GetClientRect
LoadIconA
GetMessageA
FillRect
CharNextA
WaitForInputIdle
GetSysColorBrush
wsprintfA
MsgWaitForMultipleObjects
EndPaint
GetWindowTextA
DestroyWindow
ExitWindowsEx
IsDialogMessageA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoUninitialize
CoInitialize
StgIsStorageFile
GetRunningObjectTable
CoCreateInstance
StgOpenStorage
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CreateItemMoniker
Number of PE resources by type
RT_DIALOG 5
RT_ICON 4
RT_STRING 3
RT_MANIFEST 1
RT_GROUP_CURSOR 1
GIF 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
106496

ImageVersion
0.0

ProductName
Privatefirewall 7.0

FileVersionNumber
9.0.333.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0002

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.0.30.3

TimeStamp
2003:09:03 02:09:31-07:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
7.0.30.3

FileDescription
Setup Launcher

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Copyright (C) 2003 InstallShield Software Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
PWI, Inc.

CodeSize
139264

FileSubtype
0

ProductVersionNumber
9.0.0.0

EntryPoint
0x194ec

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 1134918c235beffa66fa20c737ad539d
SHA1 f7addf66a7271bdf3c9f098743c97042fbdc611a
SHA256 22f3ca36eb80670c5eedfd8ffb72422a576e4f473e1ff92abd28f754f11df184
ssdeep
98304:2SRsOHum/UZq9F3NgmFoK0iIGUFuf0hxYgFIcRKIDnioy8:2SR5H3/UZ4J6GoK0AUkGVRLDnioB

authentihash c6265fbc1856dc9a847378aba00d642f9e1bc71dae497a64fd2d77270f689a38
imphash 88a9e919ea1b9807e1519635b0ceabd1
File size 3.6 MB ( 3749640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (31.7%)
Win32 Executable MS Visual C++ (generic) (23.0%)
Win64 Executable (generic) (20.3%)
Microsoft Visual C++ compiled executable (generic) (12.1%)
Win32 Dynamic Link Library (generic) (4.8%)
Tags
peexe overlay armadillo signed via-tor

VirusTotal metadata
First submission 2013-12-20 02:16:19 UTC ( 5 years, 2 months ago )
Last submission 2019-01-27 17:40:02 UTC ( 3 weeks, 1 day ago )
File names privatefirewall (3).exe
privatefirewall(1).exe
privatefirewall.exe
privatefirewall_v7.0.30.3.exe
114-privatefirewall.exe
Private Firewall v.7.0.30.3 FREEWARE Original.exe
PRIVATE.EXE
privatefirewall.9.0.333.exe
403952
PrivateFirewall_(PF)_ByPrivacyware_v7.0.30.3.exe
jhulprivatefirewall.exe
privatefirewall.exe
privatefirewall.exe
f7addf66a7271bdf3c9f098743c97042fbdc611a.exe
privatefirewall.exe
privatefirewall.exe
privatefirewall (1).exe
privatefirewall (2).exe
Private Firewall dec 2013.exe
963irecatadv0r0g1h7.exe
privatefirewall.exe
privatefirewall.exe
privatefirewall.exe
OnlineArmorSetup.exe
privatefirewall.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!