× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: 22f3ca36eb80670c5eedfd8ffb72422a576e4f473e1ff92abd28f754f11df184
File name: privatefirewall.exe
Detection ratio: 0 / 69
Analysis date: 2019-03-15 05:47:25 UTC ( 2 months, 1 week ago ) View latest
Antivirus Result Update
Acronis 20190313
Ad-Aware 20190315
AegisLab 20190315
AhnLab-V3 20190314
Alibaba 20190306
ALYac 20190315
Antiy-AVL 20190315
Arcabit 20190315
Avast 20190315
Avast-Mobile 20190314
AVG 20190315
Avira (no cloud) 20190315
Babable 20180918
Baidu 20190306
BitDefender 20190315
Bkav 20190314
CAT-QuickHeal 20190314
ClamAV 20190314
CMC 20190314
Comodo 20190315
CrowdStrike Falcon (ML) 20190212
Cybereason 20190109
Cylance 20190315
Cyren 20190315
DrWeb 20190315
eGambit 20190315
Emsisoft 20190315
Endgame 20190215
ESET-NOD32 20190315
F-Prot 20190315
F-Secure 20190315
Fortinet 20190315
GData 20190315
Ikarus 20190314
Sophos ML 20190313
Jiangmin 20190315
K7AntiVirus 20190315
K7GW 20190315
Kaspersky 20190315
Kingsoft 20190315
Malwarebytes 20190315
MAX 20190315
McAfee 20190315
McAfee-GW-Edition 20190315
Microsoft 20190315
eScan 20190315
NANO-Antivirus 20190315
Palo Alto Networks (Known Signatures) 20190315
Panda 20190314
Qihoo-360 20190315
Rising 20190315
SentinelOne (Static ML) 20190311
Sophos AV 20190315
SUPERAntiSpyware 20190314
Symantec 20190315
Symantec Mobile Insight 20190220
TACHYON 20190315
Tencent 20190315
TheHacker 20190315
Trapmine 20190301
TrendMicro 20190315
TrendMicro-HouseCall 20190315
Trustlook 20190315
VBA32 20190314
ViRobot 20190315
Webroot 20190315
Yandex 20190314
Zillya 20190314
ZoneAlarm by Check Point 20190315
Zoner 20190315
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (C) 2003 InstallShield Software Corp.

Product Privatefirewall 7.0
Original name setup.exe
Internal name setup.exe
File version 7.0.30.3
Description Setup Launcher
Comments
Signature verification Signed file, verified signature
Signing date 5:49 AM 12/17/2013
Signers
[+] PWI, Inc.
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer VeriSign Class 3 Code Signing 2010 CA
Valid from 12:00 AM 05/07/2013
Valid to 11:59 PM 07/06/2014
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint 5439E0E6BB07544053E4100D4AD26DB15D6157FB
Serial number 50 16 2F 95 81 5C 2D 31 01 27 D6 87 A5 CD 7B 15
[+] VeriSign Class 3 Code Signing 2010 CA
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 02/08/2010
Valid to 11:59 PM 02/07/2020
Valid usage Client Auth, Code Signing
Algorithm sha1RSA
Thumbprint 495847A93187CFB8C71F840CB7B41497AD95C64F
Serial number 52 00 E5 AA 25 56 FC 1A 86 ED 96 C9 D4 4B 33 C7
[+] VeriSign
Status Valid
Issuer VeriSign Class 3 Public Primary Certification Authority - G5
Valid from 12:00 AM 11/08/2006
Valid to 11:59 PM 07/16/2036
Valid usage Server Auth, Client Auth, Email Protection, Code Signing
Algorithm sha1RSA
Thumbprint 4EB6D578499B1CCF5F581EAD56BE3D9B6744A5E5
Serial number 18 DA D1 9E 26 7D E8 BB 4A 21 58 CD CC 6B 3B 4A
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 12:00 AM 10/18/2012
Valid to 11:59 PM 12/29/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 12/21/2012
Valid to 11:59 PM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 12:00 AM 01/01/1997
Valid to 11:59 PM 12/31/2020
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
Packers identified
PEiD Armadillo v1.71
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2003-09-03 09:09:31
Entry Point 0x000194EC
Number of sections 4
PE sections
Overlays
MD5 4fd7bbb31e34d84cc30c2eb12f67c896
File type data
Offset 229376
Size 3520264
Entropy 7.98
PE imports
GetTokenInformation
RegDeleteKeyA
LookupPrivilegeValueA
RegOpenKeyA
RegCloseKey
EqualSid
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueA
FreeSid
RegQueryValueExA
AllocateAndInitializeSid
OpenThreadToken
RegSetValueExA
RegEnumValueA
RegCreateKeyExA
RegOpenKeyExA
RegDeleteValueA
GetObjectA
GetDeviceCaps
SelectObject
DeleteDC
GetSystemPaletteEntries
GetTextExtentPointA
BitBlt
CreatePalette
TranslateCharsetInfo
CreateDIBitmap
GetStockObject
SelectPalette
CreateFontIndirectA
CreateSolidBrush
SetBkMode
CreateCompatibleDC
DeleteObject
RealizePalette
SetTextColor
GetStdHandle
GetFileAttributesA
WaitForSingleObject
GetDriveTypeA
HeapDestroy
FreeEnvironmentStringsA
DeleteCriticalSection
GetCurrentProcess
GetLocaleInfoA
lstrcatA
UnhandledExceptionFilter
ExpandEnvironmentStringsA
SetErrorMode
FreeEnvironmentStringsW
SetStdHandle
GetTempPathA
WideCharToMultiByte
GetStringTypeA
WriteFile
HeapReAlloc
GetStringTypeW
SetFileAttributesA
GetExitCodeProcess
LocalFree
GetEnvironmentVariableA
LoadResource
GlobalHandle
FindClose
TlsGetValue
FormatMessageA
SetLastError
VerLanguageNameA
InitializeCriticalSection
CopyFileA
ExitProcess
GetVersionExA
GetModuleFileNameA
QueryPerformanceFrequency
GetPrivateProfileStringA
GetSystemDefaultLCID
InterlockedDecrement
MultiByteToWideChar
GetModuleHandleA
_lclose
CreateThread
GetPrivateProfileSectionA
GetExitCodeThread
SetUnhandledExceptionFilter
TerminateProcess
VirtualQuery
LocalFileTimeToFileTime
GetVersion
InterlockedIncrement
SetCurrentDirectoryA
HeapFree
EnterCriticalSection
SetHandleCount
lstrcmpiA
FreeLibrary
QueryPerformanceCounter
GetTickCount
IsBadWritePtr
TlsAlloc
VirtualProtect
FlushFileBuffers
LoadLibraryA
RtlUnwind
GetStartupInfoA
SystemTimeToFileTime
GetFileSize
GetPrivateProfileIntA
CreateDirectoryA
DeleteFileA
GetWindowsDirectoryA
SetEvent
GetProcAddress
CompareStringW
lstrcmpA
FindFirstFileA
GetDiskFreeSpaceA
CompareStringA
GetTempFileNameA
CreateFileMappingA
GlobalLock
RemoveDirectoryA
CreateEventA
GetFileType
TlsSetValue
CreateFileA
HeapAlloc
LeaveCriticalSection
GetLastError
DosDateTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
LCMapStringA
GetEnvironmentStringsW
GlobalUnlock
GlobalAlloc
lstrlenW
GetShortPathNameA
OpenFile
SizeofResource
SearchPathA
WritePrivateProfileStringA
LockResource
SetFileTime
GetCPInfo
HeapSize
GetCommandLineA
GetCurrentThread
RaiseException
MapViewOfFile
SetFilePointer
ReadFile
CloseHandle
lstrcpynA
GetACP
GetCurrentThreadId
GetEnvironmentStrings
CreateProcessA
IsValidCodePage
HeapCreate
lstrcpyA
VirtualFree
Sleep
IsBadReadPtr
IsBadCodePtr
FindResourceA
VirtualAlloc
GetOEMCP
ResetEvent
VariantChangeType
SysStringLen
SysAllocStringLen
VariantClear
SysAllocString
SysReAllocStringLen
SysFreeString
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc
CharPrevA
RegisterClassA
GetParent
UpdateWindow
IntersectRect
EndDialog
BeginPaint
MoveWindow
KillTimer
FindWindowA
DefWindowProcA
GetClassInfoA
SetWindowPos
GetDesktopWindow
GetSystemMetrics
IsWindow
PostQuitMessage
GetWindowRect
DispatchMessageA
EnableWindow
PostMessageA
DrawIcon
GetDlgItemTextA
MessageBoxA
PeekMessageA
GetWindowDC
SetWindowLongA
wvsprintfA
TranslateMessage
DialogBoxParamA
GetSysColor
SendDlgItemMessageA
GetDC
ReleaseDC
GetDlgCtrlID
SetWindowTextA
DestroyIcon
LoadStringA
ShowWindow
GetWindowPlacement
SendMessageA
SubtractRect
CreateWindowExA
GetDlgItem
CreateDialogParamA
CharLowerBuffA
LoadCursorA
ClientToScreen
SetRect
GetWindowLongA
GetWindowTextLengthA
SetTimer
GetClientRect
LoadIconA
GetMessageA
FillRect
CharNextA
WaitForInputIdle
GetSysColorBrush
wsprintfA
MsgWaitForMultipleObjects
EndPaint
GetWindowTextA
DestroyWindow
ExitWindowsEx
IsDialogMessageA
SetCursor
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
CoUninitialize
CoInitialize
StgIsStorageFile
GetRunningObjectTable
CoCreateInstance
StgOpenStorage
StringFromCLSID
CoCreateGuid
CoTaskMemFree
CreateItemMoniker
Number of PE resources by type
RT_DIALOG 5
RT_ICON 4
RT_STRING 3
RT_MANIFEST 1
RT_GROUP_CURSOR 1
GIF 1
RT_CURSOR 1
RT_VERSION 1
RT_GROUP_ICON 1
Number of PE resources by language
ENGLISH US 17
NEUTRAL 1
PE resources
ExifTool file metadata
SubsystemVersion
4.0

InitializedDataSize
106496

ImageVersion
0.0

ProductName
Privatefirewall 7.0

FileVersionNumber
9.0.333.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x0002

ImageFileCharacteristics
No relocs, Executable, No line numbers, No symbols, 32-bit

CharacterSet
Windows, Latin1

LinkerVersion
6.0

FileTypeExtension
exe

OriginalFileName
setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
7.0.30.3

TimeStamp
2003:09:03 10:09:31+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
setup.exe

ProductVersion
7.0.30.3

FileDescription
Setup Launcher

OSVersion
4.0

FileOS
Windows 16-bit

LegalCopyright
Copyright (C) 2003 InstallShield Software Corp.

MachineType
Intel 386 or later, and compatibles

CompanyName
PWI, Inc.

CodeSize
139264

FileSubtype
0

ProductVersionNumber
9.0.0.0

EntryPoint
0x194ec

ObjectFileType
Executable application

CarbonBlack CarbonBlack acts as a surveillance camera for computers
While monitoring an end-user machine in-the-wild, CarbonBlack noticed the following files in execution wrote this sample to disk.
Execution parents
PE resource-wise parents
Compressed bundles
File identification
MD5 1134918c235beffa66fa20c737ad539d
SHA1 f7addf66a7271bdf3c9f098743c97042fbdc611a
SHA256 22f3ca36eb80670c5eedfd8ffb72422a576e4f473e1ff92abd28f754f11df184
ssdeep
98304:2SRsOHum/UZq9F3NgmFoK0iIGUFuf0hxYgFIcRKIDnioy8:2SR5H3/UZ4J6GoK0AUkGVRLDnioB

authentihash c6265fbc1856dc9a847378aba00d642f9e1bc71dae497a64fd2d77270f689a38
imphash 88a9e919ea1b9807e1519635b0ceabd1
File size 3.6 MB ( 3749640 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (31.7%)
Win32 Executable MS Visual C++ (generic) (23.0%)
Win64 Executable (generic) (20.3%)
Microsoft Visual C++ compiled executable (generic) (12.1%)
Win32 Dynamic Link Library (generic) (4.8%)
Tags
peexe via-tor armadillo signed overlay

VirusTotal metadata
First submission 2013-12-20 02:16:19 UTC ( 5 years, 5 months ago )
Last submission 2019-05-09 11:22:00 UTC ( 2 weeks, 3 days ago )
File names privatefirewall (3).exe
=?gb18030?B?cHJpdmF0ZWZpcmV3YWxsLmV4IGU=?=
114-privatefirewall.exe
privatefirewall (1).exe
privatefirewall (2).exe
privatefirewall.exe
privatefirewall.exe
privatefirewall.exe
privatefirewall 7.exe
12774125
xetcom.com.privatefirewall.exe
PrivateFirewall(PF)_v7.0.30.3ByPrivacyWare.exe
privatefirewall 7.0.30.3.exe
PrivateFirewall.exe
privatefirewall7.new.exe
privatefirewall v.7.0.30.3 FREEWARE (25 aug 2015).exe
privatefirewall.exe
PrivateFirewall.exe
privatefirewall.exe9
privatefirewall.exe_Shield
Privatefirewall_9.0.333.exe
privatefirewall(1).exe
privatefirewall_v7.0.30.3.exe
privatefirewall.exe
privatefirewall.9.0.333.exe
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!