× Cookies are disabled! This site requires cookies to be enabled to work properly
SHA256: a5ffd798a6102d2dbe4d2b590e73cb821763421a9aa7d14e0de575899b2cece8
File name: SetupPortForwardNetworkUtilities2.0.7.exe
Detection ratio: 0 / 56
Analysis date: 2014-12-13 01:26:35 UTC ( 2 years, 3 months ago ) View latest
Probably harmless! There are strong indicators suggesting that this file is safe to use.
Antivirus Result Update
Ad-Aware 20141213
AegisLab 20141213
Yandex 20141212
AhnLab-V3 20141212
ALYac 20141213
Antiy-AVL 20141212
Avast 20141213
AVG 20141212
Avira (no cloud) 20141213
AVware 20141213
Baidu-International 20141212
BitDefender 20141213
Bkav 20141212
ByteHero 20141213
CAT-QuickHeal 20141212
ClamAV 20141212
CMC 20141212
Comodo 20141212
Cyren 20141213
DrWeb 20141213
Emsisoft 20141213
ESET-NOD32 20141213
F-Prot 20141213
F-Secure 20141213
Fortinet 20141213
GData 20141213
Ikarus 20141212
Jiangmin 20141212
K7AntiVirus 20141212
K7GW 20141212
Kaspersky 20141213
Kingsoft 20141213
Malwarebytes 20141212
McAfee 20141213
McAfee-GW-Edition 20141213
Microsoft 20141213
eScan 20141213
NANO-Antivirus 20141212
Norman 20141212
nProtect 20141212
Panda 20141212
Qihoo-360 20141213
Rising 20141212
Sophos 20141213
SUPERAntiSpyware 20141213
Symantec 20141213
Tencent 20141213
TheHacker 20141212
TotalDefense 20141212
TrendMicro 20141213
TrendMicro-HouseCall 20141213
VBA32 20141212
VIPRE 20141213
ViRobot 20141212
Zillya 20141212
Zoner 20141210
The file being studied is a Portable Executable file! More specifically, it is a Win32 EXE file for the Windows GUI subsystem.
Authenticode signature block and FileVersionInfo properties
Copyright
Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.

Product Port Forward Network Utilities
Original name InstallShield Setup.exe
Internal name Setup
File version 2.0.7
Description Setup Launcher Unicode
Signature verification Signed file, verified signature
Signing date 2:22 AM 12/13/2014
Signers
[+] Portforward
Status This certificate or one of the certificates in the certificate chain is not time valid.
Issuer COMODO Code Signing CA 2
Valid from 1:00 AM 6/7/2012
Valid to 12:59 AM 6/8/2015
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint AC432CA2CCA9EC8E1FF9F2C9919A84A4FDAC4D27
Serial number 00 82 C1 4B 9D F9 4D A5 24 7E 8A B7 AE D3 0A 32 CC
[+] COMODO Code Signing CA 2
Status Valid
Issuer UTN-USERFirst-Object
Valid from 1:00 AM 8/24/2011
Valid to 11:48 AM 5/30/2020
Valid usage Code Signing
Algorithm sha1RSA
Thumbprint B64771392538D1EB7A9281998791C14AFD0C5035
Serial number 10 70 9D 4F F5 54 08 D7 30 60 01 D8 EA 91 75 BB
[+] UTN-USERFirst-Object
Status Valid
Issuer AddTrust External CA Root
Valid from 9:09 AM 6/7/2005
Valid to 11:48 AM 5/30/2020
Valid usage All
Algorithm sha1RSA
Thumbprint 8AD5C9987E6F190BD6F5416E2DE44CCD641D8CDA
Serial number 42 1A F2 94 09 84 19 1F 52 0A 4B C6 24 26 A7 4B
[+] The USERTrust Network?
Status Valid
Issuer AddTrust External CA Root
Valid from 11:48 AM 5/30/2000
Valid to 11:48 AM 5/30/2020
Valid usage Server Auth, Client Auth, Email Protection, Code Signing, Timestamp Signing, EFS, IPSEC Tunnel, IPSEC User
Algorithm sha1RSA
Thumbprint 02FAF3E291435468607857694DF5E45B68851868
Serial number 01
Counter signers
[+] Symantec Time Stamping Services Signer - G4
Status Valid
Issuer Symantec Time Stamping Services CA - G2
Valid from 1:00 AM 10/18/2012
Valid to 12:59 AM 12/30/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 65439929B67973EB192D6FF243E6767ADF0834E4
Serial number 0E CF F4 38 C8 FE BF 35 6E 04 D8 6A 98 1B 1A 50
[+] Symantec Time Stamping Services CA - G2
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 12/21/2012
Valid to 12:59 AM 12/31/2020
Valid usage Timestamp Signing
Algorithm sha1RSA
Thumbrint 6C07453FFDDA08B83707C09B82FB3D15F35336B1
Serial number 7E 93 EB FB 7C C6 4E 59 EA 4B 9A 77 D4 06 FC 3B
[+] Thawte Timestamping CA
Status Valid
Issuer Thawte Timestamping CA
Valid from 1:00 AM 1/1/1997
Valid to 12:59 AM 1/1/2021
Valid usage Timestamp Signing
Algorithm md5RSA
Thumbrint BE36A4562FB2EE05DBB3D32323ADF445084ED656
Serial number 00
PE header basic information
Target machine Intel 386 or later processors and compatible processors
Compilation timestamp 2013-10-30 06:48:02
Entry Point 0x0006B0FB
Number of sections 4
PE sections
Overlays
MD5 84bfe6bc0d4703af19cbe5fe8a165c74
File type data
Offset 1216512
Size 2402264
Entropy 8.00
PE imports
SetSecurityDescriptorOwner
RegCreateKeyExW
RegCloseKey
RegCreateKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
OpenProcessToken
RegEnumKeyW
RegOpenKeyW
GetTokenInformation
RegQueryInfoKeyW
RegEnumKeyExW
OpenThreadToken
RegEnumValueW
RegSetValueExW
FreeSid
AllocateAndInitializeSid
InitializeSecurityDescriptor
EqualSid
SetSecurityDescriptorGroup
GetDIBColorTable
GetSystemPaletteEntries
CreateHalftonePalette
GetDeviceCaps
TranslateCharsetInfo
DeleteDC
SetBkMode
CreateFontIndirectW
GetObjectW
BitBlt
RealizePalette
SetTextColor
CreatePalette
GetStockObject
CreateDIBitmap
SelectPalette
UnrealizeObject
CreateCompatibleDC
CreateFontW
SelectObject
CreateSolidBrush
DeleteObject
GetStdHandle
GetDriveTypeW
GetConsoleOutputCP
SetEvent
HeapDestroy
GetFileAttributesW
DuplicateHandle
GetLocalTime
HeapAlloc
DeleteCriticalSection
GetCurrentProcess
GetConsoleMode
GetLocaleInfoA
LocalAlloc
SetErrorMode
FreeEnvironmentStringsW
lstrcatW
GetThreadContext
GetLocaleInfoW
SetStdHandle
GetFileTime
GetCPInfo
GetStringTypeA
GetDiskFreeSpaceW
InterlockedExchange
FindResourceExW
WaitForSingleObject
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeW
GetExitCodeProcess
LocalFree
FormatMessageW
ResumeThread
CreateEventW
LoadResource
FindClose
InterlockedDecrement
MoveFileW
SetFileAttributesW
GetEnvironmentVariableW
SetLastError
InitializeCriticalSection
CopyFileW
GetUserDefaultLangID
RemoveDirectoryW
IsDebuggerPresent
ExitProcess
VerLanguageNameW
GetModuleFileNameA
LoadLibraryA
QueryPerformanceFrequency
EnumSystemLocalesA
SetConsoleCtrlHandler
UnhandledExceptionFilter
LoadLibraryExW
MultiByteToWideChar
FatalAppExitA
FlushInstructionCache
GetPrivateProfileStringW
SetFilePointer
CreateThread
MoveFileExW
GetSystemDirectoryW
GetExitCodeThread
SetUnhandledExceptionFilter
MulDiv
SetEnvironmentVariableA
SetThreadContext
TerminateProcess
SearchPathW
WriteConsoleA
SetCurrentDirectoryW
GlobalAlloc
SetEndOfFile
GetVersion
InterlockedIncrement
WriteConsoleW
CreateToolhelp32Snapshot
InitializeCriticalSectionAndSpinCount
HeapFree
EnterCriticalSection
SetHandleCount
LoadLibraryW
GetVersionExW
FreeLibrary
QueryPerformanceCounter
GetTickCount
TlsAlloc
VirtualProtect
FlushFileBuffers
lstrcmpiW
RtlUnwind
GetStartupInfoA
GetDateFormatA
GetWindowsDirectoryW
GetFileSize
WriteProcessMemory
OpenProcess
GetDateFormatW
GetStartupInfoW
CreateDirectoryW
DeleteFileW
GetUserDefaultLCID
VirtualProtectEx
GetProcessHeap
GetTempFileNameW
CreateFileMappingW
WriteFile
CompareStringW
lstrcpyW
GetModuleFileNameW
ExpandEnvironmentStringsW
lstrcmpA
FindNextFileW
lstrcpyA
GetTimeFormatA
ResetEvent
FindFirstFileW
IsValidLocale
lstrcmpW
GetProcAddress
GetTempPathW
GetCurrentDirectoryW
GetTimeZoneInformation
CreateFileW
GetFileType
TlsSetValue
CreateFileA
GetCurrentThreadId
LeaveCriticalSection
GetLastError
SystemTimeToFileTime
LCMapStringW
UnmapViewOfFile
GetSystemInfo
lstrlenA
GlobalFree
GetConsoleCP
LCMapStringA
GetTimeFormatW
GetProcessTimes
GetEnvironmentStringsW
GlobalUnlock
VirtualQuery
lstrlenW
Process32NextW
CreateProcessW
SizeofResource
CompareFileTime
GetCurrentProcessId
LockResource
SetFileTime
GetCommandLineW
WideCharToMultiByte
HeapSize
Process32FirstW
GetCurrentThread
lstrcpynW
GetSystemDefaultLangID
RaiseException
MapViewOfFile
TlsFree
GetModuleHandleA
ReadFile
CloseHandle
lstrcpynA
GetACP
GlobalLock
GetModuleHandleW
TlsGetValue
IsValidCodePage
HeapCreate
FindResourceW
VirtualFree
Sleep
IsBadReadPtr
VirtualAlloc
GetOEMCP
CompareStringA
VarUI4FromStr
VariantChangeType
SysStringLen
SystemTimeToVariantTime
VarBstrFromDate
CreateErrorInfo
SysStringByteLen
VarBstrCat
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysReAllocStringLen
RegisterTypeLib
SysAllocString
GetErrorInfo
SysFreeString
LoadTypeLib
SetErrorInfo
UuidFromStringW
UuidCreate
UuidToStringW
RpcStringFreeW
SHBrowseForFolderW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW
SHGetMalloc
CommandLineToArgvW
SetFocus
EndPaint
CreateDialogIndirectParamW
IntersectRect
EndDialog
BeginPaint
SetWindowTextW
TranslateMessage
DefWindowProcW
MoveWindow
KillTimer
CharPrevW
PostQuitMessage
ShowWindow
GetMessageW
SetWindowPos
wvsprintfW
GetDesktopWindow
GetSystemMetrics
SetWindowLongW
IsWindow
PeekMessageW
GetWindowRect
EnableWindow
CharUpperW
GetWindowDC
SendDlgItemMessageW
GetWindow
PostMessageW
GetSysColor
DispatchMessageW
SetActiveWindow
GetDC
CreateDialogParamW
ReleaseDC
GetDlgCtrlID
SendMessageW
RegisterClassW
wsprintfW
SubtractRect
SetTimer
GetDlgItem
GetDlgItemTextW
MessageBoxW
FindWindowW
ClientToScreen
SetRect
CharNextW
LoadImageW
IsDialogMessageW
FillRect
GetClientRect
WaitForInputIdle
SetDlgItemTextW
GetSysColorBrush
DialogBoxIndirectParamW
LoadCursorW
LoadIconW
CreateWindowExW
MsgWaitForMultipleObjects
GetWindowLongW
SetForegroundWindow
DestroyWindow
ExitWindowsEx
SetCursor
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
ProgIDFromCLSID
CoUninitialize
CoInitialize
CoTaskMemAlloc
CoCreateInstance
CoCreateGuid
CoTaskMemRealloc
CLSIDFromProgID
CoInitializeSecurity
GetRunningObjectTable
CoTaskMemFree
StringFromGUID2
CreateItemMoniker
Number of PE resources by type
RT_STRING 25
RT_DIALOG 23
RT_ICON 11
RT_BITMAP 6
RT_GROUP_ICON 3
GIF 2
RT_MANIFEST 1
RT_VERSION 1
Number of PE resources by language
NEUTRAL 46
ENGLISH US 26
PE resources
Debug information
ExifTool file metadata
FileTypeExtension
exe

SubsystemVersion
5.0

InitializedDataSize
499712

ImageVersion
0.0

ProductName
Port Forward Network Utilities

FileVersionNumber
2.0.7.0

UninitializedDataSize
0

LanguageCode
English (U.S.)

FileFlagsMask
0x003f

LegalCopyright
Copyright (c) 2013 Flexera Software LLC. All Rights Reserved.

CharacterSet
Unicode

LinkerVersion
9.0

InternalBuildNumber
134369

OriginalFileName
InstallShield Setup.exe

MIMEType
application/octet-stream

Subsystem
Windows GUI

FileVersion
2.0.7

TimeStamp
2013:10:30 07:48:02+01:00

FileType
Win32 EXE

PEType
PE32

InternalName
Setup

ProductVersion
2.0.7

FileDescription
Setup Launcher Unicode

ISInternalDescription
Setup Launcher Unicode

OSVersion
5.0

FileOS
Win32

ISInternalVersion
20.0.529

MachineType
Intel 386 or later, and compatibles

CompanyName
Portforward, LLC

CodeSize
715776

FileSubtype
0

ProductVersionNumber
2.0.7.0

EntryPoint
0x6b0fb

ObjectFileType
Dynamic link library

Compressed bundles
File identification
MD5 575c10dff4a501eb8b64e4c290db25a2
SHA1 c81d52263abd07628a82bd749a019235e116de91
SHA256 a5ffd798a6102d2dbe4d2b590e73cb821763421a9aa7d14e0de575899b2cece8
ssdeep
98304:SfTBaVO007ieEZ7DdKL42YVSlcIi4yW/TPhlDW3KPR/:GaVcij7JSYV6hnhZW3YR/

authentihash f0dd8881e7dc05c77da9ca2b81d966528a401cacac677aa391467722f70025dd
imphash 8716dfcb53e9237687620dc5ebbd5d82
File size 3.5 MB ( 3618776 bytes )
File type Win32 EXE
Magic literal
PE32 executable for MS Windows (GUI) Intel 80386 32-bit

TrID InstallShield setup (48.1%)
Win32 Executable MS Visual C++ (generic) (34.9%)
Win32 Dynamic Link Library (generic) (7.3%)
Win32 Executable (generic) (5.0%)
Generic Win/DOS Executable (2.2%)
Tags
peexe signed overlay

VirusTotal metadata
First submission 2014-12-13 01:26:35 UTC ( 2 years, 3 months ago )
Last submission 2016-08-26 22:22:36 UTC ( 7 months ago )
File names InstallShield Setup.exe
file-7828884_exe
Setup
setup-network-utilities.2.0.5.exe
PortFoward.com_setup-network-utilities.exe
setup-network-utilities.exe
setup-network-utilities.exe
setup-network-utilities.2.0.5.exe
setup-network-utilities.2.0.5.exe
setup-network-utilities.exe
port forward network-utilities.exe
setup-network-utilities.exe
SetupPortForwardNetworkUtilities2.0.7.exe
setup-network-utilities.exe
Advanced heuristic and reputation engines
Symantec reputation Suspicious.Insight
No comments. No VirusTotal Community member has commented on this item yet, be the first one to do so!

Leave your comment...

?
Post comment

You have not signed in. Only registered users can leave comments, sign in and have a voice!

No votes. No one has voted on this item yet, be the first one to do so!
Condensed report! The following is a condensed report of the behaviour of the file when executed in a controlled environment. The actions and events described were either performed by the file itself or by any other process launched by the executed file or subjected to code injection by the executed file.
Opened files
Read files
Written files
Copied files
Deleted files
Created processes
Code injections in the following processes
Created mutexes
Opened mutexes
Opened service managers
Opened services
Runtime DLLs
Additional details
The file sends control codes directly to certain device drivers making use of the DeviceIoControl Windows API function.
HTTP requests
DNS requests
TCP connections