simple_port_forwarding_setup.exe

Setup Factory Runtime

The program is a setup application that uses the Setup Factory installer. The file has been seen being downloaded from gsf-cf.softonic.com and multiple other hosts.
Product:
Setup Factory Runtime

Description:
Setup Application

Version:
9.1.0.0

MD5:
e4496dfcd5d79d5eae27e833992f1238

SHA-1:
22593fd1308b0fd35ecd795df2d4430c50b24076

SHA-256:
843f5301cf935800dc1dd1a9a40506fa435a6c4eaf0a79fda9efa209ddcb194e

Scanner detections:
1 / 68

Status:
Clean  (1 probable false positive detection)

Explanation:
This is mosty likely a false positive detection, the file is probably clean.

Analysis date:
12/25/2024 5:19:40 AM UTC  (today)

Scan engine
Detection
Engine version

Vba32 AntiVirus
TrojanDropper.Agent
3.12.24.3

File size:
6.5 MB (6,793,138 bytes)

Product version:
9.1.0.0

Copyright:
Setup Engine Copyright © 2004-2012 Indigo Rose Corporation

Trademarks:
Setup Factory is a trademark of Indigo Rose Corporation.

Original file name:
suf_launch.exe

File type:
Executable application (Win32 EXE)

Installer:
Setup Factory

Language:
English (United States)

Common path:
C:\users\{user}\downloads\simple_port_forwarding_setup.exe

File PE Metadata
Compilation timestamp:
6/14/2012 6:16:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:Kei3hi6uGoK3w/WaG8h+EmKyOBnIz1/8UkfpSfxo:Shfr3wtDh+fKyOBYn4pQxo

Entry address:
0x29E1

Entry point:
E8, A6, 1D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 56, 57, 33, F6, BF, C8, AB, 40, 00, 83, 3C, F5, 54, A0, 40, 00, 01, 75, 1D, 8D, 04, F5, 50, A0, 40, 00, 89, 38, 68, A0, 0F, 00, 00, FF, 30, 83, C7, 18, FF, 15, C0, 70, 40, 00, 85, C0, 74, 0C, 46, 83, FE, 24, 7C, D3, 33, C0, 40, 5F, 5E, C3, 83, 24, F5, 50, A0, 40, 00, 00, 33, C0, EB, F1, 8B, FF, 53, 8B, 1D, C4, 70, 40, 00, 56, BE, 50, A0, 40, 00, 57, 8B, 3E, 85, FF, 74, 13, 83, 7E, 04, 01, 74, 0D, 57, FF, D3, 57, E8, 18, FD, FF, FF, 83, 26, 00, 59, 83, C6, 08...
 
[+]

Code size:
22 KB (22,528 bytes)

The file simple_port_forwarding_setup.exe has been seen being distributed by the following 50 URLs.

http://gsf-cf.softonic.com/225/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=74837&instance=softonic_it&type=PROGRAM&Expires=1447275964&Signature=S87ek9MK9rMPmIbg5~FeXly1XRirZ4sN2S78SpgKQT3iOoqUU6EqJZ50xXjaamP3HuqSUJZS81hvqM6oPIyLGP5QFaoloHjPwZbiZGgubeI7-RxTLgNb5fkRG6p6erVMuxCk~osm5ZuRKgUqynDPE2CC7mzvHL6Tx1eGj1TmomM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=simple_port_forwarding_setup.exe

http://gsf-cf.softonic.com/225/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=74837&instance=softonic_br&type=PROGRAM&Expires=1480355623&Signature=Dq5S7iyAGskveHYfrqHNK7I7a6gsQu1K5qZ-1ESXrHbCc5qca-AZIP~ZXgoqroMPWujX1kJKRFFkq8MRXf0bZ0a-2F1~UkPGZV7TTY8ytmij-AGsDtZCTFTqqvUhB1GcTGLfwhW0yUAlOkpUb4j4vAt1q5~NFsZnJphdZ5lhN8Y_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=simple_port_forwarding_setup.exe

http://gsf-cf.softonic.com/225/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=74837&instance=softonic_br&type=PROGRAM&Expires=1466775691&Signature=XyISrO7a7CDa-cDrQoJfbleuXDWQT7pf2cJcZ9BtQA1HIMHCOQueuJTP6O~JzLy~YcwsiSorOtBPJpV1nlJ2xi1FEgyuPeozCwoXKK1-smuJ2ea9cYYZHe1D2UNt7UUVf3h-kNmRIicMR5lg67HEBdFPD-FHVPneiNDPf09UcXI_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=simple_port_forwarding_setup.exe

http://files7.majorgeeks.com/files/7ec12aa91918c9b6e577c1ae18a0a34b/.../simple_port_forwarding_setup.exe

http://gsf-cf.softonic.com/225/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=74837&instance=softonic_it&type=PROGRAM&Expires=1460736269&Signature=H6wssXQOqZ15rTXKS58ne1oyAYdgBVZMS6FOItmrwKKzGjvDL80CTUNLbPDkr-mogSBZ~B5YD12LN1dk5-DKH6McfJQD2m3SjRwYAlfxPtJbG3BSO-GDgBY8Im4fR31yGlWy4y~J3zaMwrnOkROyhSUuinOADd6Pu5miJIsQvuc_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=simple_port_forwarding_setup.exe

http://gsf-cf.softonic.com/225/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=74837&instance=softonic_it&type=PROGRAM&Expires=1478474693&Signature=drxJjaX4KbTOyAeiPztRNMSQvlDiu9CHq87Wiz6U3SZJME6jNFRl76UvKfOIv7FbytpRP~-wWBdpEJ25OMTNdm4zueM9JAFXJmc7kwhJSK6boICzbC9LvjT0nf8UFy9L0Llqyv6tvnyE0P9oi5sUgvczuf6EBWzaPXM7YOmjzak_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=simple_port_forwarding_setup.exe

http://gsf-cf.softonic.com/225/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=74837&instance=softonic_it&type=PROGRAM&Expires=1476150762&Signature=J-FewgLstKjUt-eqMYHp6ywnaRr0gpfkOEv-LfHcQPxfXKFdox66PZ2X3-0O8RVMQkBabgBiA1V9t4jUwlXnTTiIrZqPjUXj6zMUzRT0KtkB3RDCWnsBSINcz6THkLfZQZP8V9m2~nmYn6NQ61dptOBMs3lyzrfTZJ-OK-NKQtM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=simple_port_forwarding_setup.exe

http://gsf-cf.softonic.com/225/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=74837&instance=softonic_en&type=PROGRAM&Expires=1478750451&Signature=AG1ckVdie1EdMBuhd4vd9xXaxV8Ma9cZT5EkWoAczzPnh3sOnDVZh7KlId8r-hvPny3p~6nK5CavLwRwXZwojeFk5SSdZUdLCAjZ2De2N3UBucpMHZUj5v6YAUwnoMCRTmal2Yv3NVz7DxQaAY1~uBH~HHVz6n9eyHn2EDjGsQM_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=simple_port_forwarding_setup.exe

http://gsf-cf.softonic.com/225/93f/.../file?instance=softonic_br&Expires=1416890389&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=a2rgwJj7K976WtGW3v23HH56JjsEuzvVYm0xiXKNjz~Uir5rR~quwT0T1l2JVio9wzNCsd2yOQ1w5EJAOnNfqxnmVkBbNogNsWbM2cc0jsjEvK6-Epn-lWEdMClAUQCRysqb5JIXj1vhSmkiLAnwSO6D-VuP6yVGBlR2u7BPR~Q_&filename=simple_port_forwarding_setup.exe

http://gsf-cf.softonic.com/225/93f/.../file?SD_used=0&channel=WEB&fdh=no&id_file=74837&instance=softonic_it&type=PROGRAM&Expires=1460413853&Signature=IpWxPPFPsTjxCY--wYBJaCUyBSGTKprxwsj3RZORTLh1hvpGf3FOubF~p2FgVXfkxVGzk~tXJiwRMQWBVOS5b5dM3kZvw69W8IZvVeYj5VjtBVYhpDTjdkJ5TSP0Ri38ixXo4IbwMt994HU8-gmBsL2Tw2fTlDRZFGC1DiPZaF8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=simple_port_forwarding_setup.exe

Latest 30 of 55 download URLs

Scan simple_port_forwarding_setup.exe - Powered by Reason Core Security