» audioperformersetup.exe
Overview
Analysis
File Details
Downloads (1)

audioperformersetup.exe

InstallBrain Installer

InstallBrain

This is the Performersoft setup installer. The application audioperformersetup.exe has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallBrain installer, however the file is not signed with an authenticode signature from a trusted source. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

Publisher:

InstallBrain

Product:

InstallBrain Installer

Version:

14,1,1,3

MD5:

4704808717836c4f2e79bdf3a95ac391

SHA-1:

32b27bcfce6d9111792cbe07547488adf2f976be

Scanner detections:

1 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/19/2024 12:10:04 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.InstallBrain (M)

16.7.31.6

File size:

545.8 KB (558,919 bytes)

Product version:

14,1,1,3

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\audioperformersetup.exe

File PE Metadata

Compilation timestamp:

5/10/2012 5:27:56 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:B9xZ5yN3Cwaw//ikDju436I26h+E9OtehoKwJIfBRuWW8KwaS:B9vsky/7NKDm+HeGuf9

Entry address:

0x13C7F0

Entry point:

BB, 08, 69, 79, 5F, 93, E9, 20, 01, 00, 00, C5, 6B, CE, CA, 76, FA, CE, CA, 26, 59, 54, 4E, 4E, CE, 4E, 4E, 7C, 4E, 4E, 4E, AD, 7F, 84, 7F, 7E, 7F, 87, 85, 84, 4E, 4E, 4E, C2, AF, C8, B3, B0, AF, BB, AF, 7C, B2, BA, BA, 4E, 4E, 4E, 4E, AA, 4E, 4E, 4E, 94, C0, B3, B3, 9A, B7, B0, C0, AF, C0, C7, 4E, 91, C0, B3, AF, C2, B3, 92, B7, C0, B3, B1, C2, BD, C0, C7, 8F, 4E, 4E, 4E, 4E, 95, B3, C2, A5, B7, BC, B2, BD, C5, C1, 92, B7, C0, B3, B1, C2, BD, C0, C7, 8F, 4E, 4E, 4E, 4E, 95, B3, C2, 9B, BD, B2, C3, BA, B3... 
[+]

Entropy:

7.6551

Code size:

316 KB (323,584 bytes)

The file audioperformersetup.exe has been seen being distributed by the following URL.

http://download.performersoft.com/.../gkc51?exename=AudioPerformerSetup&cid=265&clickid=0000012840862061240&clickid=0000012840862061240

Remove audioperformersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.