» audioperformersetup.exe
Overview
Analysis
File Details
Downloads (1)
Network (3)

audioperformersetup.exe

Installer

Performersoft LLC

This is the Performersoft setup installer. The application audioperformersetup.exe by Performersoft has been detected as a potentially unwanted program by 33 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. The file has been seen being downloaded from www.softologicsb.com. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

Performersoft LLC (signed and verified)

Product:

Installer

Version:

15.9.28.27

MD5:

dfb0745539e8a7e04e19c78a72cce553

SHA-1:

7eea02c5b8f203a2261717d6736ba4e990678181

SHA-256:

bcd50744d6e4f1bcdbcc283b6d579d692ba85a6b0785feb174fb1a82fb3924e4

Scanner detections:

33 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/27/2024 12:38:54 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

380

Agnitum Outpost

Adware.BrainInst

7.1.1

AhnLab V3 Security

Adware/Win32.BrainInst

2014.10.04

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.176.116

avast!

Win32:Adware-gen [Adw]

2014.9-160120

AVG

Found Luhe.InstallBrain.A

2017.0.2858

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.100

Dr.Web

Adware.Downware.1295

9.0.1.020

Emsisoft Anti-Malware

Trojan.Win32.InstallBrain.AMN

8.16.01.20.01

ESET NOD32

Win32/InstallBrain.AB potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Adware/BrainInst

1/20/2016

F-Prot

W32/IBrain.D.gen

v6.4.6.5.141

F-Secure

Trojan:W32/InstallBrain.A

11.2016-20-01_4

G Data

Application.Bundler.InstallBrain

16.1.24

IKARUS anti.virus

PUA.PerfSoft

t3scan.1.6.1.0

K7 AntiVirus

Unwanted-Program

13.183.13550

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.787

Malwarebytes

Adware.InstallBrain

v2016.01.20.01

McAfee

PUP-FDT

5600.6514

Microsoft Security Essentials

Threat.Undefined

1.185.1961.0

MicroWorld eScan

Application.Bundler.InstallBrain.A

17.0.0.60

NANO AntiVirus

Trojan.Win32.Downware.cqinak

0.28.2.62440

Panda Antivirus

PUP/Ibups

16.01.20.01

Qihoo 360 Security

Malware.QVM10.Gen

1.0.0.1015

Quick Heal

TrojanDownloader.Brantall.A5

1.16.14.00

Reason Heuristics

PUP.Performersoft.Bundler (M)

16.1.20.13

Sophos

InstallBrain

4.98

SUPERAntiSpyware

Adware.InstallBrain/Variant

9374

Total Defense

Win32/Tnega.ATFN

37.0.11209

Trend Micro House Call

TROJ_GEN.F47V0402

7.2.20

Vba32 AntiVirus

AdWare.BrainInst

3.12.26.3

VIPRE Antivirus

Threat.4759033

33624

Zillya! Antivirus

Downloader.BrainInst.Win32.2

2.0.0.1941

File size:

707.9 KB (724,896 bytes)

Product version:

15.9.28.27

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\downloads\audioperformersetup.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

6/28/2012 1:58:03 AM

Valid to:

6/28/2015 1:58:03 AM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07DAC5F73C6773

File PE Metadata

Compilation timestamp:

9/20/2013 4:50:26 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:5VOIEjIWd1OTlboWuoAbdt3gcIJJUufu2WmXICrcw95vLwWxlhmLD3L3Sk3:55qQTlboWcwcIJJJ2xHicw95jww+LrLN

Entry address:

0xD6BD

Entry point:

E8, 62, 4C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 24, 67, 42, 00, 00, 75, 18, E8, AD, 44, 00, 00, 6A, 1E, E8, F7, 42, 00, 00, 68, FF, 00, 00, 00, E8, 31, 26, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 24, 67, 42, 00, FF, 15, 58, B0, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 28, 67, 42, 00, 74, 0D, 53, E8, 81, 19, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 53, 19, 00, 00, 89, 30, E8, 4C, 19, 00, 00, 89... 
[+]

Entropy:

7.8432 (probably packed)

Code size:

104 KB (106,496 bytes)

The file audioperformersetup.exe has been seen being distributed by the following URL.

http://www.softologicsb.com/.../$veIjfpA3I04gnSoW?exename=AudioPerformerSetup&cid=4255&g=1&clickid=00002492p5112312293

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove audioperformersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.