home

BackgroundHost.exe

Add-ons Framework

PurpleTech Software Inc

This is the Performersoft setup installer. The application BackgroundHost.exe by PurpleTech Software Inc has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the InstallBrain installer.
Publisher:
PurpleTech Software Inc  (signed and verified)

Product:
Add-ons Framework

Description:
BackgroundHost

Version:
0.9.8.12

MD5:
ad68569c10bc25a92cfb11412815f7cd

SHA-1:
e7019de290e1615cc5e335ed253b009d1f1cfe0e

SHA-256:
61087f0b69a0b419889f70b62fdefcd01eec744f8876d6d552c04445b9f90c20

Scanner detections:
22 / 68

Status:
Adware

Explanation:
Part of the Besttoolbars Add-on framework for Internet Explorer, Chrome and Firefox.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
2/7/2026 7:31:50 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.Toolbar.Besttoolbars
7.1.1

Bkav FE
HW32.Laneul
1.3.0.4923

Dr.Web
Adware.BGuard.32
9.0.1.049

ESET NOD32
Win32/Toolbar.Besttoolbars
10.9284

Fortinet FortiGate
Riskware/Agent
2/18/2016

K7 AntiVirus
Adware
13.2017089

Kaspersky
not-a-virus:WebToolbar.Win32.Agent
14.0.0.641

Malwarebytes
PUP.Optional.BestToolbar
v2016.02.18.06

McAfee
Artemis!DD63717721EB
5600.6485

NANO AntiVirus
Trojan.Win32.Toolbar.dfzyth
0.30.24.3283

Qihoo 360 Security
HEUR/QVM10.1.Malware.Gen
1.0.0.1015

Quick Heal
PUA.Purpletech.Gen
2.16.14.00

Reason Heuristics
PUP.Besttoolbars.Performersoft.Bundler (M)
16.2.18.18

Rising Antivirus
PE:Malware.Generic/QRS!1.9E2D[F1]
23.00.65.16216

Sophos
Generic PUA EG (PUA)
4.98

SUPERAntiSpyware
Adware.WebToolbar/Variant
9315

Total Defense
Win32/Tnega.BBRMPM
37.1.62.1

Trend Micro House Call
TROJ_GEN.F47V1209
7.2.49

Vba32 AntiVirus
Signed-Adware.Besttoolbars
3.12.26.4

VIPRE Antivirus
Besttoolbars
24412

XVirus List
Win.Detected
2.3.31

Zillya! Antivirus
Adware.Agent.Win32.56838
2.0.0.2385

File size:
620.8 KB (635,712 bytes)

Product version:
0.9.8.12

Copyright:
Besttoolbars Inc. All rights reserved.

Original file name:
BackgroundHost.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\Program Files\free games 117\backgroundhost.exe

Digital Signature
Signed by:
PurpleTech Software Inc

Authority:
GoDaddy.com, Inc.

Valid from:
9/12/2012 4:45:58 AM

Valid to:
9/12/2015 4:45:58 AM

Subject:
CN=PurpleTech Software Inc, O=PurpleTech Software Inc, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
00C5C4C135A4BC

File PE Metadata
Compilation timestamp:
8/21/2013 7:46:44 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:mLNayvBdL8NruV8grxGsChVMOxPOMTzPbPA5pv8oZF9hK5/jccP3:mLgyvTbgVZZfPzA5tF985/h3

Entry address:
0x56FA1

Entry point:
E8, F2, A2, 00, 00, E9, 89, FE, FF, FF, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B4, 46, 49, 00, 33, C5, 50, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28, 8B, E8, A1, B4, 46, 49, 00, 33, C5, 50, 89, 65, F0, FF, 75, FC, C7, 45, FC, FF, FF, FF, FF, 8D, 45, F4, 64, A3, 00, 00, 00, 00, C3, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B...
 
[+]

Code size:
477.5 KB (488,960 bytes)

Remove BackgroundHost.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.