» bestcodecspack.exe
Overview
Analysis
File Details
Downloads (1)
Network (2)

bestcodecspack.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application bestcodecspack.exe by Performersoft has been detected as a potentially unwanted program by 32 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from stats-182385724-1591972470.us-east-1.elb.amazonaws.com. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

bestcodecspack.exe

Publisher:

InstallBrain (signed by Performersoft LLC)

Product:

InstallBrain Installer

Version:

14,1,1,4

MD5:

98837f9fc5b7538b49b540d99e88ee2f

SHA-1:

36db958909dd87b934e953cd904fd76ecca8593a

SHA-256:

c3056865d271f31eb44e9ab6702cca2c50cf2f991034c6a8dcb43de2fc88a7d5

Scanner detections:

32 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/25/2024 10:26:11 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

945

Agnitum Outpost

Adware.BrainInst

7.1.1

Avira AntiVirus

TR/Dldr.Brantall.B.6

7.11.158.148

avast!

Win32:InstallBrain-AW [PUP]

140617-1

AVG

Potentially harmful program Skodna.Downloader.BH

2014.0.3986

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.930

Clam AntiVirus

Win.Adware.Installbrain-14

0.98/19086

Comodo Security

Application.Win32.InstallBrain.BA

18771

Dr.Web

Adware.Downware.1295

9.0.1.05190

ESET NOD32

Win32/InstallBrain.AO potentially unwanted application

7.0.302.0

Fortinet FortiGate

Adware/InstallBrain.OP

7/5/2014

F-Prot

W32/IBrain.B.gen

4.6.5.141

F-Secure

Trojan:W32/InstallBrain.A

11.2014-05-07_7

G Data

Application.Bundler.InstallBrain

14.7.24

IKARUS anti.virus

PUA.PerfSoft

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.181.12795

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

15.0.0.463

Malwarebytes

Adware.InstallBrain

v2014.07.05.09

McAfee

Artemis!0578C970301F

5600.6959

Microsoft Security Essentials

Threat.Undefined

1.177.1657.0

MicroWorld eScan

Application.Bundler.InstallBrain.A

15.0.0.558

NANO AntiVirus

Trojan.Win32.Downware2.bbweam

0.28.0.60577

Panda Antivirus

PUP/Ibups

14.07.05.09

Quick Heal

TrojanDownloader.Brantall.A5

7.14.14.00

Reason Heuristics

PUP.Installer.Performersoft.O

14.8.7.22

Rising Antivirus

PE:Malware.InstallBrain!6.FD1

23.00.65.14703

Sophos

InstallBrain

4.98

SUPERAntiSpyware

Adware.IBrain

10262

Trend Micro House Call

HV_IBRAIN_BK080358.TOMC

7.2.186

Vba32 AntiVirus

AdWare.BrainInst

3.12.26.3

VIPRE Antivirus

Threat.4371328

29708

Zillya! Antivirus

Adware.BrainInst.Win32.66

2.0.0.1845

File size:

556.9 KB (570,304 bytes)

Product version:

14,1,1,4

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\Documents and Settings\{user}\My documents\downloads\bestcodecspack.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

6/27/2012 9:28:03 PM

Valid to:

6/27/2015 9:28:03 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07DAC5F73C6773

File PE Metadata

Compilation timestamp:

7/5/2012 10:51:31 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:et0d4p0rQ8sv2pkunqSLyLP5v0EZESftYcNO+W0stEapZw:eqrXFyxSuP10EyONOL3Zw

Entry address:

0x107AD

Entry point:

E8, B4, 34, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, C8, F0, 41, 00, 00, 75, 18, E8, FF, 2C, 00, 00, 6A, 1E, E8, 49, 2B, 00, 00, 68, FF, 00, 00, 00, E8, 0D, 26, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, C8, F0, 41, 00, FF, 15, D4, A0, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, EC, F0, 41, 00, 74, 0D, 53, E8, 22, 18, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, FF, 02, 00, 00, 89, 30, E8, F8, 02, 00, 00, 89... 
[+]

Code size:

98 KB (100,352 bytes)

The file bestcodecspack.exe has been seen being distributed by the following URL.

http://stats-182385724-1591972470.us-east-1.elb.amazonaws.com/.../gk6qy?exename=BestCodecsPack&cid=3588&clickid=0009556050983527141&a=5

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove bestcodecspack.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.