home

bestcodecspaclsetup.exe

Installer

Performersoft LLC

This is the Performersoft setup installer. The application bestcodecspaclsetup.exe by Performersoft has been detected as a potentially unwanted program by 36 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. The file has been seen being downloaded from www.softologicsc.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Performersoft LLC  (signed and verified)

Product:
Installer

Version:
15.9.28.27

MD5:
81b17633e5fc214938a41238063c27c6

SHA-1:
64a636dd56a9646e7711b50873528a366068fbd4

SHA-256:
780e6b3876a8bdb131e2ca9393812cdbf897791a45abbaadbbd3e9806d471055

Scanner detections:
36 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/25/2024 3:58:19 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.InstallBrain.A
397

Agnitum Outpost
Adware.BrainInst
7.1.1

AhnLab V3 Security
Win-PUP/InstallBrain
2015.04.25

Avira AntiVirus
APPL/InstallBrain.Gen7
7.11.198.252

avast!
Win32:InstallBrain-U [PUP]
2014.9-160104

AVG
Adware AdInstaller.InstallBrain
2017.0.2875

Bitdefender
Application.Bundler.InstallBrain.A
1.0.20.20

Bkav FE
W32.HfsAdware
1.3.0.6267

Clam AntiVirus
Win.Adware.Installbrain-461
0.98/19865

Comodo Security
Application.Win32.InstallBrain.BA
20547

Dr.Web
Adware.Downware.1082
9.0.1.04

Emsisoft Anti-Malware
Application.Bundler.InstallBrain
8.16.01.04.06

ESET NOD32
Win32/InstallBrain (variant)
10.8190

Fortinet FortiGate
Adware/InstallBrain.OP
1/4/2016

F-Prot
W32/IBrain.D.gen
v6.4.6.5.141

F-Secure
Trojan:W32/InstallBrain.A
11.2016-04-01_2

G Data
Application.Bundler.InstallBrain
16.1.24

IKARUS anti.virus
AdWare.Win32.InstallBrain
t3scan.1.8.9.0

K7 AntiVirus
Unwanted-Program
13.174.10588

Kaspersky
not-a-virus:AdWare.Win32.BrainInst
14.0.0.869

Malwarebytes
Adware.InstallBrain
v2016.01.04.06

McAfee
RDN/Generic PUP.x!bpg
5600.6531

Microsoft Security Essentials
Threat.Undefined
1.191.1318.0

MicroWorld eScan
Application.Bundler.InstallBrain.A
17.0.0.12

NANO AntiVirus
Trojan.Win32.Downware.cqmhdj
0.28.0.57029

Norman
Application.Bundler.InstallBrain.A
11.20160104

Panda Antivirus
PUP/Ibups
16.01.04.06

Quick Heal
TrojanDownloader.Brantall.b
1.16.12.00

Reason Heuristics
PUP.Performersoft.Bundler (M)
16.1.4.6

Rising Antivirus
PE:Trojan.DL.Win32.Brantall.a!1075356204
23.00.65.16102

Sophos
InstallBrain
4.96

SUPERAntiSpyware
Adware.InstallBrain/Variant
9406

Trend Micro House Call
HV_INSTALLBRAIN_CG0947FF.RDXN
7.2.4

Vba32 AntiVirus
Signed-AdWare.BrainInst.PerformersoftLLC
3.12.26.3

VIPRE Antivirus
InstallBrain
16540

Zillya! Antivirus
Adware.BrainInst.Win32.31
2.0.0.2024

File size:
555.8 KB (569,152 bytes)

Product version:
15.9.28.27

Copyright:
Copyright 2012

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\downloads\bestcodecspaclsetup.exe

Digital Signature
Signed by:
Performersoft LLC

Authority:
GoDaddy.com, Inc.

Valid from:
6/27/2012 2:28:03 PM

Valid to:
6/27/2015 2:28:03 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07DAC5F73C6773

File PE Metadata
Compilation timestamp:
3/28/2013 8:06:56 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:s9Khg/7ddVtGOl0vMZP2jp0Y5grBjjzoI7z:ocy0EV2t0ggrBvzo0z

Entry address:
0xCE6D

Entry point:
E8, 7B, 4F, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 90, 12, 42, 00, E8, 8D, 17, 00, 00, 6A, 0E, E8, 78, 51, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 10, 57, 42, 00, BA, 0C, 57, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 27, E8, FF, FF, 59, FF, 76, 04, E8, 1E, E8, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 7C, 17, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 44, 50, 00, 00, 59, C3, 66, 0F, EF, C0, 51, 53...
 
[+]

Entropy:
7.7820  (probably packed)

Code size:
106.5 KB (109,056 bytes)

The file bestcodecspaclsetup.exe has been seen being distributed by the following URL.

http://www.softologicsc.com/.../gk90y?exename=BestCodecsPaclSetup&cid=3777&tid=04_28427158_ceccd68e-96a3-4e8f-9714-ddc5dbf18093&224392=

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove bestcodecspaclsetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.