home

codecperformersetup_vbc1465.exe

White Tech Software LLC

This is the Performersoft setup installer. The application codecperformersetup_vbc1465.exe by White Tech Software has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from www.humipapp.com and multiple other hosts.
Publisher:
White Tech Software LLC  (signed and verified)

MD5:
4a16d417c4d756b71edddc8e601637fd

SHA-1:
16e2855c486256527c995e1880dea23ea3b741ff

SHA-256:
d0d86e6d68c369553b87667e756cb58ffa5a75f3f7c47022afbe1445829bacf4

Scanner detections:
17 / 68

Status:
Adware

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 2:34:01 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
2014.01.05

avast!
Win32:Dropper-gen [Drp]
2014.9-140105

Dr.Web
Trojan.DownLoader9.5231
9.0.1.0361

ESET NOD32
Win32/TinyExeGun (variant)
7.9250

IKARUS anti.virus
Virus.Win32.Dropper
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11684

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.4558

Malwarebytes
PUP.Optional.BundleInstaller.A
v2014.01.11.07

McAfee
Artemis!4A16D417C4D7
5600.7269

NANO AntiVirus
Trojan.Win32.MLW.cufiqf
0.28.0.58873

Norman
DLoader.ATLZP
11.20140111

Reason Heuristics
PUP.Installer.WhiteTechSoftware.BB
14.8.8.0

Sophos
Generic PUA BG
4.96

Total Defense
Win32/Tnega.PTFMNQB
37.0.10498

Trend Micro House Call
TROJ_GEN.F47V1220
7.2.361

VIPRE Antivirus
Adware.Win32.InstallBrain.a
25082

File size:
181.2 KB (185,568 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Common path:
C:\users\{user}\downloads\codecperformersetup_vbc1465.exe

Digital Signature
Signed by:
White Tech Software LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/19/2013 2:45:24 AM

Valid to:
12/19/2016 2:45:24 AM

Subject:
CN=White Tech Software LLC, O=White Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B6B265A389BA9

File PE Metadata
Compilation timestamp:
12/14/2013 10:17:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:Vs7HXJ2Jmv0NFFuUmiwJJlJldp5DWTBfSJnx0UmSS1Ge71wfSXy/oKKnRFP:VsXJ2m4FFuEwJtldHWTBKhx0PSQT71o8

Entry address:
0x88C2

Entry point:
E8, 18, 65, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 80, ED, 41, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 66, 65, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 8A, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF...
 
[+]

Entropy:
7.2298

Code size:
82.5 KB (84,480 bytes)

The file codecperformersetup_vbc1465.exe has been seen being distributed by the following 33 URLs.

http://www.humipapp.com/tiny/.../$uOkAXJA3I145shIp?lang=en&cid=4280

http://www.humipapp.com/tiny/.../$ueANa5A3I0IxkzAV?g=2&cid=4275&SourceId=366&CreativeId=4470607&SectionId=540491&tid=000109b45e6bab9c24cf0b0eba612088e281e

http://www.humipapp.com/tiny/wts/.../4ZVZA3ZUM5mCIU?cid=4154&clickid=0042072966530256996&dfpid=104102740

http://www.humipapp.com/tiny/.../$hd0lZpA3ZUMjvC05?cid=4159&clickid=0024092746520453907&dfpid=101102475

http://www.humipapp.com/tiny/.../$ls0vfpA3ZV40thEX?v=19&cid=4197&tid=DHrd3URblOKhePqeqXEXXPOSW-kuV6Ql4k4CGBt4UjU45r16jdtiZFTpo3UxIhzdMt165D1KBiiIQ776TU3Ug1cuqDwK4-8LMdKNrc40r_p1dxC3PnkEolcp3-_dWKnGBRgdkOj_UsFO9DOZ6q0PPK-4sz6RD4mpo-BzG-_Jmz1VnHpWayudm0kiAq_QGZliXjLH8nhDd-zy58_DshpwW6EeAM4Lk21Q7uOXiUCnZtuU8EFPI4iiwV65qvrMeDdxzXQwq-mGAykfCYb_iBzc5dvkkU2rLzSexchsCmVxBiEZGp-MPgnHvoBynoqlNHAZAGyxnbxA11_ji-Br4hOeUxfKiUkHW8ux9E02FK1BrjVbr7Fn4R0ExxUjLKV_2shsi2sRVZo

http://www.humipapp.com/tiny/.../$jeMUfJlscAcpkg8K?lang=en&cid=3867&gclid=CM6Z9sSYzLsCFbMbtAodBnIAJg

http://www.humipapp.com/tiny/.../$qv8LXpA3I0IxgSQb?g=2&cid=4275&SourceId=366&CreativeId=7191933&SectionId=374999&tid=000100995ba8354aa4eb5afbec32d07942721

http://www.humipapp.com/tiny/.../$nPg4YpA3IwZhuhYX?cid=4200&tid=EI_g1049999l516482s1357p150046t281854m1744647c7779319_688e60-4185d7c7-62934c3-3f11c4b8-1e793a04_nym1CNCo9deZ4KzdNxACGNPjxenz1L_nZCIMOTguMTkuNTYuMjIyKAE.

http://www.humipapp.com/tiny/.../$q UeQpA3I0IxmDAI?g=1&cid=4275&SourceId=366&CreativeId=7191966&SectionId=325761&tid=0000411983a491d754b02bc7ae601c04e853a

http://www.humipapp.com/tiny/.../$mdQ9e5A3ZV40nx8S?v=19&cid=4197&tid=slVRKM78xVJO08ChRb1olS4gCD6Gyz8xkYRviE0layD11dfE6k1JFKl_j2g6K-l0EVB1PGEJ_yIpbeOXXGgvG568DIDdl6Ayy1COLud2XPNNAdtasEKnJA2e6sbxWPOlAX4UY_qThJYAOzKCZRBnejiTYSNMV-gVvckULFLgcNwVS5xQizSqXGD1aRkaz3Z2FTlU4gdyRGG3MIQZwr6QGsG3ki0H_NT0x-_99c7fDdW9r4XGhTgkCPg65QKlchOEVfyFiW_VM7xgSMFZwq5ZYV7em7alXWRvGcUiBUGt-ZnR6oBhFjXvZC0uXD8zLKFa4jXptQGVwNwY_qoI4vRXzo_dkxhRcCuRkqGf49yp9eUnQL8axR90oOmf

http://www.humipapp.com/tiny/.../$vcYBfplsIQYpkC4g?v=18&cid=3975&clickid=0052425506456811013&a=1

http://www.humipapp.com/tiny/.../$qv8BYZA3d1Iiii8q?g=1&cid=4301&tid=ams1CPHknf70k9GKbxACGPaRjYzMrO3ODCIONzkuMTA2LjEwOS4yNDYoAQ..

http://www.humipapp.com/tiny/.../$ptw T5A3YE4jrggX?v=29&cid=4438&tid=NDA1Mnw2MzIwOHxVU3wzfDF8fA|7d19a3bd250d4dbcbfd5fa2976a13999

http://www.humipapp.com/tiny/.../$m 02ZplsIQYpvDYO?v=18&cid=3975&clickid=0048829156428723401&a=1

http://www.humipapp.com/tiny/.../$icA8eJlsIQYptC0f?v=18&cid=3975&clickid=0053617686515577680&a=1

http://www.humipapp.com/tiny/.../$lOAjQ5A3YENkggEN?v=17&cid=4422&tid=nym1COSZ8-_ryanAKxACGPujjOqk2sapaiIMNzEuODEuMzcuMjEzKAE.

http://www.humipapp.com/tinydownload/.../CodecPerformerSetup_ve29540.exe

http://www.humipapp.com/tiny/.../$iMsoWJA3I0UlgwAw?v=18&cid=4225&clickid=00003199p6499785284&a=18

http://www.humipapp.com/tinydownload/.../videoperformerSetup_v9351a4.exe

http://www.humipapp.com/tiny/.../$g8gZQZA3I04xvTcb?cid=4257&tid=sin1COL7hJeEkf_5YhACGMPt5_fYt8rFWSINMTE3LjIwMy41OS42MCgB

http://www.humipapp.com/tinydownload/.../FreeCodecPackSetup_vc428f4.exe

http://www.humipapp.com/tiny/.../$gcYNX5A3I04jlBMM?lang=en&cid=4258

http://www.humipapp.com/tiny/.../$tNcIXpA3ZV5ovh0i?v=19&cid=4196&tid=QgsltrJnoqij337CRd84jibgjY7o3EctvXigkIHmd4C-eCSOUPqooglLATiWo22eG7RnSZ7TuwCATosPN1Z7Fw7i9PQcPbHZva2NoQ8jh2dSuRmT3POYVIqM49it4s_NhHgYF4-DFJWrrKNhn8Dut3dinvQCDKX3TQDhtEYihAoT5JN3Khqi2X1YT-p5c_sWN1jc5lHfae3VXFC3lohDQ6ZJAIPWXGsUCHSLOvD53dCBv3livOwNiPtJlotlpUNk5hwhiOP2T5-8dX9YhhXtNZM60DPjyB2_G6sd9QoL9KztOEbpoV-fMD63OucGQrvbvtmtgJd_4L3Yaih3-MoCVGrMiBMye4nrrI3BgI7T8SjpSQDgTJOVAffIRON-sy3pG-BxpcNzGlqs6iUZB0jAEpow-PVXMYx2Rivxe8jGnFEyy4Q

http://www.humipapp.com/tinydownload/.../77ZipSetup_vb9d733.exe

http://www.humipapp.com/tiny/.../$mckNfplscAcpijc2?lang=en&cid=3867&gclid=CIP2-sWMxLsCFRBnOgodLlAAwQ

http://www.humipapp.com/tinydownload/.../CodecPerformerSetup_ve38e20.exe

http://www.humipapp.com/tiny/.../$uukqQ5A3I0UlsigZ?v=18&cid=4225&clickid=00003199p6520779505&a=18

http://www.humipapp.com/tiny/.../$iOMYf5A3IwM5vTIu?lang=en&cid=4262

http://www.humipapp.com/tinydownload/.../unZipExpressSetup_vce9396.exe

http://www.humipapp.com/tiny/.../$hMcHV5A3I0Uljw8c?v=18&cid=4225&clickid=00003199p6498143405&a=18

Latest 30 of 33 download URLs

Remove codecperformersetup_vbc1465.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.