home

codecperformersetup_vf7b5c9.exe

Forty Seven Tech Software LLC

This is the Performersoft setup installer. The application codecperformersetup_vf7b5c9.exe by Forty Seven Tech Software has been detected as adware by 16 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. The file has been seen being downloaded from www.humipapp.com and multiple other hosts.
Publisher:
Forty Seven Tech Software LLC  (signed and verified)

MD5:
0af0085f64707737ca08e6ff2db21fdf

SHA-1:
163efbcfdc386bdb7765f2e312ece3dabd3ab866

SHA-256:
f20de5058cfb077ea4478264464bd4ae9548c32d0d675e250739cdd5b6e6883c

Scanner detections:
16 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 9:18:24 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Downloader
14.04.12

avast!
Win32:Dropper-gen [Drp]
2014.9-140102

Dr.Web
Trojan.DownLoader9.5231
9.0.1.02

ESET NOD32
Win32/TinyExeGun (variant)
8.9239

IKARUS anti.virus
Virus.Win32.Dropper
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11684

Kaspersky
HEUR:Trojan-Downloader.Win32.Generic
14.0.0.4527

McAfee
Artemis!0AF0085F6470
5600.7262

NANO AntiVirus
Trojan.Win32.MLW.cufiqf
0.28.0.58873

Norman
DLoader.ATLZP
11.20140412

Reason Heuristics
PUP.Installer.FortySevenTechSoftware.BB
14.8.8.0

Sophos
Generic PUA BG
4.96

Total Defense
Win32/Tnega.PTFMNQB
37.0.10498

Trend Micro House Call
TROJ_GEN.F47V1219
7.2.2

VIPRE Antivirus
Adware.Win32.InstallBrain.a
28115

File size:
181.2 KB (185,576 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Common path:
C:\users\{user}\downloads\codecperformersetup_vf7b5c9.exe

Digital Signature
Signed by:
Forty Seven Tech Software LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/19/2013 2:13:53 AM

Valid to:
12/19/2016 2:13:53 AM

Subject:
CN=Forty Seven Tech Software LLC, O=Forty Seven Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27C178FAD33D6A

File PE Metadata
Compilation timestamp:
12/14/2013 9:47:26 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:Fs7HXJ2Jmv0NFFuUmiwJJlJldp5DWTBfSJnx0UmSS1Ge71wfSXy/oKKnRFm:FsXJ2m4FFuEwJtldHWTBKhx0PSQT71oB

Entry address:
0x88C2

Entry point:
E8, 18, 65, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 80, ED, 41, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 66, 65, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 8A, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF...
 
[+]

Entropy:
7.2298

Code size:
82.5 KB (84,480 bytes)

The file codecperformersetup_vf7b5c9.exe has been seen being distributed by the following 50 URLs.

http://www.humipapp.com/tiny/.../$p8M2V5A3ZV40oSIj?v=19&cid=4197&tid=U0Nk8J2itiXiTi-iPFgLDRUmffH52U9cFstqVtikhgN2b7KQVdJkQrKM9aZ2MCLsGht4G9BA9Lxoaesbv03P8WdD8xnLSBLYV06WEoNAnc_Ru1CHHiWdcWvBOI4eAf6XUDIZc3J9ysDmXKV6tfmWYEFNLibf3FwOWnpj7D9TCcQmmekdQispC3Y4OJc0nFIO3lZCvqfJ0DXBxuqsPEBwOPSrHJuxgVbKfBndQYDfL6Nohle_8m61VD-bV2v4p2rACeRBk8eVevCriNf1o00pkmk_8OqEQHpyuw7Wn01OWCS3uQypvVDKHedakG1r_Gr_HAjJ84b9RxsFXtDj-wz7t4JBb1G07I63nTUA4T-_3Rx8NymibyiVhOjqD18

http://www.humipapp.com/tiny/.../$rus2W5lsIQYpqiwW?v=28&cid=3975&clickid=0052083936385875212

http://www.apparil.com/tiny/.../$gMYPSJA3ZV40iBAA?v=19&cid=4197&tid=8hN0kwG1VzbdyCcbKbS6CkZP3DGNd56v-QtFatZ_w31bCUHxXKfTDVmutinbDy3fjYS7p4OyxYxVRk5yqh-UqKhT1vby9KvYODQh-2gw5e83Q3oTNxwAmVWOtLi-fA4M6jBUj64wk2by5gQ4u2_lmLTY6XWfnton9CINN7na_62K7lgLC9qe2-87bITj5Ataxk0FzP41lFGr9BmzkctvfXHI6SFQ1NGzYLlH5Ww8hXpGiy8r4gpXA8QBsquW9_CNd-GR0fhl8IVqZhVccK4u06PRL5WKVhJIx5mJ1hz1KWELwkA5kyMzJf17AOUm764NMA3CrkzVfoFfYjzq6KAMxkbEf99Nc9bJhChLByOp8ZiUvyIcxzD1B_zyqOqvgVqBQd_HiONgyn2cKT4

http://www.humipapp.com/tiny/.../$lMEqWJA3IkA5qisb?lang=fr&cid=4019&gclid=CNuQvfWqvbsCFbGWtAodpBoA1Q

http://www.humipapp.com/tiny/.../$utwAWJA3IkA5gwIU?lang=en&cid=4019&gclid=CKDpkKDX2LsCFa9cMgodpXEA2Q

http://www.humipapp.com/tiny/.../$tPwGQJA3ZV40kjYD?v=19&cid=4197&tid=2C4rXamtnlS8B6UKRMBe5DzOeJTWFsJiGE1KUTs-VIGQNJQkMQWv1X3QW1ufPXghvLrPPj00_yA5c4STuvdLRGffgyPoKFwvRzUPhQHTJlXENB4xLJlW73-EX_w3FjDBwXnrHhl-ZUt3nRXDtyRf1jMcD-ZpXgZogOCwR6Dsx8tXpHgV7gb8q8EUjk5mkoYwOgZVm9yvklMm1aKVQwPSDFAE8DkgAv1e7W_6_7oYNyTDtvG6EPBAgPKHQIv6l1IPQIiobOCordLho7vg_RbNmia1jc0rAoBqRNP8YXTEPfRYI4D1eTI2qgDH-ZFh8k67XzCX_0eMir8bCR9sWzizJmzVVL9mdbNeAwG9DWgfogrtrF7WQU_73006xUqDN2ePLplSqw

http://www.humipapp.com/tiny/.../$tNoqXpA3d1IitQU4?g=1&cid=4301&tid=nym1CKnPoOmtpejvORACGMqLruy46I_2JiIOMjAxLjI0Mi43OC4xNjEoAQ..

http://www.humipapp.com/tiny/.../$nOkIYJA3I04lgSIx?cid=4252&tid=EI_g2012244l562249s1362p284364t551621m2569324c7779841_644de4-29406dc7-ac45f42-3b9163be-a28fd925_ams1CITfqODmopaKfBACGK-Jg_rNs6fKBSIOODUuMTc3LjE1NC4yNDAoAQ..

http://www.humipapp.com/tiny/.../$mucJSplsIQYplzMf?v=18&cid=3975&clickid=0053633876427114814&a=1

http://www.humipapp.com/tiny/fst/.../?v=18&cid=3975&clickid=0052425506384322422&a=1

http://www.humipapp.com/tiny/fst/.../ryM9?cid=4263&tid=EI_g2112420l564827s95p296054t579930m2535710c7908052_3e84f1-892ab46b-b4cc8f6-1330028a-fc4fb9d_ams1CJaV8MqWuJPMfBACGJyTsZ75_euwLyIMNDEuMjMzLjk1LjY3KAE.

http://www.humipapp.com/tiny/.../$tecFb5lsIQYpvRMJ?v=18&cid=3975&clickid=0045187846426745775&a=1

http://www.humipapp.com/tiny/.../$gckPdJA3ZV40vQQK?v=24&cid=4197&tid=4VacmwPN3JAMJ4uFpKvaFgqw-hN7C37tYWN0C_5jRmBd0nrDPswTfhWgo4FfjbBMfPI93fsQV6eiZPhXKiHqZQeywU28nWqcXpHARKx4hw4LJqKviS8YZjGTOf18yALtpt44YbHpGHwQvMMrmbLrNU4gWPWgVxI5dsCYwu0KIdM27QH7wm430-zkHfGz2V6oR6nHrkg4_QL_04922VlNtw6RRjpFgF6dBpNdmrMLIAnqpzJ5I_8r1w-0q0opCT5mcqeJgTvp8TySLatb9d_aA-GL3dGsyu_OJ86ZWJn9SbHQXbSsUTyEVJ1jmrHzhFO7s2dOmcuuyZCCu4U1tttxwBiXGjXYE_4AJzblQG1HcEasub6hciCFl8M-xe_H90hUDAGDNnO5OgE

http://www.humipapp.com/tiny/.../$u8o8fpA3ZV40kS8C?v=19&cid=4197&tid=m3dA_jmRpdQRIrCL_boON2mGjvtA-GeAfh_i9m6uJOcIcj8PemKmB84ra0Ez3maTD1lrvAS-2hyi7zcPs9j4yhduD8jwNRRV2-NkYpuUWnX8rq0LY4fy9T7zAupI1NeIlOQ0iWTJwMFv_it3cE-NbvgDaWCXTalbzY-hBUHFtEO348-U-4hmY93qlEQqo1VWujIj1wtMxZG8s4Z7xvauSQOAsujXQK1Ma-DGkZWS6P93kNiqUdOgeo4zcdjYh8lxB4eU4kcWMBQgQA2EGhYEKo5h5Apb1fiUwPJCOg6AO8ME_jBGAqAMglqgqfcKwVAWJtga1Rk2_CI-GLN7iRnBgNxFpS64UMN0NbbfYOIQT7J8av6ckpj_LYuMI-xaoNfHRBs6IeiHShp4s90o2JIxfALHaK0ipxs

http://www.humipapp.com/tiny/.../$jd0gTpA3I15onCMy?v=1&cid=4286&clickid=0046810756465963270

http://www.humipapp.com/tiny/fst/.../YARJA3ZV5oszcu?v=19&cid=4196&tid=gAzjF-CyptkcUAw2CrpUr_6Bk6AiFvzhLrowL-yfu7Mj8nHLBHZpWtP1ooTz1PZqMOqaBXLz3173tN8Vjuj9QDqHdwsKaCT3UwcVB-mM-L8KqrSsnWOxtr9TxFacL-l5vV7qWH2gj_p7zMvJGkZaHvejqAIAyIAFw6OpCIYN0z3O2skOF0z5rG6ZWqM_oyMie02pFeKvx6ZmRIUaxA9XeynqU4WV-GA9n9CGioa3ybGhXaWwoj6yYbXOT3ey0IVW_Mzp4Cr1JqQC8jjN55S_wmtz-NfXeBzrga4oOaFuMygYUS9E8Vxs3f-69PrcQLSXqwd1SluBuNdjFg7ynf3tNDzkq7H6liKqjnvYEFmmzMzN0rfibX2bl2p758xVIZhKwDgkRA

http://www.humipapp.com/tiny/fst/.../d5lsIQYpnSg0?v=18&cid=3975&clickid=0053618836514664848&a=1

http://www.humipapp.com/tiny/.../$r94pfpA3I04xtTAs?v=7&cid=4257&tid=sin1CM3-l6awuK60DxACGLH04cu71L7MZiINMTgyLjUzLjEwLjIxMigB

http://www.humipapp.com/tiny/.../$hdcFXpA3I0UluAsb?v=18&cid=4225&clickid=00003199p6537995047&a=18

http://www.humipapp.com/tiny/.../$uvsrXZA3ZV40qwE3?v=17&cid=4197&tid=5YdfS0hKfTR46VeziTa682IxDr8qquPNjqjuLcugYmOQx2TF8ZmBkqD1KwwFPHwnngMzgraprkKOWKb90fMZdUk1nPaPeozrzSbCz5GzMpkIWK-2RwsHAcbEWUzTmtY_-LtkIskO-CNE5DqETl0uSqxRMqCqQhk7RUlD6AUr20WKvvHwSu-rvsvOYeCiYseocGI5lecPvSzEgGAR1_3WECpenvrP5yLl930ZSj3BPV4mIbFjeaoEOFMh4Ll_13RDe7vwM5CO7W_rn33ptDNlavmcI5DSVtXFry1Djp1XoH96TgfAbp2TgsXb6kXi14RpqfLkmEhp87Y2qkLirQ3wqe9ZhRfLCq3HHWa9tTtgAmJ7aLbo2SsfzX0gIw

http://www.humipapp.com/tiny/.../$hNQAeJA3d1IijjYC?g=1&cid=4301&tid=lax1CNv8rfTcraKKDhACGNHii6Hf_NSjHSINMTg3LjE5Mi42Mi44MygB

http://www.humipapp.com/tinydownload/.../PCPerformerSetup_v42b1d6.exe

http://www.humipapp.com/tinydownload/.../CodecPerformerSetup_vc00dbb.exe

http://www.humipapp.com/tiny/.../$peQ6Q5lsIQYptxQ1?v=18&cid=3975&clickid=0053799386380974988&a=1

http://www.humipapp.com/tinydownload/.../PDF6Setup_vfcd0c5.exe

http://www.humipapp.com/tinydownload/.../CodecPerformerSetup_v568bef.exe

http://www.humipapp.com/tiny/fst/.../?lang=en&cid=4259

http://www.humipapp.com/tiny/.../$ntQIT5A3IwZhoyMC?cid=4200&tid=EI_g1049999l516482s1357p150046t281854m2418268c7779309_598b5c-82438ac5-7948bda-f26c936-19bfad02_lax1CN2N8uz2v_3eRxACGMTp5L7AzqOhaiINOTkuMTc5LjE0MC41NygB

http://www.humipapp.com/tiny/.../$rsI4aJA3I0UluhM ?v=18&cid=4225&clickid=00003199p6551178147&a=18

http://www.humipapp.com/tinydownload/.../CodecPerformerSetup_vc0ca8d.exe

Latest 30 of 51 download URLs

Remove codecperformersetup_vf7b5c9.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.