» codecperformersetup_vfcf034.exe
Overview
Analysis
File Details
Downloads (52)

codecperformersetup_vfcf034.exe

Giraffe Tech Software LLC

This is the Performersoft setup installer. The application codecperformersetup_vfcf034.exe by Giraffe Tech Software has been detected as adware by 20 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. The file has been seen being downloaded from www.humipapp.com and multiple other hosts.

File name:

Publisher:

Giraffe Tech Software LLC (signed and verified)

MD5:

7befd7b4226faa992282247b08b311d8

SHA-1:

338330608e87ee43b3dc8b8eb2cd47e5aeb5913e

SHA-256:

b297f316f9d57ab8c2ccc39f77f87cd6b9446ab81ce9a39ea8d9c0e590615389

Scanner detections:

20 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 4:40:50 PM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Riskware.Agent

7.1.1

AhnLab V3 Security

PUP/Win32.Downloader

2014.01.10

avast!

Win32:Dropper-gen [Drp]

2014.9-140101

Bkav FE

W32.Clode46.Trojan

1.3.0.4613

Dr.Web

Trojan.DownLoader9.5231

9.0.1.01

ESET NOD32

Win32/TinyExeGun (variant)

8.9273

IKARUS anti.virus

Virus.Win32.Dropper

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.176.11595

Kaspersky

HEUR:Trojan-Downloader.Win32.Generic

14.0.0.4531

Malwarebytes

PUP.Optional.InstallBrain.A

v2014.04.12.12

McAfee

Artemis!7BEFD7B4226F

5600.7263

NANO AntiVirus

Trojan.Win32.MLW.cufiqf

0.28.0.58720

Norman

DLoader.ATLZP

11.20140116

Reason Heuristics

PUP.Installer.GiraffeTechSoftware.BB

14.8.8.0

Sophos

Generic PUA DD

4.96

Total Defense

Win32/Tnega.PTFMNQB

37.0.10498

Trend Micro House Call

ADW_INSTALLBRAIN

7.2.1

Trend Micro

ADW_INSTALLBRAIN

10.465.01

VIPRE Antivirus

Adware.Win32.InstallBrain.a

25280

XVirus List

Win32.Detected

2.8.8

File size:

181.2 KB (185,568 bytes)

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Common path:

C:\users\{user}\downloads\codecperformersetup_vfcf034.exe

Digital Signature

Signed by:

Giraffe Tech Software LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/18/2013 10:14:32 PM

Valid to:

12/18/2016 10:14:32 PM

Subject:

CN=Giraffe Tech Software LLC, O=Giraffe Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27F9CD848ABDA8

File PE Metadata

Compilation timestamp:

12/14/2013 5:47:26 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:Ts7HXJ2Jmv0NFFuUmiwJJlJldp5DWTBfSJnx0UmSS1Ge71wfSXy/oKKnRFRV:TsXJ2m4FFuEwJtldHWTBKhx0PSQT71os

Entry address:

0x88C2

Entry point:

E8, 18, 65, 00, 00, E9, 89, FE, FF, FF, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A0, 01, 00, 00, 81, F9, 80, 00, 00, 00, 72, 1C, 83, 3D, 80, ED, 41, 00, 00, 74, 13, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 05, E9, 66, 65, 00, 00, F7, C7, 03, 00, 00, 00, 75, 14, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 29, F3, A5, FF, 24, 95, 40, 8A, 40, 00, 8B, C7, BA, 03, 00, 00, 00, 83, E9, 04, 72, 0C, 83, E0, 03, 03, C8, FF... 
[+]

Code size:

82.5 KB (84,480 bytes)

The file codecperformersetup_vfcf034.exe has been seen being distributed by the following 50 URLs.

http://www.humipapp.com/tiny/gts/.../dJA3ZV40vCwD?v=19&cid=4197&tid=TqGmT0xdB7zZyAj6nV9Hy7zgPQPl_NHhDluop1Kn2dpSGuH4KFQr3hysxYvZ2aMHFtJiE7xP3ICKRaN8eAfhGnsW7xy5tQZqGvTeXrhFOXLhuI6vSHkndVESYCdr-R9J64j3t4HrY-BeobrmXJSELjIn3ZYZ53REP6MLBpDuc7rfmAsPDULXwjO8Py5-5_MzfP25LkybU9Vofy_8uXdbFyZnxVqNdDWpufT5Nrummgog3uDUHKf6huPdXlmfSh6so7HI4fJe_G45xTM3UMJeGCJrmum5r5a-Um4YZMp8JRoLLnUfgqF9ARZJ4myCow0pIR0fW5B20kQ16htfhRqLDdOKeEYF1u4gKoj26qsFmcp7pQ99qKOn0ETTXrKr3a8lWc5VXZhz8ZNONHuBZVtK9EwnVppQj0vay1Jp

http://www.humipapp.com/tiny/gts/.../apA3ZU4gmAgd?v=7&cid=4165&clickid=00002706p6390988940&orig_client=PLYMEDIAAPNX1-6714

http://www.humipapp.com/tiny/.../$nt0pZplsIQYpvxcY?v=18&cid=3975&clickid=0020364296416912786&a=1

http://www.humipapp.com/tiny/.../$teknepA3I145lhMS?lang=en&cid=4280

http://www.humipapp.com/tiny/.../$nv4nXZA3ZV4xrig ?cid=4194&tid=EI_g1049999l519483s1357p150046t281854m2597389c7515400_6ac4bc-fcba599c-afed658-3d36d1e4-2eb380e8_ams1CNC2hrCt3ISlTRACGO6f09iAkLb7ByIPMTU5LjIyNC4xMjUuMTM2KAE.

http://www.humipapp.com/tiny/.../$ve0jSJA3I04lvyAS?cid=4252&tid=EI_g2012244l562249s1362p284364t551621m2569324c7779841_644de4-7207ca8b-ac45f65-3b916399-a28fd902_ams1CITfqODmopaKfBACGK-Jg_rNs6fKBSIOODUuMTc3LjE1NC4yNDAoAQ..

http://www.humipapp.com/tiny/gts/.../Q eJA3I0UlqRUx?v=18&cid=4225&clickid=00003199p6490191424&a=18

http://www.humipapp.com/tiny/.../$g MJS5A3I0UliTUf?v=18&cid=4225&clickid=00003199p6550237617&a=18

http://www.humipapp.com/tiny/.../$hMc4d5A3IkA5jBYi?lang=fr&cid=4019&gclid=CJyT2eCz2LsCFbMbtAodBnIAJg

http://www.humipapp.com/tiny/.../$ruM5bpA3I04jjgoU?lang=en&cid=4258

http://www.humipapp.com/tiny/.../$idceQZA3I0IxuiMy?g=1&cid=4275&SourceId=366&CreativeId=7191933&SectionId=374999&tid=00003e4563616df7a432e97caf9b6b3b39b11

http://www.humipapp.com/tiny/.../$lfgFT5A3I0IxrCY2?g=1&cid=4275&SourceId=366&CreativeId=7191805&SectionId=474800&tid=00010da0ff88050a4448aad48a84e847eb283

http://www.humipapp.com/tiny/.../$oNQFaplsIQYplAMy?v=18&cid=3975&clickid=0053958086373802111&a=1

http://www.humipapp.com/tiny/.../$vdgMe5A3ZV40nzIy?v=19&cid=4197&tid=T5j6zNnYvUxNUwoRf9uHOc2WlK6SuTYUt_QG0v4I8rBCbVhuKaEA7pHPNaSQEHXTqIqoYuwXqAmQf_SnFq11s0gIp1L1nNATmU4SLpge7p16OWkBn1LOeNcbkCw_RZKFvaH9jHHDWjsMbA0_1kGxPkGQrVlIPGzRbx-uhCLj6i-OhCAc3dB2dN1YaO5PN_mqQ_r9HICk0QfaRi08Ddx4c4C9ZIkZAhFfwgmldcbLa9HukP0660wzB0GSKsYbJs3CeiNgMNqXz7rPE-sU4NnHaBNwtR1abVWoQzvAmT0IHfFQMils2rqHOQ-9IT-vCLXzWBaeBB00hzpqAoPQkm_HG3GIJPlFkQtDuh2RNns9N7-IkajDVuPEjLmB3so

http://www.humipapp.com/tinydownload/.../PCPerformerSetup_v4e458c.exe

http://www.humipapp.com/tiny/.../$teUEbJA3I04jlQgi?lang=en&cid=4258

http://www.humipapp.com/tiny/.../$p8kIRJA3I04lrAYj?cid=4252&tid=EI_g2012244l553729s1362p284364t551621m2568520c7779596_5c4799-4e370c9-7134160-327c12cc-a9add9d2_nym1COLtlqubsrTpFxACGOGBj-Gjm63ZdiIOMjA1LjIwNi4zMS4xNzIoAQ..

http://www.humipapp.com/tiny/.../$ge8pWpA3I04xij8V?v=7&cid=4257&tid=sin1CIvxnd6euqfJdRACGMKz16i7vp2gRSINMTE1Ljg3LjExMi4xMCgB

http://www.humipapp.com/tiny/.../$teslX5A3IwZhmhQA?cid=4200&tid=EI_g1049999l516482s1357p150046t281854m2418268c7779309_446f81-fed03678-eb5fda2-157b7159-19c47f7a_lax1CIysxLroo4u4TRACGM_70qXy5Je9XCIKNjcuMS4yMDMuMygB

http://www.humipapp.com/tinydownload/.../PCPerformerSetup_v5cd97f.exe

http://www.humipapp.com/tiny/gts/.../kjMX?cid=4263&tid=EI_g1406719l605714s1906p205281t364197m2469292c8300370_538446-19f6ca8-afffd6f-5271544-6ab729ad_fra1CMHc6e7Ip9nobRACGIzVoP_U6f_0dSINMzEuMjE3LjMzLjIyNSgB

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_v92fc8c.exe

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_v52b8fe.exe

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_vedb675.exe

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_v6dfbb5.exe

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_vf52993.exe

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_v0b615c.exe

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_vfc5594.exe

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_v3c2fe2.exe

http://www.appfusu.com/tinydownload/.../VideoPerformerSetup_v9a9749.exe

Latest 30 of 52 download URLs

Remove codecperformersetup_vfcf034.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.