» downloadmanagersetup.exe
Overview
Analysis
File Details
Network (3)

downloadmanagersetup.exe

Installer

We Code Good Inc.

This is the Performersoft setup installer. The application downloadmanagersetup.exe by We Code Good has been detected as adware by 28 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

We Code Good Inc. (signed and verified)

Product:

Installer

Version:

15.9.28.27

MD5:

a78c25e434d38eabe5617afcf47e6ae7

SHA-1:

021be176a11d30df131d0704b48483ea259b4e8a

SHA-256:

0af96c0c86ad091ea180b6c52fadca33129d5b662b8f10858cfe61f235b9da1a

Scanner detections:

28 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 9:00:29 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

857

Agnitum Outpost

Trojan.DL.Brantall

7.1.1

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.175.218

avast!

Win32:InstallBrain-AN [PUP]

140929-0

AVG

Trojan horse Downloader.Generic13.BQGG

2014.0.4025

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.1370

Clam AntiVirus

Win.Adware.Installbrain-842

0.98/19460

Comodo Security

Application.Win32.InstallBrain.AH

19659

Dr.Web

Adware.Downware.1458

9.0.1.05190

Emsisoft Anti-Malware

Application.Bundler.InstallBrain

14.10.01

ESET NOD32

Win32/InstallBrain.AP potentially unwanted application

7.0.302.0

F-Prot

W32/A-d5dfbac3

v6.4.7.1.166

F-Secure

Application.Bundler.InstallBrain

11.2014-01-10_4

G Data

Application.Bundler.InstallBrain

14.10.24

Kaspersky

not-a-virus:HEUR:AdWare.Win32.BrainInst

15.0.0.494

Malwarebytes

Adware.InstallBrain

v2014.10.01.12

Microsoft Security Essentials

Threat.Undefined

1.185.1680.0

MicroWorld eScan

Application.Bundler.InstallBrain.A

15.0.0.822

NANO AntiVirus

Riskware.Win32.BrainInst.cqttfb

0.28.2.62440

Panda Antivirus

Trj/Brantall.A

14.10.01.12

Qihoo 360 Security

Win32/Virus.Adware.375

1.0.0.1015

Quick Heal

TrojanDownloader.Brantall.A5

10.14.14.00

Reason Heuristics

PUP.Installer.WeCodeGood.U

14.10.1.0

Sophos

InstallBrain

4.98

Total Defense

Win32/Tnega.LVcHJRC

37.0.11207

Vba32 AntiVirus

TrojanDownloader.BrainInst

3.12.26.3

VIPRE Antivirus

Threat.4759033

33520

Zillya! Antivirus

Downloader.BrainInst.Win32.9

2.0.0.1939

File size:

702.4 KB (719,232 bytes)

Product version:

15.9.28.27

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\downloads\downloadmanagersetup.exe

Digital Signature

Signed by:

We Code Good Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

11/1/2012 1:20:37 PM

Valid to:

11/1/2015 12:20:37 PM

Subject:

CN=We Code Good Inc., O=We Code Good Inc., L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4EEF3A85620395

File PE Metadata

Compilation timestamp:

9/3/2013 2:51:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:kEGLNNedbx5+dOTBpQTngx0CudDQlK0URpdMsEUpCccZUMNWMQNGUWxG/LzCuU2J:YNeZxo4TBpQTgGCudDuKpqUwn8MQNGU7

Entry address:

0xC2CD

Entry point:

E8, 56, 53, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 28, 77, 42, 00, 00, 75, 18, E8, A1, 4B, 00, 00, 6A, 1E, E8, EB, 49, 00, 00, 68, FF, 00, 00, 00, E8, B1, 2F, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 28, 77, 42, 00, FF, 15, 48, C0, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 2C, 77, 42, 00, 74, 0D, 53, E8, C7, 2D, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 23, 1E, 00, 00, 89, 30, E8, 1C, 1E, 00, 00, 89... 
[+]

Entropy:

7.8276 (probably packed)

Code size:

107 KB (109,568 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove downloadmanagersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.