» downloadmanagersetup.exe
Overview
Analysis
File Details
Downloads (1)
Network (3)

downloadmanagersetup.exe

Installer

We Code Good Inc.

This is the Performersoft setup installer. The application downloadmanagersetup.exe by We Code Good has been detected as adware by 37 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. The file has been seen being downloaded from www.softologicsa.com. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

We Code Good Inc. (signed and verified)

Product:

Installer

Version:

15.9.28.27

MD5:

e606894994d95a04ab909f3684746b41

SHA-1:

481aaf3589e787f8a70a7374a75c977ebe418fa0

SHA-256:

eeec9005a1fd97ac2a58a91e79abf23148eb03613eea2cd13326535b278d589d

Scanner detections:

37 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 5:24:29 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

426

Agnitum Outpost

Adware.Agent

7.1.1

AhnLab V3 Security

Adware/Win32.BrainInst

2015.10.27

Avira AntiVirus

PUA/InstallBrain.Gen

8.3.2.2

avast!

Win32:InstallBrain-AZ [PUP]

2014.9-151206

AVG

Skodna.Downloader

2016.0.2904

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.1700

Bkav FE

W32.HfsAdware

1.3.0.7383

Clam AntiVirus

Win.Adware.Installbrain-842

0.98/19460

Comodo Security

Application.Win32.InstallBrain.AN

23476

Dr.Web

Adware.Downware.1599

9.0.1.0340

Emsisoft Anti-Malware

Application.Bundler.InstallBrain

8.15.12.06.11

ESET NOD32

Win32/InstallBrain.BB potentially unwanted (variant)

9.12465

Fortinet FortiGate

Adware/Agent

12/6/2015

F-Prot

W32/A-f24df422

v6.4.7.1.166

F-Secure

Application.Bundler.InstallBrain

11.2015-06-12_1

G Data

Application.Bundler.InstallBrain

15.12.25

IKARUS anti.virus

not-a-virus:AdWare.Win32.BrainInst

t3scan.2.2.29

K7 AntiVirus

Trojan

13.212.17646

Kaspersky

not-a-virus:AdWare.Win32.Agent

14.0.0.1013

Malwarebytes

Adware.InstallBrain

v2015.12.06.11

McAfee

Artemis!32B4B4A5AA21

5600.6560

Microsoft Security Essentials

TrojanDownloader:Win32/Brantall!rfn

1.1.12205.0

MicroWorld eScan

Application.Bundler.InstallBrain.A

16.0.0.1020

NANO AntiVirus

Riskware.Win32.Agent.cqypmf

0.30.26.3947

Panda Antivirus

Trj/Brantall.A

15.12.06.11

Qihoo 360 Security

Win32/Virus.Adware.375

1.0.0.1015

Quick Heal

PUA.Wecodegood.Gen

12.15.14.00

Reason Heuristics

PUP.Performersoft.WeCodeGood.Bundler (M)

15.12.6.11

Rising Antivirus

PE:Malware.RDM.19!5.19[F1]

23.00.65.151204

Sophos

InstallBrain (PUA)

4.98

Total Defense

Win32/Tnega.QHPWPLC

37.1.62.1

Trend Micro House Call

TROJ_SPNV.03FJ14

7.2.340

Trend Micro

TROJ_SPNV.03FJ14

10.465.06

Vba32 AntiVirus

AdWare.Agent

3.12.26.4

VIPRE Antivirus

InstallBrain

44820

Zillya! Antivirus

Adware.Agent.Win32.8750

2.0.0.2474

File size:

702.3 KB (719,136 bytes)

Product version:

15.9.28.27

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\downloads\downloadmanagersetup.exe

Digital Signature

Signed by:

We Code Good Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

11/1/2012 1:20:37 PM

Valid to:

11/1/2015 12:20:37 PM

Subject:

CN=We Code Good Inc., O=We Code Good Inc., L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4EEF3A85620395

File PE Metadata

Compilation timestamp:

9/3/2013 2:51:48 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:BEGLNNedbx5+dOTBpQTngx0CudDQlK0URpdMsEUpCccZUMNWMQNGUWxG/LzCuU2C:zNeZxo4TBpQTgGCudDuKpqUwn8MQNGUU

Entry address:

0xC2CD

Entry point:

E8, 56, 53, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 28, 77, 42, 00, 00, 75, 18, E8, A1, 4B, 00, 00, 6A, 1E, E8, EB, 49, 00, 00, 68, FF, 00, 00, 00, E8, B1, 2F, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 28, 77, 42, 00, FF, 15, 48, C0, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 2C, 77, 42, 00, 74, 0D, 53, E8, C7, 2D, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 23, 1E, 00, 00, 89, 30, E8, 1C, 1E, 00, 00, 89... 
[+]

Entropy:

7.8277 (probably packed)

Code size:

107 KB (109,568 bytes)

The file downloadmanagersetup.exe has been seen being distributed by the following URL.

http://www.softologicsa.com/download/.../YkV5lsZAc1lzYd?exename=DownloadManagerSetup&cid=3683

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove downloadmanagersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.