home

etype setup403515.exe

Installer

Performersoft LLC

This is the Performersoft setup installer. The application etype setup403515.exe by Performersoft has been detected as a potentially unwanted program by 35 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. This file is typically installed with the program Updater Service by PerformerSoft LLC which is a potentially unwanted software program. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. The file has been seen being downloaded from stats-182385724-1591972470.us-east-1.elb.amazonaws.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Performersoft LLC  (signed and verified)

Product:
Installer

Version:
14.12.8.9

MD5:
6ac968472b7c865fc96679e5fdb8b8de

SHA-1:
dbfaca4f1446adde4a1a14e989a6150c980f1115

SHA-256:
91215674942afbb4e4831f852dfce216aaaa2d0811b5e0c07c8e886580c0b76e

Scanner detections:
35 / 68

Status:
Potentially unwanted

Explanation:
May bundle additional potentially unwanted software such as adware during setup.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/25/2024 11:45:20 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.InstallBrain.A
6312761

Agnitum Outpost
Adware.BrainInst
7.1.1

AhnLab V3 Security
Win-PUP/InstallBrain
2015.03.28

avast!
Win32:InstallBrain-T [PUP]
150320-0

AVG
InstallBrain
2016.0.3157

Bitdefender
Application.Bundler.InstallBrain.A
1.0.20.435

Bkav FE
W32.HfsAdware
1.3.0.6379

Comodo Security
Application.Win32.InstallBrain.AI
21566

Dr.Web
Adware.Downware.1295
9.0.1.05190

Emsisoft Anti-Malware
Application.Bundler.InstallBrain
9.0.0.4799

ESET NOD32
Win32/InstallBrain.N potentially unwanted (variant)
9.11390

Fortinet FortiGate
Adware/InstallBrain.OP
3/28/2015

F-Prot
W32/IBrain.C.gen
4.6.5.141

F-Secure
Trojan:W32/InstallBrain.A
5.13.68

G Data
Application.Bundler.InstallBrain
15.3.25

K7 AntiVirus
Unwanted-Program
13.202.15410

Kaspersky
not-a-virus:AdWare.Win32.BrainInst
15.0.0.543

Malwarebytes
PUP.BundleInstaller.IB
v2015.03.28.08

McAfee
Program.Artemis!6AC968472B7C
16.8.708.2

Microsoft Security Essentials
Threat.Undefined
1.195.519.0

MicroWorld eScan
Application.Bundler.InstallBrain.A
16.0.0.261

NANO AntiVirus
Trojan.Win32.Downware2.bcidto
0.30.8.659

Norman
Application.Bundler.InstallBrain.A
03.12.2014 13:20:04

nProtect
Trojan-Clicker/W32.BrainInst.605952
15.03.27.01

Panda Antivirus
PUP/Ibups
15.03.28.08

Quick Heal
TrojanDownloader.Brantall.A5
3.15.14.00

Reason Heuristics
PUP.Installer.Performersoft.R
14.8.7.22

Rising Antivirus
PE:Trojan.DL.Win32.Brantall.a!1075356204
23.00.65.15326

Sophos
InstallBrain
4.98

SUPERAntiSpyware
Adware.InstallBrain/Variant
9970

Trend Micro House Call
TROJ_GEN.R0C1C0DJG14
7.2.87

Trend Micro
TROJ_GEN.R0C1C0DJG14
10.465.28

Vba32 AntiVirus
Signed-AdWare.BrainInst.PerformersoftLLC
3.12.26.3

VIPRE Antivirus
Threat.4759033
38552

Zillya! Antivirus
Adware.BrainInst.Win32.27
2.0.0.2119

File size:
591.8 KB (605,952 bytes)

Product version:
14.12.8.9

Copyright:
Copyright 2012

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\windows\temp\etype setup403515.exe

Digital Signature
Signed by:
Performersoft LLC

Authority:
GoDaddy.com, Inc.

Valid from:
6/27/2012 10:28:03 PM

Valid to:
6/27/2015 10:28:03 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07DAC5F73C6773

File PE Metadata
Compilation timestamp:
11/1/2012 4:50:44 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:BOhxlLGZaygq0qbYVu0o4ljMNImZ4oQOJ6+7KHU/FLlR6W83VLqd0:BbZaTqscYA+5n+u05ll831qd0

Entry address:
0xF931

Entry point:
E8, C3, 52, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 98, 52, 42, 00, E8, 19, 18, 00, 00, 6A, 0E, E8, C0, 54, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, DC, 98, 42, 00, BA, D8, 98, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 35, E7, FF, FF, 59, FF, 76, 04, E8, 2C, E7, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 08, 18, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 8C, 53, 00, 00, 59, C3, CC, CC, CC, CC, CC, 8B...
 
[+]

Code size:
122 KB (124,928 bytes)

The file etype setup403515.exe has been discovered within the following program.

Updater Service  by PerformerSoft LLC
The program creates a Windows Service under the name "IBUpdaterService" and display name of "Updater Service" which is run by the executable ibsvc.exe digitally signed by Performersoft LLC.
www.installbrain.com
83% remove it
 
Powered by Should I Remove It?

The file etype setup403515.exe has been seen being distributed by the following URL.

http://stats-182385724-1591972470.us-east-1.elb.amazonaws.com/.../gk6vm?exename=eTypeSetup&cid=140

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove etype setup403515.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.