» etype setup403515.exe
Overview
Analysis
File Details
Programs (1)
Downloads (1)
Network (3)

etype setup403515.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application etype setup403515.exe by Performersoft has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. This file is typically installed with the program Updater Service by PerformerSoft LLC which is a potentially unwanted software program. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

Publisher:

InstallBrain (signed by Performersoft LLC)

Product:

InstallBrain Installer

Version:

14,1,1,3

MD5:

9f0230b9ee5d5cf1863c08e46b152bfa

SHA-1:

dfa00ca0902a2fd196938fe7824f59f6240e9dac

SHA-256:

4fc81384cee71bf4827ef753c09b5b977973ace959d081e38f2608d87c5ea214

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/19/2024 8:32:42 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.126.140

Bkav FE

W32.Clod5a0.Trojan

1.3.0.4923

Comodo Security

ApplicUnwnt.Win32.AdWare.IBrain.B

17657

Dr.Web

Adware.Downware.281

9.0.1.025

ESET NOD32

Win32/InstallBrain.AW (variant)

8.9325

Fortinet FortiGate

W32/BrainInst.AW!tr.dldr

1/25/2014

F-Prot

W32/IBrain.B.gen

v6.4.7.1.166

IKARUS anti.virus

APPL

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.175.10926

Kaspersky

Trojan-Downloader.Win32.BrainInst

14.0.0.4414

Malwarebytes

Adware.InstallBrain

v2014.01.25.04

McAfee

Artemis!9F0230B9EE5D

5600.7240

Microsoft Security Essentials

TrojanDownloader:Win32/Brantall.B

1.165.247.01

Panda Antivirus

PUP/Ibups

14.01.25.04

Quick Heal

TrojanDownloader.Brantall.b

1.14.12.00

Reason Heuristics

PUP.Installer.Performersoft.R

14.8.7.22

Sophos

InstallBrain

4.97

Trend Micro House Call

TROJ_GEN.R0CBC0DJP13

7.2.25

Trend Micro

TROJ_GEN.R0CBC0DJP13

10.465.25

VIPRE Antivirus

InstallBrain

25696

File size:

389.1 KB (398,392 bytes)

Product version:

14,1,1,3

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\etype setup403515.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

7/13/2011 1:38:26 PM

Valid to:

6/25/2012 6:20:46 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

277B96F94D20C1

File PE Metadata

Compilation timestamp:

4/29/2012 8:31:06 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:5ni2XRmsGL7qtldpC8DpjyDei9jJyg/Yx10zCMJB7v4VPkntCGoST9em/:5nrBo7gFHi9j4g/BCMJKctToSZem/

Entry address:

0x13D0A0

Entry point:

60, BE, 00, F0, 4E, 00, 8D, BE, 00, 20, F1, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 0A, B2, 13, 00, 57, 83, C3, 04, 53, 68, 95, E0, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

316 KB (323,584 bytes)

The file etype setup403515.exe has been discovered within the following program.

Updater Service by PerformerSoft LLC

The program creates a Windows Service under the name "IBUpdaterService" and display name of "Updater Service" which is run by the executable ibsvc.exe digitally signed by Performersoft LLC.

www.installbrain.com

83% remove it

The file etype setup403515.exe has been seen being distributed by the following URL.

http://version.etype.com/.../etype_setup.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove etype setup403515.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.