» etype_setuppib.exe
Overview
Analysis
File Details
Behaviors (2)
Programs (1)
Downloads (2)
Network (3)

etype_setuppib.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application etype_setuppib.exe by Performersoft has been detected as a potentially unwanted program by 14 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. It runs as a windows Service named “Updater Service”. This file is typically installed with the program Updater Service by PerformerSoft LLC which is a potentially unwanted software program. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent.

File name:

etype_setuppib.exe

Publisher:

InstallBrain (signed by Performersoft LLC)

Product:

InstallBrain Installer

Version:

14,1,1,4

MD5:

1ac0f3eab7c1d72515847084cc86258f

SHA-1:

8c44781e2758ef1e17c891e59bbca703f44a66ff

SHA-256:

999622b4dfbf32f03783d16531123c10193643f956fa46b7d5a7ed8162155139

Scanner detections:

14 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 8:14:58 PM UTC (today)

Scan engine

Detection

Engine version

Avira AntiVirus

APPL/InstallBrain.Gen5

7.11.98.18

Comodo Security

ApplicUnwnt.Win32.AdWare.IBrain.C

16816

Dr.Web

Adware.Downware.1295

9.0.1.0358

ESET NOD32

Win32/InstallBrain

7.8723

Fortinet FortiGate

Adware/InstallBrain.OP

12/24/2013

F-Prot

W32/IBrain.B.gen

v6.4.7.1.166

K7 AntiVirus

Unwanted-Program

13.170.9377

Malwarebytes

PUP.BundleInstaller.IB

v2013.12.24.04

MicroWorld eScan

Win32:PUP-gen [PUP]

14.0.0.1074

NANO AntiVirus

Trojan.Win32.Downware.bdczug

0.26.0.53954

Reason Heuristics

PUP.Service.Performersoft.O

14.8.7.22

Sophos

InstallBrain

4.91

Trend Micro House Call

TROJ_GEN.RCBH1J5

7.2.358

VIPRE Antivirus

InstallBrain

20836

File size:

541.2 KB (554,176 bytes)

Product version:

14,1,1,4

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\documents and settings\dlamel\mes documents\downloads\programs\etype_setuppib.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

7/13/2011 2:38:26 PM

Valid to:

6/25/2012 7:20:46 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

OID.2.5.4.5=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

277B96F94D20C1

File PE Metadata

Compilation timestamp:

6/15/2012 5:51:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:5U1XYfHfNEj5A6Q8wzKnqepaN8hLp1yS0uddOdckmAJItBnTbrINa1H5toFsH9Ad:OXYfH2j5DNMiXQ7dZgttTRrHfT3A2nE

Entry address:

0xC7E7

Entry point:

E8, BA, 34, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, C8, C0, 41, 00, 00, 75, 18, E8, 05, 2D, 00, 00, 6A, 1E, E8, 4F, 2B, 00, 00, 68, FF, 00, 00, 00, E8, 13, 26, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, C8, C0, 41, 00, FF, 15, D8, 60, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, EC, C0, 41, 00, 74, 0D, 53, E8, 2B, 19, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 05, 03, 00, 00, 89, 30, E8, FE, 02, 00, 00, 89... 
[+]

Code size:

82 KB (83,968 bytes)

Service

Display name:

Updater Service

Service name:

IBUpdaterService

Type:

Win32ShareProcess

Windows Firewall Allowed Program

Name:

C:\Documents and Settings\DLAMEL\Mes documents\Downloads\Programs\etype_setuppib.exe

The file etype_setuppib.exe has been discovered within the following program.

Updater Service by PerformerSoft LLC

The program creates a Windows Service under the name "IBUpdaterService" and display name of "Updater Service" which is run by the executable ibsvc.exe digitally signed by Performersoft LLC.

www.installbrain.com

83% remove it

The file etype_setuppib.exe has been seen being distributed by the following 2 URLs.

http://version.etype.com/.../etype_setuppib.exe#

http://version.etype.com/.../etype_setuppib.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove etype_setuppib.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.