» free download manager793683.exe
Overview
Analysis
File Details
Network (3)

free download manager793683.exe

Installer

We Code Good Inc.

This is the Performersoft setup installer. The application free download manager793683.exe by We Code Good has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

We Code Good Inc. (signed and verified)

Product:

Installer

Version:

15.9.28.27

MD5:

d8f3660cf421fdf077ae3e3717b45a23

SHA-1:

af8c6ca79fcbc177834a9f2b5e6bd3c8a3bd2b58

SHA-256:

0d3cd05e0536588b06f72388b81f35e890b3d0bb70a9e0f40fbe409ce2d00ea2

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 11:28:10 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

1017

Agnitum Outpost

Trojan.Adware

7.1.1

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.145.12

AVG

Downloader.Generic13

2015.0.3495

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.570

Comodo Security

Application.Win32.InstallBrain.AU

18158

Dr.Web

Adware.Downware.1492

9.0.1.0114

ESET NOD32

Win32/InstallBrain.AS (variant)

8.9714

F-Secure

Application.Bundler.InstallBrain

11.2014-24-04_5

G Data

Application.Bundler.InstallBrain

14.4.24

IKARUS anti.virus

not-a-virus:AdWare.Win32.BrainInst

t3scan.1.6.1.0

Kaspersky

not-a-virus:HEUR:AdWare.Win32.BrainInst

14.0.0.3969

Malwarebytes

Adware.InstallBrain

v2014.04.24.04

McAfee

Artemis!D8F3660CF421

5600.7151

Microsoft Security Essentials

TrojanDownloader:Win32/Brantall.D

1.10502

MicroWorld eScan

Application.Bundler.InstallBrain.A

15.0.0.342

NANO AntiVirus

Riskware.Win32.BrainInst.crchst

0.28.0.59492

Panda Antivirus

Trj/Brantall.A

14.04.24.04

Quick Heal

TrojanDownloader.Brantall.A5

4.14.12.00

Reason Heuristics

PUP.Installer.WeCodeGood.BB

14.8.7.17

Sophos

InstallBrain

4.98

SUPERAntiSpyware

Adware.InstallBrain/Variant

10647

Total Defense

Win32/Tnega.NDWdWG

37.0.10895

Vba32 AntiVirus

AdWare.BrainInst

3.12.26.0

VIPRE Antivirus

InstallBrain

28560

File size:

701.8 KB (718,688 bytes)

Product version:

15.9.28.27

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Common path:

C:\users\{user}\appdata\local\temp\free download manager793683.exe

Digital Signature

Signed by:

We Code Good Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

11/1/2012 1:20:37 PM

Valid to:

11/1/2015 12:20:37 PM

Subject:

CN=We Code Good Inc., O=We Code Good Inc., L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4EEF3A85620395

File PE Metadata

Compilation timestamp:

9/20/2013 4:20:26 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:5VOIEjIWd1OTl4fpBzwkT/lENKeJuUaatBbmH7krGNwHpDwfEr1sw9mFLFn:55qQTlWzwkLOfJCatVv84+I59AFn

Entry address:

0xD6BD

Entry point:

E8, 62, 4C, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 24, 67, 42, 00, 00, 75, 18, E8, AD, 44, 00, 00, 6A, 1E, E8, F7, 42, 00, 00, 68, FF, 00, 00, 00, E8, 31, 26, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 24, 67, 42, 00, FF, 15, 58, B0, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 28, 67, 42, 00, 74, 0D, 53, E8, 81, 19, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 53, 19, 00, 00, 89, 30, E8, 4C, 19, 00, 00, 89... 
[+]

Entropy:

7.8356 (probably packed)

Code size:

104 KB (106,496 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove free download manager793683.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.