home

freecodecpacksetup.exe

Installer

Performersoft LLC

This is the Performersoft setup installer. The application freecodecpacksetup.exe by Performersoft has been detected as a potentially unwanted program by 13 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. The file has been seen being downloaded from www.softologicsa.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Performersoft LLC  (signed and verified)

Product:
Installer

Version:
15.9.28.27

MD5:
43f3cf0f4865b74c45409d5a80d6a39e

SHA-1:
c2d2bacd2bb06c9004e9faa27659ba8dba465621

SHA-256:
4f4e044926aa6ac70d4c3516fbdabc8f9ea0c67b38005c45c53087f799cb4f1d

Scanner detections:
13 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 6:04:57 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
Downloader/Win32.Agent
2013.10.26

Avira AntiVirus
APPL/InstallBrain.Gen
7.11.109.104

Comodo Security
UnclassifiedMalware
17154

Dr.Web
Trojan.StartPage.56306
9.0.1.0195

ESET NOD32
Win32/InstallBrain.AW (variant)
8.8964

F-Secure
Trojan:W32/InstallBrain.A
11.2014-14-07_2

G Data
Win32.Application.InstallBrain
14.7.22

Kaspersky
not-a-virus:Downloader.Win32.Agent
14.0.0.3564

Malwarebytes
Adware.InstallBrain
v2014.07.14.03

McAfee
PUP-FDT!43F3CF0F4865
5600.7070

Reason Heuristics
PUP.Installer.Performersoft.S
14.8.7.22

Sophos
Generic PUA MC
4.94

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
22706

File size:
789.9 KB (808,832 bytes)

Product version:
15.9.28.27

Copyright:
Copyright 2012

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\downloads\freecodecpacksetup.exe

Digital Signature
Signed by:
Performersoft LLC

Authority:
GoDaddy.com, Inc.

Valid from:
6/28/2012 12:28:03 AM

Valid to:
6/28/2015 12:28:03 AM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07DAC5F73C6773

File PE Metadata
Compilation timestamp:
10/16/2013 1:09:15 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:S6PNTGh1k3P7vCIgScvLd2TOrm0OZfoj1i7Rd3Nmb:SeNTWI7fg5vLszRfojUL3Ub

Entry address:
0xC02D

Entry point:
E8, EE, 4B, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, C8, 45, 42, 00, 00, 75, 18, E8, 39, 44, 00, 00, 6A, 1E, E8, 83, 42, 00, 00, 68, FF, 00, 00, 00, E8, A9, 2B, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, C8, 45, 42, 00, FF, 15, 50, A0, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, CC, 45, 42, 00, 74, 0D, 53, E8, 11, 2A, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, E3, 29, 00, 00, 89, 30, E8, DC, 29, 00, 00, 89...
 
[+]

Code size:
98 KB (100,352 bytes)

The file freecodecpacksetup.exe has been seen being distributed by the following URL.

http://www.softologicsa.com/.../$otoGd5A3I04jgxI5?exename=FreeCodecPackSetup&cid=4258&lang=en

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove freecodecpacksetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.