home

ibsvc.exe

Softango Download Manager

Softango Inc.

This is the Performersoft setup installer. The application ibsvc.exe by Softango has been detected as adware by 24 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. It runs as a windows Service named “Updater Service”. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Softango  (signed by Softango Inc.)

Product:
Softango Download Manager

Version:
15.9.28.27

MD5:
bd03d18db277913a630eac186d393f73

SHA-1:
3dc8924b29979e661512aee8f6461cc4bef662cb

SHA-256:
47d8262cc6c0af20390b28da465101bb9a5b94aba8fe52193e60ef5ae3c42f9b

Scanner detections:
24 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/24/2024 6:04:48 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.InstallBrain.A
898

Agnitum Outpost
Adware.BrainInst
7.1.1

AhnLab V3 Security
PUP/Win32.BrainInst
2014.08.21

Avira AntiVirus
APPL/InstallBrain.Gen
7.11.168.126

avast!
Win32:Installer-O [PUP]
140813-1

AVG
Trojan horse Downloader.Generic13.BPZH
2014.0.3986

Bitdefender
Application.Bundler.InstallBrain.A
1.0.20.1165

Comodo Security
Application.Win32.InstallBrain.AY
19262

Dr.Web
Adware.Downware.1295
9.0.1.05190

ESET NOD32
Win32/InstallBrain.AA potentially unwanted application
7.0.302.0

F-Prot
W32/IBrain.D.gen
4.6.5.141

G Data
Application.Bundler.InstallBrain
14.8.24

IKARUS anti.virus
PUA.Filescout
t3scan.1.7.5.0

Kaspersky
not-a-virus:AdWare.Win32.BrainInst
15.0.0.494

Malwarebytes
PUP.Optional.Softango.A
v2014.08.21.11

Microsoft Security Essentials
Threat.Undefined
1.181.222.0

MicroWorld eScan
Application.Bundler.InstallBrain.A
15.0.0.699

NANO AntiVirus
Trojan.Win32.Downware.cqxpgy
0.28.2.61721

Quick Heal
TrojanDownloader.Brantall.A5
8.14.14.00

Reason Heuristics
PUP.Softango.F
14.8.21.3

Sophos
InstallBrain
4.98

Vba32 AntiVirus
AdWare.BrainInst
3.12.26.3

VIPRE Antivirus
Threat.4759033
32210

Zillya! Antivirus
Adware.BrainInst.Win32.63
2.0.0.1897

File size:
579.3 KB (593,176 bytes)

Product version:
15.9.28.27

Copyright:
Copyright 2012

Original file name:
Softango_Download_Manager.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\ProgramData\ibupdaterservice\ibsvc.exe

Digital Signature
Signed by:
Softango Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
3/29/2013 6:18:12 PM

Valid to:
3/29/2016 7:18:12 PM

Subject:
CN=Softango Inc., O=Softango Inc., L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07B9F930CBBB4F

File PE Metadata
Compilation timestamp:
5/16/2013 3:22:10 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:8k6WxXcEOClIKZnpcCFKRfyLF72qr+vKTHKfY2MlNcr2KrMesK3bjoew:8eBwkLcG+2P2MDe2KrMesCbsew

Entry address:
0x1108D

Entry point:
E8, 89, 41, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, A0, 30, 42, 00, E8, ED, 17, 00, 00, 6A, 0E, E8, 86, 43, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 8C, 74, 42, 00, BA, 88, 74, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, D7, EA, FF, FF, 59, FF, 76, 04, E8, CE, EA, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, DC, 17, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 52, 42, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Code size:
114.5 KB (117,248 bytes)

Service
Display name:
Updater Service

Service name:
IBUpdaterService

Type:
Win32ShareProcess


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove ibsvc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.