» ibsvc.exe
Overview
Analysis
File Details
Behaviors (1)
Network (2)

ibsvc.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application ibsvc.exe by Performersoft has been detected as a potentially unwanted program by 39 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. This is the uninstaller utility registered in the Windows Control Panel for the program Updater Service. During install, it bundles potentially unwanted software on a user's computer at the same time without adequate consent. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

ibsvc.exe

Publisher:

InstallBrain (signed by Performersoft LLC)

Product:

InstallBrain Installer

Version:

14,1,1,3

MD5:

4d6e0e8424245b53e61fe6bf66d0f46b

SHA-1:

4ef8ebd8d65921f50ed09f61c6225b116f37941b

SHA-256:

f78819d55547a821d09f05b1bff083704f957c2f50adfba56b94f4fc03e048cf

Scanner detections:

39 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Description:

This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:

4/19/2024 1:57:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

355

Agnitum Outpost

Trojan.Obfuscated

7.1.1

AhnLab V3 Security

PUP/Win32.BundleInstaller

2014.10.26

Avira AntiVirus

ADWARE/Adware.Gen

7.11.30.172

avast!

Adware-gen [Adw]

2014.9-160214

AVG

Adware InstallBrain.E

2017.0.2833

Baidu Antivirus

Adware.Win32.BrainInst

4.0.3.16214

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.225

Bkav FE

W32.Clod05d.Trojan

1.3.0.4959

Clam AntiVirus

Trojan.Agent-294202

0.98/21155

Comodo Security

ApplicUnwnt.Win32.AdWare.IBrain.B

18456

Dr.Web

Adware.Downware.281

9.0.1.045

Emsisoft Anti-Malware

Trojan.Win32.InstallBrain.AMN!A2

8.16.02.14.02

ESET NOD32

Win32/InstallBrain.AW potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

W32/Obfuscated.NEV!tr

2/14/2016

F-Prot

W32/IBrain.A.gen

v6.4.6.5.141

F-Secure

Application.Bundler.InstallBrain

11.2016-14-02_1

G Data

Application.Bundler.InstallBrain

16.2.24

IKARUS anti.virus

Trojan-Downloader.Win32.Brantall

t3scan.1.6.1.0

K7 AntiVirus

Trojan

13.1712333

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.662

Malwarebytes

Adware.InstallBrain

v2016.02.14.02

McAfee

Artemis!C6727CF3AF19

5600.6489

Microsoft Security Essentials

Threat.Undefined

1.175.1935.0

MicroWorld eScan

Application.Bundler.InstallBrain.A

17.0.0.135

NANO AntiVirus

Riskware.Win32.Downware.vpsbt

0.28.0.60253

nProtect

Trojan-Clicker/W32.BrainInst.373728

14.05.23.01

Panda Antivirus

PUP/Ibups

16.02.14.02

Qihoo 360 Security

Win32/Trojan.84e

1.0.0.1015

Quick Heal

TrojanDownloader.Brantall

2.16.12.00

Reason Heuristics

PUP.Performersoft.InstallBrain.Installer (M)

16.2.14.14

Rising Antivirus

PE:Trojan.Obfuscated!6.357

23.00.65.16212

Sophos

InstallBrain

4.94

SUPERAntiSpyware

Trojan.Agent/Gen-Obfuscator

9324

Total Defense

Win32/Tnega.aEfTZDD

37.0.10982

Trend Micro House Call

HV_INSTALLBRAIN_CA225D33.TOMC

7.2.45

Vba32 AntiVirus

Malware-Cryptor.Inject.gen

3.12.26.0

VIPRE Antivirus

Threat.4759033

29708

Zillya! Antivirus

Backdoor.Pigeon.Win32.880

2.0.0.1905

File size:

388.8 KB (398,136 bytes)

Product version:

14,1,1,3

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\ProgramData\ibupdaterservice\ibsvc.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

7/13/2011 10:38:26 AM

Valid to:

6/25/2012 3:20:46 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

277B96F94D20C1

File PE Metadata

Compilation timestamp:

4/27/2012 3:49:55 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:m805yHbwOUo6RwLfurlHiIsmyh5yCuCak3vSGo4cFpdc/eekNpoSHzeeG:T05OyrfRHiXhquv7Ypdc/eeqpoSTeeG

Entry address:

0x13DED0

Entry point:

60, BE, 00, 00, 4F, 00, 8D, BE, 00, 10, F1, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 0D, B2, 13, 00, 57, 83, C3, 04, 53, 68, BF, DE, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Code size:

316 KB (323,584 bytes)

Program Uninstaller

Program name:

Updater Service

Display version:

14,1,1,3

Uninstall string:

"C:\ProgramData\IBUpdaterService\ibsvc.exe" /UNINSTALL

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove ibsvc.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.