installer.exe
Installer
YellowSoft Inc
This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application installer.exe by YellowSoft Inc has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from stats-182385724-1591972470.us-east-1.elb.amazonaws.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
MD5:
8588a8257766482f17c023f66fd2e162
SHA-1:
4a9b7224ff7a974c8a080c83a9bf6835441be149
SHA-256:
f6da509255f6c1dbdc774f46b6b1ff1114b1b39cc18943e6f6d57cb925467c6a
Scanner detections:
1 / 68
Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.
Analysis date:
4/19/2024 11:50:59 AM UTC (today)
Scan engine
Detection
Engine version
Reason Heuristics
PUP.Installer.YellowSoft.J
14.8.7.20
File size:
595.2 KB (609,496 bytes)
Product version:
15.9.28.27
Original file name:
installer.exe
File type:
Executable application (Win32 EXE)
Language:
English (United States)
Common path:
C:\users\{user}\downloads\installer.exe
Authority:
GoDaddy.com, Inc.
Valid from:
9/11/2012 10:45:31 PM
Valid to:
9/11/2015 10:45:31 PM
Subject:
CN=YellowSoft Inc, O=YellowSoft Inc, L=Beaverton, S=OR, C=US
Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US
Serial number:
4EC8FFEF413CDC
Compilation timestamp:
2/26/2013 11:39:13 AM
Code size:
123.5 KB (126,464 bytes)
The file installer.exe has been seen being distributed by the following URL.
The executing file has been seen to make the following network communications in live environments.