» loader.dll
Overview
Analysis
File Details
Programs (1)

loader.dll

Application Manager

MediaTechSoft Inc.

This is the Performersoft setup installer. The module loader.dll by MediaTechSoft has been detected as adware by 15 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. This file is typically installed with the program BitGuard by MediaTechSoft Inc. which is a potentially unwanted software program. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

loader.dll

Publisher:

PerformerSoft LLC (signed by MediaTechSoft Inc.)

Product:

Application Manager

Version:

2,7,1,0

MD5:

37bd04088bdce15df2233a0bbb30b581

SHA-1:

f3592431ffd2ace6a8cf7662203db6e7ef9484ef

SHA-256:

2db08de8b897a7ba754e15872889787275c5227440abb4db87ec4d63f6dfdf40

Scanner detections:

15 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 4:34:00 PM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

Trojan/Win32.Rotbrow

2013.12.28

Avira AntiVirus

APPL/Adware.BProtector.H

7.11.122.120

AVG

Generic5

2014.0.3621

Bkav FE

W32.Clod685.Trojan

1.3.0.4613

Dr.Web

Adware.BGuard.45

9.0.1.0353

ESET NOD32

Win64/bProtector (variant)

7.9190

K7 AntiVirus

Riskware

13.174.10656

Malwarebytes

Rogue.InternetSecurityEssentials

v2013.12.19.06

McAfee

Artemis!37BD04088BDC

5600.7277

Microsoft Security Essentials

TrojanDropper:Win64/Rotbrow.H

1.165.247.01

Quick Heal

TrojanDropper.Rotbrow

12.13.12.00

Reason Heuristics

PUP.MediaTechSoft.G

14.8.8.2

Trend Micro House Call

TROJ_GEN.F47V1029

7.2.353

VIPRE Antivirus

InstallBrain

24834

XVirus List

Win64.Detected

2.8.8

File size:

1.9 MB (1,952,224 bytes)

Product version:

2,7,1,0

File type:

Dynamic link library (Win64 DLL)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\ProgramData\bitguard\2.7.1769.27\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\loader.dll

Digital Signature

Signed by:

MediaTechSoft Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

8/4/2013 10:09:22 AM

Valid to:

3/29/2016 7:18:00 PM

Subject:

CN=MediaTechSoft Inc., O=MediaTechSoft Inc., L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

047346D0687AB1

File PE Metadata

Compilation timestamp:

10/15/2013 3:58:57 PM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows Console

Linker version:

10.0

CTPH (ssdeep):

49152:S66Xvryn9yGJbPpw3FHvtqPg54Ai1v/eAF:Hvu4/eAF

Entry address:

0x57A4C

Entry point:

48, 89, 5C, 24, 08, 48, 89, 74, 24, 10, 57, 48, 83, EC, 20, 49, 8B, F8, 8B, DA, 48, 8B, F1, 83, FA, 01, 75, 05, E8, DF, A0, 00, 00, 4C, 8B, C7, 8B, D3, 48, 8B, CE, 48, 8B, 5C, 24, 30, 48, 8B, 74, 24, 38, 48, 83, C4, 20, 5F, E9, A7, FE, FF, FF, CC, CC, CC, 40, 53, 48, 83, EC, 20, 48, 8B, D9, C6, 41, 18, 00, 48, 85, D2, 75, 7F, E8, A1, 84, 00, 00, 48, 89, 43, 10, 48, 8B, 90, C0, 00, 00, 00, 48, 89, 13, 48, 8B, 88, B8, 00, 00, 00, 48, 89, 4B, 08, 48, 3B, 15, AD, 98, 13, 00, 74, 16, 8B, 80, C8, 00, 00, 00, 85... 
[+]

Code size:

1.1 MB (1,154,048 bytes)

The file loader.dll has been discovered within the following program.

BitGuard by MediaTechSoft Inc.

BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates (including web browser extensions deployed by PerformerSoft).

www.mediatechsoft.com/contact.html

74% remove it

Remove loader.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.