home

сodec performer.exe

F11L Software Inc.

This is the Performersoft setup installer. The application сodec performer.exe by F11L Software has been detected as adware by 17 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. It is also typically executed from the user's temporary directory.
Publisher:
Codec Perforer  (signed by F11L Software Inc.)

Product:
Codec Perforer

Version:
15.4.3.16

MD5:
ec8f1a5b70a241739c38ccb712ccd182

SHA-1:
db732c87e244ca5d8dcfa921a1d2fb07d7c558e1

SHA-256:
771ac8d59fe75339a0252c373052e6189998f9bcd7795bf815f202a443627e5c

Scanner detections:
17 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/19/2024 4:03:04 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.Generic
2015.03.18

Avira AntiVirus
APPL/InstallBrain.Gen7
7.11.218.46

avast!
Win32:Trojan-gen
2014.9-150428

AVG
Win.Threat.Medium
2016.0.3125

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.iBryte.502
9.0.1.0118

ESET NOD32
Win32/InstallBrain.CY potentially unwanted application
9.7.0.302.0

herdProtect (fuzzy)
variant of setup.exe (Adware)
2015.7.28.20

IKARUS anti.virus
PUA.InstallBrain
t3scan.1.8.6.0

K7 AntiVirus
Unwanted-Program
13.202.15418

McAfee
Trojan.Artemis!DF250D0A2B6D
5600.6781

Panda Antivirus
Generic Suspicious
15.04.28.05

Reason Heuristics
Threat.Performersoft.Bundler
15.4.28.13

Sophos
PUA 'InstallBrain'
5.12

Vba32 AntiVirus
AdWare.InstallBrain
3.12.26.3

VIPRE Antivirus
Threat.4759033
38882

Zillya! Antivirus
Adware.InstallBrain.Win32.1
2.0.0.2121

File size:
982.6 KB (1,006,200 bytes)

Product version:
15.4.3.16

Copyright:
Copyright 2014

Original file name:
setup

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\?odec performer.exe

Digital Signature
Signed by:
F11L Software Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
12/17/2014 5:38:16 PM

Valid to:
12/17/2016 5:38:16 PM

Subject:
CN=F11L Software Inc., O=F11L Software Inc., L=Portland, S=Oregon, C=US

Issuer:
CN=Go Daddy Secure Certificate Authority - G2, OU=http://certs.godaddy.com/repository/, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
0485A1BD2C2019

File PE Metadata
Compilation timestamp:
3/30/2015 12:49:46 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:CRihB8qthv67VQGPkEurw09E27GlFD4bcAnkksARNl70tzBxuPaP+ZkOAjjA8B:/8qbiRQfJR9p7aD4AM7lg9CCP5fjjA8B

Entry address:
0x67FF

Entry point:
E8, 51, 41, 00, 00, E9, 89, FE, FF, FF, C7, 01, 14, 15, 41, 00, E9, C1, F9, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 14, 15, 41, 00, E8, AE, F9, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 0B, EF, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08, 51, 52, E8, 38, 19, 00, 00, 59, 59, 85, C0, 74, 04, 33, C0, EB, 24, F6, 06, 02, 74, 05, F6, 07, 08, 74, F2, 8B, 45, 10...
 
[+]

Code size:
62.5 KB (64,000 bytes)

Remove сodec performer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.