» сodec performer803975.exe
Overview
Analysis
File Details

сodec performer803975.exe

Forty Seven Tech Software LLC

This is the Performersoft setup installer. The application сodec performer803975.exe by Forty Seven Tech Software has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. It is also typically executed from the user's temporary directory.

File name:

Publisher:

CodecPerformer (signed by Forty Seven Tech Software LLC)

Product:

CodecPerformer

Version:

14.10.3.4

MD5:

58e061793c3f8b773f48f426267c9ade

SHA-1:

003c97bbd126da0cf7ff96e7eeb36e92c1b22f58

SHA-256:

2c45bfc6df423c5ca4a751fa52f1633f9a92212d0a993ecb6c00b9ce66afdbfb

Scanner detections:

32 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/19/2024 3:26:53 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.E

368

Agnitum Outpost

PUA.BrainInst

7.1.1

AhnLab V3 Security

PUP/Win32.InstallBrain

2014.10.02

Avira AntiVirus

ADWARE/InstallBrain.Gen

7.11.175.234

avast!

InstallBrain-BP [PUP]

2014.9-160201

AVG

Adware InstallBrain

2017.0.2846

Bitdefender

Application.Bundler.InstallBrain.E

1.0.20.160

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Installbrain-2195

0.98/20456

Comodo Security

Application.Win32.InstallBrain.GA

21587

Dr.Web

Trojan.DownLoader11.36243

9.0.1.032

Emsisoft Anti-Malware

Application.Bundler.InstallBrain

8.16.02.01.05

ESET NOD32

Win32/InstallBrain.CQ potentially unwanted application

10.7.0.302.0

F-Prot

W32/A-3442f84d

v6.4.7.1.166

F-Secure

Application.Bundler.InstallBrain

11.2016-01-02_2

G Data

Application.Bundler.InstallBrain

16.2.24

IKARUS anti.virus

PUA.InstallBrain

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.185.13789

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.726

Malwarebytes

PUP.Optional.InstallBrain

v2016.02.01.05

MicroWorld eScan

Application.Bundler.InstallBrain.E

17.0.0.96

NANO AntiVirus

Trojan.Win32.DownLoader11.dmvzyi

0.30.8.659

Norman

Application.Bundler.InstallBrain.E

11.20160201

nProtect

Trojan-Clicker/W32.BrainInst.1273896

14.11.06.01

Panda Antivirus

Trj/Genetic.gen

16.02.01.05

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Quick Heal

PUA.Fortyseven.Gen

2.16.14.00

Reason Heuristics

PUP.Performersoft.FortySevenTechSoftware.Bundler (M)

16.2.1.17

Sophos

PUA 'InstallBrain'

5.14

Vba32 AntiVirus

AdWare.BrainInst

3.12.26.3

VIPRE Antivirus

Threat.4759033

33520

Zillya! Antivirus

Adware.BrainInst.Win32.122

2.0.0.1939

File size:

1.2 MB (1,273,872 bytes)

Product version:

14.10.3.4

Original file name:

CodecPerformerSetup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\?odec performer803975.exe

Digital Signature

Signed by:

Forty Seven Tech Software LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/19/2013 5:13:53 AM

Valid to:

12/19/2016 5:13:53 AM

Subject:

CN=Forty Seven Tech Software LLC, O=Forty Seven Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27C178FAD33D6A

File PE Metadata

Compilation timestamp:

9/10/2014 10:13:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:QEfCvka3Nzbi3Xi6kgaINVRX/diX2n0e435qkLeI+t2r48WXDGOjbvD/+XbdeXc6:vfCL9C3XiTcNjPdiGnT65qkYt2r48WXx

Entry address:

0x115F3

Entry point:

E8, D5, 70, 00, 00, E9, DA, 48, 00, 00, C7, 01, 80, B5, 41, 00, E9, 59, 4A, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 80, B5, 41, 00, E8, 46, 4A, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 3F, 92, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 56, 68, 00, 00, 03, 00, 68, 00, 00, 01, 00, 33, F6, 56, E8, A0, 5D, 00, 00, 83, C4, 0C, 85, C0, 74, 0A, 56, 56, 56, 56, 56, E8, 22, 75, 00, 00, 5E, C3, E9, 0C, 95, FF, FF, CC, CC, CC, 8B, FF, 55, 8B, EC, 51, 56, 8B, F1, 83, 3E, 00, 75, 24, 6A, 00, 8D, 4D, FC, E8... 
[+]

Entropy:

7.7106 (probably packed)

Code size:

102.5 KB (104,960 bytes)

Remove сodec performer803975.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.