» сodec performer803975.exe
Overview
Analysis
File Details

сodec performer803975.exe

Forty Seven Tech Software LLC

This is the Performersoft setup installer. The application сodec performer803975.exe by Forty Seven Tech Software has been detected as adware by 32 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. It is also typically executed from the user's temporary directory.

File name:

Publisher:

CodecPerformer (signed by Forty Seven Tech Software LLC)

Product:

CodecPerformer

Version:

14.10.11.10

MD5:

520f225490a3b4d41578a6005938c22c

SHA-1:

81d9d6e01ebb2bfeb6040866cbe9e32b051776cd

SHA-256:

d5662a5d883efdb50befe7e4f36972cb4118c5d6ce9bacc35149bd52a0e62c35

Scanner detections:

32 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/25/2024 10:17:40 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.E

355

Agnitum Outpost

PUA.BrainInst

7.1.1

AhnLab V3 Security

PUP/Win32.InstallBrain

2014.10.02

Avira AntiVirus

ADWARE/InstallBrain.Gen

7.11.175.234

avast!

InstallBrain-BP [PUP]

2014.9-160215

AVG

Adware InstallBrain

2017.0.2833

Bitdefender

Application.Bundler.InstallBrain.E

1.0.20.230

Bkav FE

W32.HfsAdware

1.3.0.6379

Clam AntiVirus

Win.Adware.Installbrain-2195

0.98/20456

Comodo Security

Application.Win32.InstallBrain.GA

21587

Dr.Web

Trojan.DownLoader11.36243

9.0.1.046

Emsisoft Anti-Malware

Application.Bundler.InstallBrain

8.16.02.15.12

ESET NOD32

Win32/InstallBrain.CQ potentially unwanted application

10.7.0.302.0

F-Prot

W32/A-3442f84d

v6.4.7.1.166

F-Secure

Application.Bundler.InstallBrain

11.2016-15-02_2

G Data

Application.Bundler.InstallBrain

16.2.24

IKARUS anti.virus

PUA.InstallBrain

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.185.13789

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.660

Malwarebytes

PUP.Optional.InstallBrain

v2016.02.15.12

MicroWorld eScan

Application.Bundler.InstallBrain.E

17.0.0.138

NANO AntiVirus

Trojan.Win32.DownLoader11.dmvzyi

0.30.8.659

Norman

Application.Bundler.InstallBrain.E

11.20160215

nProtect

Trojan-Clicker/W32.BrainInst.1273896

14.11.06.01

Panda Antivirus

Trj/Genetic.gen

16.02.15.12

Qihoo 360 Security

Malware.QVM06.Gen

1.0.0.1015

Quick Heal

PUA.Fortyseven.Gen

2.16.14.00

Reason Heuristics

PUP.Performersoft.FortySevenTechSoftware.Bundler (M)

16.2.15.0

Sophos

PUA 'InstallBrain'

5.14

Vba32 AntiVirus

AdWare.BrainInst

3.12.26.3

VIPRE Antivirus

Threat.4759033

33520

Zillya! Antivirus

Adware.BrainInst.Win32.122

2.0.0.1939

File size:

1.2 MB (1,273,896 bytes)

Product version:

14.10.11.10

Original file name:

CodecPerformerSetup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\сodec performer803975.exe

Digital Signature

Signed by:

Forty Seven Tech Software LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/19/2013 2:13:53 AM

Valid to:

12/19/2016 2:13:53 AM

Subject:

CN=Forty Seven Tech Software LLC, O=Forty Seven Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27C178FAD33D6A

File PE Metadata

Compilation timestamp:

9/10/2014 7:13:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:/EiFIUmVZXMKbi3Xi6kgaINVRX/diX2n0e435qkLeI+t2r48WCGOjbvD/+XbdeXQ:PFIUmzXo3XiTcNjPdiGnT65qkYt2r48W

Entry address:

0x71B1

Entry point:

E8, BC, D4, FF, FF, E9, FE, B4, 00, 00, C7, 01, 80, B5, 41, 00, E9, DB, 5E, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 80, B5, 41, 00, E8, C8, 5E, 00, 00, F6, 45, 08, 01, 74, 07, 56, E8, 86, 6F, 00, 00, 59, 8B, C6, 5E, 5D, C2, 04, 00, 55, 8B, EC, 83, EC, 10, 6A, 00, FF, 15, E0, B1, 41, 00, 89, 45, F0, 8B, 45, F0, 50, FF, 15, 00, B0, 41, 00, 89, 45, F8, 68, 5E, 03, 00, 00, 6A, 05, 8B, 4D, F8, 51, FF, 15, 14, B0, 41, 00, 89, 45, FC, 8B, 55, FC, 52, 8B, 45, F8, 50, FF, 15, 18, B0, 41, 00, 6A, 02, FF, 15... 
[+]

Entropy:

7.7100 (probably packed)

Code size:

102.5 KB (104,960 bytes)

Remove сodec performer803975.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.