» сodec performer803975.exe
Overview
Analysis
File Details
Downloads (1)

сodec performer803975.exe

Codec Pack

Red Balloons Software, LLC

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application сodec performer803975.exe by Red Balloons Software has been detected as adware by 29 anti-malware scanners. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.humipapp.com.

File name:

Publisher:

Red Balloons Software, LLC (signed and verified)

Product:

Codec Pack

Version:

1.12.12.13

MD5:

11094031233238921b1fe9ca37ae0bdb

SHA-1:

edfd10c60d9200dcea479b493c2ee038bbd618ec

SHA-256:

5a905838947864e17cabbaed1f0cea7d1e7b07a266b5a6268648af6b75e65358

Scanner detections:

29 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Analysis date:

4/25/2024 2:31:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.59111

395

Agnitum Outpost

PUA.InstallBrain

7.1.1

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.150.66

avast!

Win32:PUP-gen [PUP]

2014.9-160106

AVG

Potentially harmful program Skodna.Downloader

2017.0.2873

Baidu Antivirus

Adware.Win32.InstallBrain

4.0.3.1616

Bitdefender

Gen:Variant.Strictor.59111

1.0.20.30

Bkav FE

W32.Clod828.Trojan

1.3.0.4613

Comodo Security

Application.Win32.InstallBrain.BF

18286

Dr.Web

Adware.Downware.1737

9.0.1.06

Emsisoft Anti-Malware

Gen:Variant.Strictor.59111

8.16.01.06.02

ESET NOD32

Win32/InstallBrain.BH potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

W32/InstallBrain.BH

1/6/2016

F-Secure

Gen:Variant.Strictor.59111

11.2016-06-01_4

G Data

Gen:Variant.Strictor.59111

16.1.24

IKARUS anti.virus

Trojan-Downloader.Win32.Brantall

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.177.12109

Malwarebytes

PUP.Optional.InstallBrain.A

v2016.01.06.02

McAfee

Artemis!A3F339B068E5

5600.6529

MicroWorld eScan

Gen:Variant.Strictor.59111

17.0.0.18

NANO AntiVirus

Riskware.Win32.Downware.cvmfkw

0.28.0.59911

Panda Antivirus

Trj/Genetic.gen

16.01.06.02

Reason Heuristics

PUP.Performersoft.RedBalloonsSoftware (M)

16.1.6.2

Rising Antivirus

PE:PUF.SmartInstaller!1.9EA6

23.00.65.16104

Sophos

Mal/Generic-S

4.96

Trend Micro House Call

TROJ_SPNV.03AC14

7.2.6

Trend Micro

TROJ_SPNV.03AC14

10.465.06

VIPRE Antivirus

Trojan.Win32.Generic

25424

Zillya! Antivirus

Trojan.Black.Win32.17536

2.0.0.2036

File size:

1.7 MB (1,771,768 bytes)

Product version:

1.12.12.13

Original file name:

Codec Pack.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\temp\?odec performer803975.exe

Digital Signature

Signed by:

Red Balloons Software, LLC

Authority:

GoDaddy.com, Inc.

Valid from:

11/19/2013 1:13:54 PM

Valid to:

11/19/2014 1:13:54 PM

Subject:

CN="Red Balloons Software, LLC", O="Red Balloons Software, LLC", L=San Francisco, S=California, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B41EF13399233

File PE Metadata

Compilation timestamp:

12/6/2013 6:17:37 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

49152:TUS8aYUr7Ru39Pd0P5L8+aBFsEpTFEka5XHr3QPeEWP:TWDUr7S9Pd0PraBPwt

Entry address:

0xAD669

Entry point:

E8, D7, 9D, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 1C, 56, FF, 75, 08, 8D, 4D, E4, E8, 5C, DE, FF, FF, 8B, 45, 10, 8B, 75, 0C, 85, C0, 74, 02, 89, 30, 85, F6, 75, 24, E8, 2C, 1E, 00, 00, C7, 00, 16, 00, 00, 00, E8, 98, 2C, 00, 00, 80, 7D, F0, 00, 74, 07, 8B, 45, EC, 83, 60, 70, FD, 33, C0, E9, E0, 01, 00, 00, 83, 7D, 14, 00, 74, 0C, 83, 7D, 14, 02, 7C, D0, 83, 7D, 14, 24, 7F, CA, 83, 65, FC, 00, 8B, 4D, E4, 53, 8A, 1E, 57, 8D, 7E, 01, 83, B9, AC, 00, 00, 00, 01, 7E, 17, 8D, 45, E4, 50, 0F... 
[+]

Entropy:

6.9082

Code size:

916 KB (937,984 bytes)

The file сodec performer803975.exe has been seen being distributed by the following URL.

http://www.humipapp.com/.../$ldkpTplsIQYpiAob?v=18&cid=3975&clickid=0048829156336214803&a=1

Remove сodec performer803975.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.