home

pcperformer.exe

PC Performer

Performersoft LLC

This is the Performersoft setup installer. The application pcperformer.exe by Performersoft has been detected as a potentially unwanted program by 12 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. It runs as a scheduled task under the Windows Task Scheduler triggered to execute each time a user logs in. This file is typically installed with the program PC Performer by PerformerSoft LLC which is a potentially unwanted software program. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.
Publisher:
Performersoft LLC  (signed and verified)

Product:
PC Performer

Version:
11.10.1.2217

MD5:
ee3ec3bf27ec6c6fb45e4125255cabe5

SHA-1:
4bd8467993963d15e257b7a229cfa66da65f3a0b

SHA-256:
7fd243cea27177f33ac4314ad21234ee8b699f076c9a77070ec745fce281072a

Scanner detections:
12 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 11:38:38 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

AhnLab V3 Security
Win-PUP/InstallBrain
2015.03.07

Avira AntiVirus
APPL/InstallBrain.EK
7.11.135.48

Bkav FE
W32.HfsAdware
1.3.0.6379

Dr.Web
Trojan.Damaged.1
9.0.1.042

ESET NOD32
Win32/PCPerformer
10.9509

Malwarebytes
PUP.Optional.PCPerformer.A
v2016.02.11.03

Panda Antivirus
PUP/Ibups
16.02.11.03

Reason Heuristics
PUP.Performersoft.Bundler (M)
16.2.11.15

Sophos
PC Performer
4.95

Trend Micro House Call
TROJ_GEN.F47V1030
7.2.42

Vba32 AntiVirus
Signed-AdWare.BrainInst.PerformersoftLLC
3.12.26.3

VIPRE Antivirus
InstallBrain
24238

File size:
7 MB (7,338,552 bytes)

Product version:
11.10.1.2217

Copyright:
Copyright (C) 2011 PerformerSoft LLC, All rights reserved.

Trademarks:
PC Performer

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\Program Files\pc performer\pcperformer.exe

Digital Signature
Signed by:
Performersoft LLC

Authority:
GoDaddy.com, Inc.

Valid from:
7/13/2011 3:38:26 PM

Valid to:
6/25/2012 8:20:46 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
277B96F94D20C1

File PE Metadata
Compilation timestamp:
3/14/2012 11:16:33 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
196608:D/nN4HS/oOKKKKKKKKKKKKKKKKKKKKKKKKKKKKdNYIMf:aioOKKKKKKKKKKKKKKKKKKKKKKKKKKKr

Entry address:
0xB5EC2

Entry point:
E8, DD, 89, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 50, C7, 57, 00, 75, 02, F3, C3, E9, 5F, 8A, 00, 00, 8B, FF, 51, C7, 01, 9C, 30, 52, 00, E8, 57, 8B, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 97, EE, FD, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, 8F, 8B, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 83, EC, 20, 53, 33, DB, 39, 5D, 14, 75, 20, E8, F0, 45, 00, 00, 53...
 
[+]

Code size:
1.1 MB (1,162,752 bytes)

Scheduled Task
Task name:
PC Performer

Trigger:
Logon (Runs on logon)


The file pcperformer.exe has been discovered within the following program.

PC Performer  by PerformerSoft LLC
PC Performer is registry cleaner, a class of third party software utility designed for the Microsoft Windows operating system, whose purported purpose is to remove redundant items from the Windows registry.
www.performersoft.com
75% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove pcperformer.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.