home

PCPerformerSetup.exe

Elephant Tech Software LLC

This is the Performersoft setup installer. The application PCPerformerSetup.exe by Elephant Tech Software has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. The file has been seen being downloaded from www.appheni.com.
Publisher:
PCPerformer  (signed by Elephant Tech Software LLC)

Product:
PCPerformer

Version:
14.8.10.9

MD5:
974b34e203df8c4a61f1c541b9726b71

SHA-1:
8d43f828f8fc885f1eec96e83d0bd00061e50be8

SHA-256:
add4e9d7ec070f5459f01247e59d33ec68ba332f7f983230c99259303bfb5d6b

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
5/4/2024 6:50:22 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallBrain
2014.09.20

Avira AntiVirus
ADWARE/InstallBrain.Gen
7.11.169.186

avast!
InstallBrain-BX [PUP]
2014.9-160103

AVG
Adware InstallBrain
2017.0.2876

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Installbrain-1522
0.98/21511

Comodo Security
Application.Win32.Installbrain.CK
20202

Dr.Web
Trojan.InstallBrain.2
9.0.1.03

ESET NOD32
Win32/InstallBrain.CN potentially unwanted application
10.7.0.302.0

Fortinet FortiGate
Riskware/Generic.AC.1774
1/3/2016

F-Prot
W32/A-3442f84d
v6.4.7.1.166

G Data
Win32.Application.InstallBrain
16.1.25

IKARUS anti.virus
AdWare.InstallBrain.Gen8
t3scan.1.7.5.0

K7 AntiVirus
Unwanted-Program
13.183.13198

Malwarebytes
PUP.Optional.PCPerformer.A
v2016.01.03.09

NANO AntiVirus
Trojan.Win32.Click3.dfnnxu
0.28.6.63726

Norman
Adware.InstallBrain.E
11.20160103

Panda Antivirus
Trj/Genetic.gen
16.01.03.09

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Quick Heal
PUA.Elephantte.Gen
1.16.14.00

Reason Heuristics
PUP.Performersoft.ElephantTechSoftware.Bundler (M)
16.1.3.9

Sophos
PUA 'InstallBrain'
5.14

Vba32 AntiVirus
AdWare.BrainInst
3.12.26.3

VIPRE Antivirus
Threat.4759033
35088

Zillya! Antivirus
Adware.BrainInst.Win32.112
2.0.0.1905

File size:
1.2 MB (1,276,232 bytes)

Product version:
14.8.10.9

Copyright:
Copyright 2014

Original file name:
PCPerformerSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\downloads\pcperformersetup.exe

Digital Signature
Signed by:
Elephant Tech Software LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/19/2013 5:14:46 AM

Valid to:
12/19/2016 5:14:46 AM

Subject:
CN=Elephant Tech Software LLC, O=Elephant Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B2D0084486599

File PE Metadata
Compilation timestamp:
8/4/2014 11:01:28 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:U4QkLzXi6kgaINVqcERRauju0Zqr3p/ojycwyHKaSrRNRE0OACNm:kGzXiTcNYauju0MMfHKaE1OA2m

Entry address:
0x88A6

Entry point:
E8, 58, 4D, 00, 00, E9, 89, FE, FF, FF, C7, 01, 58, B5, 41, 00, E9, 41, FA, FF, FF, 8B, FF, 55, 8B, EC, 56, 8B, F1, C7, 06, 58, B5, 41, 00, E8, 2E, FA, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 94, EC, FF, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 57, 8B, 7D, 08, 8B, 47, 04, 85, C0, 74, 47, 8D, 50, 08, 80, 3A, 00, 74, 3F, 8B, 75, 0C, 8B, 4E, 04, 3B, C1, 74, 14, 83, C1, 08, 51, 52, E8, 51, 19, 00, 00, 59, 59, 85, C0, 74, 04, 33, C0, EB, 24, F6, 06, 02, 74, 05, F6, 07, 08, 74, F2, 8B, 45, 10...
 
[+]

Entropy:
7.5264

Code size:
102.5 KB (104,960 bytes)

The file PCPerformerSetup.exe has been seen being distributed by the following URL.

http://www.appheni.com/.../$gccsf5A3I145lhQN?lang=en&cid=4280&cert=ets

Remove PCPerformerSetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.