» pcperformersetup.exe
Overview
Analysis
File Details
Network (2)

pcperformersetup.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application pcperformersetup.exe by Performersoft has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

Publisher:

InstallBrain (signed by Performersoft LLC)

Product:

InstallBrain Installer

Version:

14,1,1,3

MD5:

9aa8f0f23b8574905e6064f38f70efc7

SHA-1:

c259e8f41027a07921eeb3cdf291e4784ffb88f4

SHA-256:

d27e812a639f2f6713242aeca1b5436054fb94600ce21547d3c748e0264bb189

Scanner detections:

20 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/26/2024 7:35:45 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

359

Agnitum Outpost

Adware.Generic

7.1.1

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.147.26

AVG

Skodna.Downloader

2017.0.2837

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.210

Comodo Security

ApplicUnwnt.Win32.AdWare.IBrain.B

18212

Dr.Web

Adware.Downware.281

9.0.1.042

ESET NOD32

Win32/InstallBrain.AW (variant)

10.9754

F-Prot

W32/IBrain.B.gen

v6.4.7.1.166

F-Secure

Application.Bundler.InstallBrain

11.2016-11-02_5

G Data

Application.Bundler.InstallBrain

16.2.24

Kaspersky

not-a-virus:HEUR:AdWare.Win32.BrainInst

14.0.0.678

Malwarebytes

Adware.InstallBrain

v2016.02.11.10

Microsoft Security Essentials

TrojanDownloader:Win32/Brantall.B

1.10502

MicroWorld eScan

Application.Bundler.InstallBrain.A

17.0.0.126

Panda Antivirus

PUP/Ibups

16.02.11.10

Reason Heuristics

PUP.Performersoft.InstallBrain.Installer (M)

16.2.11.10

Sophos

InstallBrain

4.98

SUPERAntiSpyware

PUP.InstallBrain

9330

VIPRE Antivirus

Trojan.Win32.Generic

28826

File size:

585.1 KB (599,104 bytes)

Product version:

14,1,1,3

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\downloads\pcperformersetup.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

7/13/2011 9:38:26 AM

Valid to:

6/25/2012 2:20:46 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

277B96F94D20C1

File PE Metadata

Compilation timestamp:

5/24/2012 5:05:38 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:6G2tzSMJb9pZ5RgY2yUNK+upN35jGFpVMbonpEPH0zEBQM1SoSbmKZl:6PxzKtrEPo2Qfbll

Entry address:

0x19386

Entry point:

E8, 95, 2A, 00, 00, E9, 89, FE, FF, FF, 80, F9, 40, 73, 15, 80, F9, 20, 73, 06, 0F, AD, D0, D3, EA, C3, 8B, C2, 33, D2, 80, E1, 1F, D3, E8, C3, 33, C0, 33, D2, C3, CC, 8B, FF, 55, 8B, EC, 83, EC, 18, 53, 8B, 5D, 0C, 56, 8B, 73, 08, 33, 35, D0, 92, 42, 00, 57, 8B, 06, C6, 45, FF, 00, C7, 45, F4, 01, 00, 00, 00, 8D, 7B, 10, 83, F8, FE, 74, 0D, 8B, 4E, 04, 03, CF, 33, 0C, 38, E8, 14, EF, FF, FF, 8B, 4E, 0C, 8B, 46, 08, 03, CF, 33, 0C, 38, E8, 04, EF, FF, FF, 8B, 45, 08, F6, 40, 04, 66, 0F, 85, 19, 01, 00, 00... 
[+]

Code size:

133 KB (136,192 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove pcperformersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.