home

unins000.exe

Performersoft LLC

This is the Performersoft setup installer. The application unins000.exe by Performersoft has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the InstallBrain installer. This is the uninstaller utility registered in the Windows Control Panel for the program Driver Performer by PerformerSoft LLC. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Performersoft LLC  (signed and verified)

Description:
Setup/Uninstall

Version:
51.1052.0.0

MD5:
17e55978131a8d50c3f650eedc6b2e41

SHA-1:
5ddd61071ae393771c6b3048101351b634bd9866

SHA-256:
98cfd03208b699ee5073ddb06a5eb17f8966c966efe2d7f1d5ba28affbed9e8b

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/20/2024 5:04:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Performersoft.Bundler (M)
16.2.11.15

File size:
1.1 MB (1,188,952 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Common path:
C:\Program Files\driver performer\unins000.exe

Digital Signature
Signed by:
Performersoft LLC

Authority:
GoDaddy.com, Inc.

Valid from:
7/13/2011 3:38:26 PM

Valid to:
6/25/2012 8:20:46 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
277B96F94D20C1

File PE Metadata
Compilation timestamp:
10/30/2010 10:54:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
24576:443B3soIVgjal+VKnI2zwyBCSdZqyT6fETf+7Z1mZCHx9kH:/3DYwO6l7eG2

Entry address:
0xFAF7C

Entry point:
55, 8B, EC, 83, C4, F0, 53, 56, 57, B8, D4, 90, 4F, 00, E8, AD, DF, F0, FF, 6A, EC, A1, 6C, ED, 4F, 00, 8B, 00, 8B, 98, 70, 01, 00, 00, 53, E8, 48, EE, F0, FF, 25, 7F, FF, FF, FF, 50, 6A, EC, A1, 6C, ED, 4F, 00, 53, E8, 9D, F0, F0, FF, 33, C0, 55, 68, F7, AF, 4F, 00, 64, FF, 30, 64, 89, 20, 6A, 01, E8, F0, E7, F0, FF, E8, 47, DE, FF, FF, A1, 0C, 8D, 4F, 00, 50, 68, 70, 8D, 4F, 00, A1, 6C, ED, 4F, 00, 8B, 00, E8, 58, 0E, F8, FF, E8, 9B, DE, FF, FF, 33, C0, 5A, 59, 59, 64, 89, 10, EB, 19, E9, E4, 96, F0, FF...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
998 KB (1,021,952 bytes)

Program Uninstaller
Program name:
Driver Performer

Display publisher:
PerformerSoft LLC

Display version:
11.10.1.11897

Uninstall string:
"C:\Program Files\Driver Performer\unins000.exe" /silent


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove unins000.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.