» uninstall.exe
Overview
Analysis
File Details
Network (3)

uninstall.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application uninstall.exe by Performersoft has been detected as a potentially unwanted program by 35 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

uninstall.exe

Publisher:

InstallBrain (signed by Performersoft LLC)

Product:

InstallBrain Installer

Version:

14,1,1,3

MD5:

55cc6de8f26362010a46b9441a0a0f9a

SHA-1:

6cc40edaab817e9f3e917c98fc57b68170b34c55

SHA-256:

77c1f2c0d52b5625bb06ce68727651ab8e06d705fd314142df7ebc7681c44390

Scanner detections:

35 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/26/2024 5:04:44 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Strictor.48741

924

Agnitum Outpost

Adware.BrainInst

7.1.1

Avira AntiVirus

APPL/InstallBrain.Gen5

7.11.111.8

avast!

Win32:InstallBrain-C [PUP]

2014.9-140725

AVG

Downloader

2015.0.3382

Baidu Antivirus

Adware.Win32.BrainInst

4.0.3.14815

Bitdefender

Gen:Variant.Strictor.48741

1.0.20.1030

Bkav FE

W32.Clod26a.Trojan

1.3.0.4613

Clam AntiVirus

Trojan.Agent-294202

0.98/18989

Comodo Security

UnclassifiedMalware

17221

Dr.Web

Adware.Downware.313

9.0.1.0206

Emsisoft Anti-Malware

Gen:Variant.Strictor.48741

8.14.07.25.01

ESET NOD32

Win32/InstallBrain.AW (variant)

8.9010

Fortinet FortiGate

Adware/InstallBrain.OP

7/25/2014

F-Prot

W32/IBrain.B.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Strictor.48741

11.2014-25-07_6

G Data

Win32.Application.InstallBrain

14.7.22

IKARUS anti.virus

Trojan-Downloader.Win32.Brantall

t3scan.2.2.29

K7 AntiVirus

Unwanted-Program

13.173.10101

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.3403

Malwarebytes

Adware.InstallBrain

v2014.07.25.01

Microsoft Security Essentials

TrojanDownloader:Win32/Brantall.B

1.163.1557.3

MicroWorld eScan

Gen:Variant.Strictor.48741

15.0.0.618

NANO AntiVirus

Riskware.Win32.Downware.vpsbt

0.24.0.53105

nProtect

Trojan-Clicker/W32.BrainInst.373728

14.05.23.01

Panda Antivirus

Adware/Ibups

14.07.25.01

Quick Heal

TrojanDownloader.Brantall

8.14.12.00

Reason Heuristics

PUP.Installer.Performersoft.J

14.8.7.22

Rising Antivirus

PE:Trojan.Win32.Generic.131E05D0!320734672

23.00.65.14813

Sophos

InstallBrain

4.94

SUPERAntiSpyware

Trojan.Agent/Gen-InstallBrain[PUP]

10420

Total Defense

Win32/Tnega.aEfTZDD

37.0.10938

Trend Micro House Call

HV_INSTALLBRAIN_CA225D33.TOMC

7.2.227

Vba32 AntiVirus

BScope.Trojan.Agent

3.12.24.3

VIPRE Antivirus

InstallBrain

23084

File size:

364.9 KB (373,696 bytes)

Product version:

14,1,1,3

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\Program Files\uninstall information\ib_uninst_383\uninstall.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

7/13/2011 6:38:26 AM

Valid to:

6/25/2012 11:20:46 AM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

277B96F94D20C1

File PE Metadata

Compilation timestamp:

6/11/2012 5:14:24 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:MBRN+fMeHBAtcPEnK/HNs/StSLxZIUIKLZOAFzGfllv5+L43UCEoSG4QC:GeqcsKvCatSLx8ejWlML5oSyC

Entry address:

0x120E30

Entry point:

60, BE, 00, 90, 4D, 00, 8D, BE, 00, 80, F2, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, AC, E5, 11, 00, 57, 83, C3, 04, 53, 68, 22, 7E, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.6977

Code size:

292 KB (299,008 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.