» uninstall.exe
Overview
Analysis
File Details
Network (3)

uninstall.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application uninstall.exe by Performersoft has been detected as a potentially unwanted program by 28 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

uninstall.exe

Publisher:

InstallBrain (signed by Performersoft LLC)

Product:

InstallBrain Installer

Version:

14,1,1,4

MD5:

e5362b7a34a6c29d64dd94451a8c0af3

SHA-1:

7e57db310a60c5bb4c500485c83473f7bd169835

SHA-256:

b1ec87158fe1c7e57bb22a1a4ceedbc1288ef2de66f8020cb78f8a096bdb24a7

Scanner detections:

28 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/24/2024 10:22:20 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

885

Agnitum Outpost

Adware.BrainInst

7.1.1

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.144.160

avast!

Win32:InstallBrain-F [PUP]

2014.9-140902

AVG

Downloader

2015.0.3363

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.1225

Comodo Security

ApplicUnwnt.Win32.AdWare.IBrain.C

18144

Dr.Web

Adware.Downware.1295

9.0.1.0245

ESET NOD32

Win32/InstallBrain

8.9704

Fortinet FortiGate

Adware/BrainInst

9/2/2014

F-Prot

W32/IBrain.D.gen

v6.4.7.1.166

F-Secure

Trojan:W32/InstallBrain.A

11.2014-02-09_3

G Data

Application.Bundler.InstallBrain

14.9.24

IKARUS anti.virus

Trojan-Downloader.Win32.Brantall

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.176.11833

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.3311

Malwarebytes

Adware.InstallBrain

v2014.09.02.05

McAfee

Artemis!0578C970301F

5600.7019

Microsoft Security Essentials

TrojanDownloader:Win32/Brantall.B

1.10502

MicroWorld eScan

Application.Bundler.InstallBrain.A

15.0.0.735

NANO AntiVirus

Trojan.Win32.Downware.crasga

0.28.0.59492

Panda Antivirus

PUP/Ibups

14.09.02.05

Quick Heal

TrojanDownloader.Brantall.A5

9.14.12.00

Reason Heuristics

PUP.Installer.Performersoft.J

14.8.7.22

Sophos

InstallBrain

4.98

Trend Micro House Call

HV_IBRAIN_CI194673.RDXN

7.2.245

Vba32 AntiVirus

AdWare.BrainInst

3.12.26.0

VIPRE Antivirus

InstallBrain

28478

File size:

620.5 KB (635,360 bytes)

Product version:

14,1,1,4

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\Program Files\uninstall information\ib_uninst_519\uninstall.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

6/27/2012 10:28:03 PM

Valid to:

6/27/2015 10:28:03 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07DAC5F73C6773

File PE Metadata

Compilation timestamp:

7/11/2012 1:33:39 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:HNpbGph0W2KjUnD0CbEFsitciVxNowzeF6HhDc6M5ywW5YkDVPAJx7j/:epn+igweFyhDTdikxPU/

Entry address:

0x1ACF3

Entry point:

E8, F1, 36, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Code size:

155 KB (158,720 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.