» uninstall.exe
Overview
Analysis
File Details
Network (3)

uninstall.exe

Installer

Performersoft LLC

This is the Performersoft setup installer. The application uninstall.exe by Performersoft has been detected as a potentially unwanted program by 39 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

uninstall.exe

Publisher:

Performersoft LLC (signed and verified)

Product:

Installer

Version:

14.12.8.9

MD5:

6448b49c2cc874c0a04714f284e30d45

SHA-1:

b6d0a6b804ba5e0a858f373dd9f8c802b56fa848

SHA-256:

7c0c91959981a549854a512f25921e817387dd642cdc1a40c7fbf2d9b65fa0c3

Scanner detections:

39 / 68

Status:

Potentially unwanted

Explanation:

May bundle additional potentially unwanted software such as adware during setup.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/18/2024 5:00:05 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.B

551

Agnitum Outpost

Adware.BrainInst

7.1.1

AhnLab V3 Security

PUP/Win32.BrainInst

2014.02.09

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.130.82

avast!

Win32:InstallBrain-I [PUP]

2014.9-150803

AVG

Potentially harmful program Downloader

2016.0.3029

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.1075

Bkav FE

W32.Clod676.Trojan

1.3.0.4959

Clam AntiVirus

Win.Adware.Installbrain-710

0.98/19757

Comodo Security

ApplicUnwnt.Win32.AdWare.IBrain.C

17759

Dr.Web

Adware.Downware.1295

9.0.1.0215

Emsisoft Anti-Malware

Application.Bundler.InstallBrain

8.15.08.03.07

ESET NOD32

Win32/InstallBrain potentially unwanted application

9.7.0.302.0

Fortinet FortiGate

Adware/InstallBrain.OP

8/3/2015

F-Prot

W32/IBrain.D.gen

v6.4.7.1.166

F-Secure

Trojan:W32/InstallBrain.A

11.2015-03-08_2

G Data

Win32.Application.InstallBrain

15.8.24

herdProtect (fuzzy)

variant of ibsvc.exe (Adware)

2015.9.8.2

IKARUS anti.virus

AdWare.InstallBrain

t3scan.2.2.29

K7 AntiVirus

Adware

13.175.10814

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.1639

Malwarebytes

PUP.BundleInstaller.IB

v2015.08.03.07

McAfee

Artemis!3F79695C6BDD

5600.6685

Microsoft Security Essentials

TrojanDownloader:Win32/Brantall.B

1.165.247.01

MicroWorld eScan

Application.Bundler.InstallBrain.A

16.0.0.645

NANO AntiVirus

Trojan.Win32.Downware2.bbwnqr

0.28.0.57029

Norman

Application.Bundler.InstallBrain.B

11.20150803

nProtect

Application.Bundler.InstallBrain.B

14.09.28.01

Panda Antivirus

PUP/Ibups

15.08.03.07

Qihoo 360 Security

HEUR/Malware.QVM10.Gen

1.0.0.1015

Quick Heal

TrojanDownloader.Brantall.A5

8.15.12.00

Reason Heuristics

PUP.Performersoft.Bundler (M)

15.8.3.7

Rising Antivirus

PE:Malware.InstallBrain!6.201

23.00.65.15801

Sophos

PUA 'InstallBrain'

SUPERAntiSpyware

Trojan.Agent/Gen-InstallBrain

9714

Trend Micro House Call

HV_IBRAIN_CI052869.RDXN

7.2.215

Vba32 AntiVirus

AdWare.BrainInst

3.12.24.3

VIPRE Antivirus

InstallBrain

26304

Zillya! Antivirus

Adware.BrainInst.Win32.8

2.0.0.1799

File size:

606.5 KB (621,088 bytes)

Product version:

14.12.8.9

Original file name:

installer.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\Program Files\uninstall information\ib_uninst_0\uninstall.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

6/27/2012 4:28:03 PM

Valid to:

6/27/2015 4:28:03 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

07DAC5F73C6773

File PE Metadata

Compilation timestamp:

8/17/2012 12:48:58 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

12288:xcwRpDG2gwbVANOlVWRsnQJ+I3wXaP8tdXAJ4v0OF8JlYWpw:Gwm2fLXpnIwXaPgdXAKv0m8JCWpw

Entry address:

0x19527

Entry point:

E8, FD, 36, 00, 00, E9, 89, FE, FF, FF, 57, 8B, C6, 83, E0, 0F, 85, C0, 0F, 85, C1, 00, 00, 00, 8B, D1, 83, E1, 7F, C1, EA, 07, 74, 65, EB, 06, 8D, 9B, 00, 00, 00, 00, 66, 0F, 6F, 06, 66, 0F, 6F, 4E, 10, 66, 0F, 6F, 56, 20, 66, 0F, 6F, 5E, 30, 66, 0F, 7F, 07, 66, 0F, 7F, 4F, 10, 66, 0F, 7F, 57, 20, 66, 0F, 7F, 5F, 30, 66, 0F, 6F, 66, 40, 66, 0F, 6F, 6E, 50, 66, 0F, 6F, 76, 60, 66, 0F, 6F, 7E, 70, 66, 0F, 7F, 67, 40, 66, 0F, 7F, 6F, 50, 66, 0F, 7F, 77, 60, 66, 0F, 7F, 7F, 70, 8D, B6, 80, 00, 00, 00, 8D, BF... 
[+]

Entropy:

7.6442

Code size:

147 KB (150,528 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

TCP (HTTP):

Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com (54.221.252.69:80)

Remove uninstall.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.