» video_plugin.exe
Overview
Analysis
File Details
Network (2)

video_plugin.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application video_plugin.exe by Performersoft has been detected as a potentially unwanted program by 35 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. While running, it connects to the Internet address www.ibbalance.com on port 443.

File name:

video_plugin.exe

Publisher:

InstallBrain (signed by Performersoft LLC)

Product:

InstallBrain Installer

Version:

14,1,1,3

MD5:

95dc25e05c027b580d1b78f6116ca488

SHA-1:

7cdf089b0432b8a486e43592225628b2428633ff

SHA-256:

694a440e0ad824e5cf16dcaeff9c66e0f6beafb3453c4522b7b21e923529469a

Scanner detections:

35 / 68

Status:

Potentially unwanted

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:

4/26/2024 10:01:41 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.A

358

Agnitum Outpost

Adware.BrainInst

7.1.1

AhnLab V3 Security

Win-PUP/InstallBrain

2015.04.11

Avira AntiVirus

ADWARE/InstallBrain.i

3.6.1.96

avast!

Win32:PUP-gen [PUP]

2014.9-160212

AVG

Downloader.Generic13

2017.0.2836

Bitdefender

Application.Bundler.InstallBrain.A

1.0.20.215

Bkav FE

W32.Clod26a.Trojan

1.3.0.4613

Clam AntiVirus

Win.Adware.Installbrain-1

0.98/21511

Comodo Security

ApplicUnwnt.Win32.AdWare.IBrain.C

21719

Dr.Web

Adware.Downware.1295

9.0.1.043

Emsisoft Anti-Malware

Application.Bundler.InstallBrain

8.16.02.12.10

ESET NOD32

Win32/InstallBrain potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

Adware/InstallBrain.OP

2/12/2016

F-Prot

W32/IBrain.B.gen

v6.4.6.5.141

F-Secure

Riskware.Application.Bundler.InstallBrain

11.2016-12-02_6

G Data

Application.Bundler.InstallBrain

16.2.25

IKARUS anti.virus

Trojan-Downloader.Win32.Brantall

t3scan.1.8.3.0

K7 AntiVirus

Unwanted-Program

13.202.15558

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.673

Malwarebytes

Adware.InstallBrain

v2016.02.12.10

Microsoft Security Essentials

TrojanDownloader:Win32/Brantall.B

1.163.1557.3

MicroWorld eScan

Application.Bundler.InstallBrain.A

17.0.0.129

NANO AntiVirus

Trojan.Win32.Downware.bdczug

0.30.10.952

Norman

Application.Bundler.InstallBrain.A

11.20160212

nProtect

Trojan-Clicker/W32.BrainInst.554432

15.04.10.01

Panda Antivirus

PUP/Ibups

16.02.12.10

Quick Heal

TrojanDownloader.Brantall.A5

2.16.14.00

Reason Heuristics

PUP.Performersoft.InstallBrain.Installer (M)

16.2.12.10

Rising Antivirus

PE:Trojan.DL.Win32.Brantall.a!1075356204

23.00.65.16210

Sophos

PUA 'InstallBrain'

5.10

SUPERAntiSpyware

PUP.InstallBrain

9328

Vba32 AntiVirus

BScope.Trojan.Agent

3.12.26.3

VIPRE Antivirus

InstallBrain

23126

Zillya! Antivirus

Adware.BrainInst.Win32.92

2.0.0.1977

File size:

364.5 KB (373,216 bytes)

Product version:

14,1,1,3

Trademarks:

InstallBrain

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\downloads\video_plugin.exe

Digital Signature

Signed by:

Performersoft LLC

Authority:

GoDaddy.com, Inc.

Valid from:

7/13/2011 7:08:26 PM

Valid to:

6/25/2012 11:50:46 PM

Subject:

CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

277B96F94D20C1

File PE Metadata

Compilation timestamp:

5/30/2012 5:57:53 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

6144:zdnIz2AMyzRJd7cGyMvNDGkOWXnlzrhPHTJj5o7Aw2x7E2KkeTW3MFoSUc1n:zdnIoyzRXXRv1Wkl3hPH7o7A7EweTW8d

Entry address:

0x120DB0

Entry point:

60, BE, 00, 90, 4D, 00, 8D, BE, 00, 80, F2, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 00, E5, 11, 00, 57, 83, C3, 04, 53, 68, A9, 7D, 04, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 02, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A... 
[+]

Entropy:

7.6572

Code size:

292 KB (299,008 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to www.softologic.com (174.37.181.31:80)

TCP (HTTP SSL):

Connects to www.ibbalance.com (173.192.190.227:443)

Remove video_plugin.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.