home

videomanagersetup.exe

Installer

Performersoft LLC

This is the Performersoft setup installer. The application videomanagersetup.exe by Performersoft has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
Performersoft LLC  (signed and verified)

Product:
Installer

Version:
15.9.28.27

MD5:
82cbcc7b5f411fb475f848da711ed28e

SHA-1:
edc1b5a75b2768c27eb58ff1813e85da7c40a6f8

SHA-256:
6ec7bf69c618802c9f1c14f4301d9c1751f352111488dc578dab56ae2f760acf

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/26/2024 1:35:42 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.DL.Brantall
7.1.1

Avira AntiVirus
APPL/InstallBrain.Gen
7.11.140.20

avast!
Win32:Adware-gen [Adw]
2014.9-160215

AVG
MalSign.InstallBrain
2017.0.2832

Comodo Security
Application.Win32.InstallBrain.C
18015

Dr.Web
Adware.Downware.1295
9.0.1.046

ESET NOD32
Win32/InstallBrain.AJ (variant)
10.9612

F-Secure
Trojan:W32/InstallBrain.A
11.2016-15-02_2

G Data
Win32.Application.InstallBrain
16.2.24

IKARUS anti.virus
AdWare.InstallBrain
t3scan.2.2.29

Kaspersky
not-a-virus:AdWare.Win32.BrainInst
14.0.0.656

Malwarebytes
Adware.InstallBrain
v2016.02.15.05

Microsoft Security Essentials
TrojanDownloader:Win32/Brantall.C
1.10401

NANO AntiVirus
Trojan.Win32.Downware.cmmmmm
0.28.0.58720

Panda Antivirus
PUP/Ibups
16.02.15.05

Quick Heal
TrojanDownloader.Brantall.A5
2.16.12.00

Reason Heuristics
PUP.Performersoft.Bundler (M)
16.2.15.17

Sophos
InstallBrain
4.98

Vba32 AntiVirus
AdWare.BrainInst
3.12.24.3

VIPRE Antivirus
InstallBrain
27846

File size:
623 KB (637,984 bytes)

Product version:
15.9.28.27

Copyright:
Copyright 2012

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\downloads\videomanagersetup.exe

Digital Signature
Signed by:
Performersoft LLC

Authority:
GoDaddy.com, Inc.

Valid from:
6/27/2012 5:28:03 PM

Valid to:
6/27/2015 5:28:03 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07DAC5F73C6773

File PE Metadata
Compilation timestamp:
5/8/2013 9:09:11 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:4ML660k0OV4W3oEKPPT9BOWY89Pc1gFoimsot56fdLsc4J26qxOF1dRQxHjQOcFd:FeUSLvOWY89D3msot5OX4k6C41jQxoFd

Entry address:
0x167DD

Entry point:
E8, 6A, 50, 00, 00, E9, 89, FE, FF, FF, 6A, 0C, 68, 00, B6, 42, 00, E8, 1D, 18, 00, 00, 6A, 0E, E8, 67, 52, 00, 00, 59, 83, 65, FC, 00, 8B, 75, 08, 8B, 4E, 04, 85, C9, 74, 2F, A1, 70, F7, 42, 00, BA, 6C, F7, 42, 00, 89, 45, E4, 85, C0, 74, 11, 39, 08, 75, 2C, 8B, 48, 04, 89, 4A, 04, 50, E8, 97, E7, FF, FF, 59, FF, 76, 04, E8, 8E, E7, FF, FF, 59, 83, 66, 04, 00, C7, 45, FC, FE, FF, FF, FF, E8, 0A, 00, 00, 00, E8, 0C, 18, 00, 00, C3, 8B, D0, EB, C5, 6A, 0E, E8, 33, 51, 00, 00, 59, C3, CC, CC, CC, CC, CC, CC...
 
[+]

Code size:
146 KB (149,504 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):
Connects to stats-182385724-1591972470.us-east-1.elb.amazonaws.com  (54.221.252.69:80)

Remove videomanagersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.