» VideoPerformerSetup.exe
Overview
Analysis
File Details
Downloads (1)

VideoPerformerSetup.exe

Green Tech Software LLC

This is the Performersoft setup installer. The application VideoPerformerSetup.exe by Green Tech Software has been detected as adware by 30 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. According to AVG, this software downloads additional adware offers during setup. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from www.appfusu.com.

File name:

Publisher:

VideoPerformer (signed by Green Tech Software LLC)

Product:

VideoPerformer

Version:

14.3.22.12

MD5:

6ffc1945f1a98c64eec7efcb9128809a

SHA-1:

6181c7e34201d8c1168c0749414bd58f6ed3cc37

SHA-256:

25295c7957deb691a8d294f6b71abfaf8e861adf2bbd07899d23db7e1595ca65

Scanner detections:

30 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

4/25/2024 12:55:17 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.139208

374

Agnitum Outpost

PUA.InstallBrain

7.1.1

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.141.52

avast!

Win32:Adware-gen [Adw]

2014.9-160126

AVG

Skodna.Downloader

2017.0.2852

Bitdefender

Gen:Variant.Adware.Graftor.139208

1.0.20.130

Comodo Security

Application.Win32.Installbrain.BM

18055

Dr.Web

Trojan.DownLoader9.43505

9.0.1.026

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.139208

8.16.01.26.10

ESET NOD32

Win32/InstallBrain.BM potentially unwanted application

10.7.0.302.0

Fortinet FortiGate

W32/Skintrim.B!tr

1/26/2016

F-Prot

W32/IBrain.B2.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.139208

11.2016-26-01_3

G Data

Gen:Variant.Adware.Graftor.139208

16.1.24

IKARUS anti.virus

AdWare.InstallBrain

t3scan.1.6.1.0

K7 AntiVirus

Adware

13.183.13358

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.755

Malwarebytes

PUP.Optional.InstallBrain.A

v2016.01.26.10

MicroWorld eScan

Gen:Variant.Adware.Graftor.139208

17.0.0.78

NANO AntiVirus

Riskware.Win32.Downware.cvyhnz

0.28.0.59048

Norman

Gen:Variant.Adware.Graftor.139208

11.20160126

Panda Antivirus

Trj/Genetic.gen

16.01.26.10

Quick Heal

TrojanDownloader.Brantall.A5

1.16.14.00

Reason Heuristics

PUP.Performersoft.GreenTechSoftware.Bundler (M)

16.1.26.22

Rising Antivirus

PE:Malware.Obscure!1.9C59

23.00.65.16124

Sophos

InstallBrain

4.98

SUPERAntiSpyware

Questionable.Resource

9361

Vba32 AntiVirus

AdWare.BrainInst

3.12.26.0

VIPRE Antivirus

InstallBrain

27768

Zillya! Antivirus

Adware.BrainInst.Win32.86

2.0.0.1840

File size:

1.3 MB (1,329,096 bytes)

Product version:

14.3.22.12

Original file name:

VideoPerformerSetup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\videoperformersetup.exe

Digital Signature

Signed by:

Green Tech Software LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/18/2013 9:15:01 PM

Valid to:

12/18/2016 9:15:01 PM

Subject:

CN=Green Tech Software LLC, O=Green Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B856416CAA762

File PE Metadata

Compilation timestamp:

3/20/2014 11:13:59 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:ZoaiaTIwLa975tGJr8yU7oX0J17qb7YGmtyxc6FI9pe9/0OAeTX1l:ZEaTyzAAyUEnbcHtic6iE8OAeTX1l

Entry address:

0x12B30

Entry point:

E8, C3, 51, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 2C, 3D, 43, 00, 00, 75, 18, E8, 0E, 4A, 00, 00, 6A, 1E, E8, 58, 48, 00, 00, 68, FF, 00, 00, 00, E8, DC, 16, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 2C, 3D, 43, 00, FF, 15, 9C, 70, 42, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 30, 3D, 43, 00, 74, 0D, 53, E8, 72, 1B, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 6A, 1D, 00, 00, 89, 30, E8, 63, 1D, 00, 00, 89... 
[+]

Entropy:

7.6619

Code size:

151 KB (154,624 bytes)

The file VideoPerformerSetup.exe has been seen being distributed by the following URL.

http://www.appfusu.com/.../$lcoJQ5A3YE4pry0T?v=17&cid=4430&tid=nnFwxXbBdhB0Mo2EnudXnHfthXIGzOrr5eI2kCHKuM8CCvxMu5e8Wt9cZmxJYPJZtyUpAZ2atKDaLjGzcuHsq0V8DXQvR5NzfW5RBkMQUzdOO-ZHACgTxNEamhRbN392oQ69g4XxsN5wgUCzYIzo731zOytAI19LVvHwUyNw98t5NgY_Yv5eAYmKv2VtyHk9Pq52ytY4kQ79-ux84FN7MWMOSh7B1SyOTnVtvy7f9qSRodad0e_H0_bT75ZOWNg8YHdzPGb6YMYYslzBcR2qrInQzwlLc1jUf-rkhW7eq2c3jdAAzpy0rwFV3E9Czq9Nn-JzaFjJNr0MQBe91FgyvHA1NTIou7geZo79gzxRPF-yiVKK_Z9jJYe7EzFTtBVRhdIZ396H3SIxT5Q&cert=grts

Remove VideoPerformerSetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.