home

videoperformersetup.exe

Forty Seven Tech Software LLC

This is the Performersoft setup installer. The application videoperformersetup.exe by Forty Seven Tech Software has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.
Publisher:
videoperformer  (signed by Forty Seven Tech Software LLC)

Product:
videoperformer

Version:
14.5.26.1

MD5:
d44472ba2657903b522c0241302dd5c3

SHA-1:
84dfceef5bae85c244d83c0f94b337054ec92fc9

SHA-256:
ab189fe782eda0d90e07c3b9e38552fb40be25e92582aefe1df48ce5ef8c8a29

Scanner detections:
25 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
5/2/2024 3:27:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.139208
875

AhnLab V3 Security
PUP/Win32.InstallBrain
2014.09.13

Avira AntiVirus
APPL/InstallBrain.Gen
7.11.171.218

avast!
Win32:InstallBrain-BI [PUP]
2014.9-140912

AVG
Adware InstallBrain
2015.0.3353

Bitdefender
Gen:Variant.Adware.Graftor.139208
1.0.20.1275

Dr.Web
Adware.Downware.3914
9.0.1.0255

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.139208
8.14.09.12.12

ESET NOD32
Win32/InstallBrain.BM potentially unwanted application
8.7.0.302.0

F-Prot
W32/IBrain.B2.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.Graftor.139208
11.2014-12-09_6

G Data
Gen:Variant.Adware.Graftor.139208
14.9.24

herdProtect (fuzzy)
variant of videoperformersetup(4).exe (Adware)
2014.11.7.11

IKARUS anti.virus
PUA.InstallBrain
t3scan.1.7.8.0

K7 AntiVirus
Unwanted-Program
13.183.13358

Kaspersky
not-a-virus:AdWare.Win32.BrainInst
14.0.0.3262

MicroWorld eScan
Gen:Variant.Adware.Graftor.139208
15.0.0.765

NANO AntiVirus
Riskware.Win32.Downware.cypgup
0.28.2.61942

Quick Heal
TrojanDownloader.Brantall.A5
9.14.14.00

Reason Heuristics
PUP.Installer.FortySevenTechSoftware.W
14.9.12.12

Sophos
InstallBrain
4.98

SUPERAntiSpyware
Questionable.Resource
10364

Vba32 AntiVirus
Trojan.Badur
3.12.26.3

VIPRE Antivirus
Threat.4759033
32938

Zillya! Antivirus
Trojan.Black.Win32.16744
2.0.0.1919

File size:
1.3 MB (1,365,680 bytes)

Product version:
14.5.26.1

Copyright:
Copyright 2014

Original file name:
videoperformerSetup.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\downloads\videoperformersetup.exe

Digital Signature
Signed by:
Forty Seven Tech Software LLC

Authority:
GoDaddy.com, Inc.

Valid from:
12/18/2013 10:13:53 PM

Valid to:
12/18/2016 10:13:53 PM

Subject:
CN=Forty Seven Tech Software LLC, O=Forty Seven Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27C178FAD33D6A

File PE Metadata
Compilation timestamp:
5/13/2014 7:05:34 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:pv1Okt3JTNlwAFgxa/ZGSylb02LOxWCiRcoEuZ7mnI9QYW0OAJTX1Ra:9Y43JTNC0gxuGSC3bCiRcEXQYOAJTX1Y

Entry address:
0x106A9

Entry point:
E8, 56, 4E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, 0C, 43, 00, 00, 75, 18, E8, A0, 46, 00, 00, 6A, 1E, E8, EA, 44, 00, 00, 68, FF, 00, 00, 00, E8, E3, 16, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 94, 0C, 43, 00, FF, 15, 80, 40, 42, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 98, 0C, 43, 00, 74, 0D, 53, E8, 79, 1B, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 71, 1D, 00, 00, 89, 30, E8, 6A, 1D, 00, 00, 89...
 
[+]

Code size:
137.5 KB (140,800 bytes)

Remove videoperformersetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.