» videoperformersetup.exe
Overview
Analysis
File Details

videoperformersetup.exe

Forty Seven Tech Software LLC

This is the Performersoft setup installer. The application videoperformersetup.exe by Forty Seven Tech Software has been detected as adware by 25 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.

File name:

Publisher:

videoperformer (signed by Forty Seven Tech Software LLC)

Product:

videoperformer

Version:

14.5.26.1

MD5:

86118228d91f7a7422dce9391667acf1

SHA-1:

f603e9680c84e2c4da5653bc670e5bf87bec4bd4

SHA-256:

2a6c810c517192888fe1bbf8cc9f27f918e7254b828de37bf34731fe67f086dd

Scanner detections:

25 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:

This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:

5/17/2024 3:25:19 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Graftor.139208

875

AhnLab V3 Security

PUP/Win32.InstallBrain

2014.09.13

Avira AntiVirus

APPL/InstallBrain.Gen

7.11.171.218

avast!

Win32:InstallBrain-BI [PUP]

2014.9-140912

AVG

Adware InstallBrain

2015.0.3353

Bitdefender

Gen:Variant.Adware.Graftor.139208

1.0.20.1275

Dr.Web

Adware.Downware.3914

9.0.1.0255

Emsisoft Anti-Malware

Gen:Variant.Adware.Graftor.139208

8.14.09.12.12

ESET NOD32

Win32/InstallBrain.BM potentially unwanted application

8.7.0.302.0

F-Prot

W32/IBrain.B2.gen

v6.4.7.1.166

F-Secure

Gen:Variant.Adware.Graftor.139208

11.2014-12-09_6

G Data

Gen:Variant.Adware.Graftor.139208

14.9.24

herdProtect (fuzzy)

variant of videoperformersetup(3).exe (Adware)

2014.11.7.11

IKARUS anti.virus

PUA.InstallBrain

t3scan.1.7.8.0

K7 AntiVirus

Unwanted-Program

13.183.13358

Kaspersky

not-a-virus:AdWare.Win32.BrainInst

14.0.0.3262

MicroWorld eScan

Gen:Variant.Adware.Graftor.139208

15.0.0.765

NANO AntiVirus

Riskware.Win32.Downware.cypgup

0.28.2.61942

Quick Heal

TrojanDownloader.Brantall.A5

9.14.14.00

Reason Heuristics

PUP.Installer.FortySevenTechSoftware.W

14.9.12.12

Sophos

InstallBrain

4.98

SUPERAntiSpyware

Questionable.Resource

10364

Vba32 AntiVirus

Trojan.Badur

3.12.26.3

VIPRE Antivirus

Threat.4759033

32938

Zillya! Antivirus

Trojan.Black.Win32.16744

2.0.0.1919

File size:

1.3 MB (1,365,680 bytes)

Product version:

14.5.26.1

Original file name:

videoperformerSetup.exe

File type:

Executable application (Win32 EXE)

Bundler/Installer:

InstallBrain

Language:

English (United States)

Common path:

C:\users\{user}\downloads\videoperformersetup.exe

Digital Signature

Signed by:

Forty Seven Tech Software LLC

Authority:

GoDaddy.com, Inc.

Valid from:

12/18/2013 10:13:53 PM

Valid to:

12/18/2016 10:13:53 PM

Subject:

CN=Forty Seven Tech Software LLC, O=Forty Seven Tech Software LLC, L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

27C178FAD33D6A

File PE Metadata

Compilation timestamp:

5/13/2014 7:05:34 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:wv1Okt3JTNlwAFgxa/ZGSylb02LOxWCiRcoEuZ7mnI9QYW0OAJTX1RT:IY43JTNC0gxuGSC3bCiRcEXQYOAJTX1B

Entry address:

0x106A9

Entry point:

E8, 56, 4E, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, 94, 0C, 43, 00, 00, 75, 18, E8, A0, 46, 00, 00, 6A, 1E, E8, EA, 44, 00, 00, 68, FF, 00, 00, 00, E8, E3, 16, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, 94, 0C, 43, 00, FF, 15, 80, 40, 42, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, 98, 0C, 43, 00, 74, 0D, 53, E8, 79, 1B, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 71, 1D, 00, 00, 89, 30, E8, 6A, 1D, 00, 00, 89... 
[+]

Code size:

137.5 KB (140,800 bytes)

Remove videoperformersetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.