home

x64injector.exe

MediaTechSoft Inc.

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application x64injector.exe by MediaTechSoft has been detected as adware by 10 anti-malware scanners. This file is typically installed with the program BitGuard by MediaTechSoft Inc. which is a potentially unwanted software program. It bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.
Publisher:
MediaTechSoft Inc.  (signed and verified)

MD5:
63ca5cf9f0de5306e4a343269f3a88e3

SHA-1:
d076fb659c9687d32de28e7422a12922cc03bada

SHA-256:
91a840df7bdffea64a2c5558087f958d9468275c1f25ccc0b2b77f8b22674383

Scanner detections:
10 / 68

Status:
Adware

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Analysis date:
4/25/2024 1:30:33 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/Adware.BProtector.F
7.11.117.240

AVG
Generic5
2015.0.3584

Bkav FE
W32.Clod5d7.Trojan
1.3.0.4562

K7 AntiVirus
Riskware
13.174.10410

McAfee
Artemis!63CA5CF9F0DE
5600.7240

Microsoft Security Essentials
TrojanDropper:Win64/Rotbrow.I
1.163.1557.0

Reason Heuristics
PUP.Performersoft (M)
16.11.21.21

Sophos
BProtector
4.95

Trend Micro House Call
TROJ_GEN.F47V1121
7.2.24

VIPRE Antivirus
InstallBrain
24024

File size:
129.5 KB (132,576 bytes)

File type:
Executable application (Win64 EXE)

Common path:
C:\ProgramData\bitguard\2.7.1832.68\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\x64injector.exe

Digital Signature
Signed by:
MediaTechSoft Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
8/4/2013 9:09:22 AM

Valid to:
3/29/2016 6:18:00 PM

Subject:
CN=MediaTechSoft Inc., O=MediaTechSoft Inc., L=Beaverton, S=Oregon, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
047346D0687AB1

File PE Metadata
Compilation timestamp:
10/3/2013 10:17:28 AM

OS version:
5.2

OS bitness:
Win64

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
3072:TjPahAoMqlD9yXy++TUQZzAypLEYCDiwQ7hNOamQG:THoME9yXGTvZznREKiamJ

Entry address:
0x947C

Entry point:
48, 83, EC, 28, E8, 47, 41, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 4C, 8B, D9, 48, 2B, D1, 0F, 82, 9E, 01, 00, 00, 49, 83, F8, 08, 72, 61, F6, C1, 07, 74, 36, F6, C1, 01, 74, 0B, 8A, 04, 0A, 49, FF, C8, 88, 01, 48, FF, C1, F6, C1, 02, 74, 0F, 66, 8B, 04, 0A, 49, 83, E8, 02, 66, 89, 01, 48, 83, C1, 02, F6, C1, 04, 74, 0D, 8B, 04, 0A, 49, 83, E8, 04, 89, 01, 48, 83, C1, 04, 4D, 8B, C8, 49, C1, E9, 05, 75, 51, 4D, 8B, C8, 49, C1, E9...
 
[+]

Entropy:
5.9309

Code size:
67.5 KB (69,120 bytes)

The file x64injector.exe has been discovered within the following program.

BitGuard  by MediaTechSoft Inc.
BitGuard also known as BProtector, Application Manager and Browser Protector is an application designed to prevent the removal of software installed by the provider and affiliates (including web browser extensions deployed by PerformerSoft).
www.mediatechsoft.com/contact.html
74% remove it
 
Powered by Should I Remove It?

Remove x64injector.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.