» x64injector.exe
Overview
Analysis
File Details

x64injector.exe

MediaTechSoft Inc.

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application x64injector.exe by MediaTechSoft has been detected as adware by 34 anti-malware scanners. It bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. It is also typically executed from the user's temporary directory.

File name:

x64injector.exe

Publisher:

MediaTechSoft Inc. (signed and verified)

MD5:

fac5ad66dabc9911ab1406fc88f025c9

SHA-1:

e65dfac2977662cef2ecaa2b0e1358f220ed4ac0

SHA-256:

a8d6fa55198781e7ea11f2a824f9d5ef41caad3431923241726aea5b0fca5ad7

Scanner detections:

34 / 68

Status:

Adware

Explanation:

Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Analysis date:

4/25/2024 8:44:47 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Application.Bundler.InstallBrain.F

433

Agnitum Outpost

Trojan.Agent

7.1.1

AhnLab V3 Security

Trojan/Win64.Rotbrow

2015.10.10

Avira AntiVirus

TR/Bprotector.FJEL

8.3.2.2

Arcabit

Application.Bundler.InstallBrain.F

1.0.0.582

avast!

Win64:Adware-B [Adw]

2014.9-151129

AVG

Generic5

2016.0.2911

Bitdefender

Application.Bundler.InstallBrain.F

1.0.20.1665

Bkav FE

W64.HfsAdware

1.3.0.7237

Comodo Security

ApplicUnwnt

23387

ESET NOD32

Win64/bProtector.A potentially unwanted

9.12385

Fortinet FortiGate

W64/Rotbrow.I!tr

11/29/2015

F-Prot

W64/Trojan5.LAC

v6.4.7.1.166

F-Secure

Application.Bundler.InstallBrain

11.2015-29-11_1

G Data

Application.Bundler.InstallBrain

15.11.25

IKARUS anti.virus

PUA.Rotbrow

t3scan.1.9.5.0

K7 AntiVirus

Trojan

13.210.17489

Kaspersky

Trojan.Win64.Bromngr

14.0.0.1048

McAfee

RDN/Generic PUP.x!cnz

5600.6567

Microsoft Security Essentials

TrojanDropper:Win64/Rotbrow.I

1.1.12101.0

MicroWorld eScan

Application.Bundler.InstallBrain.F

16.0.0.999

NANO AntiVirus

Trojan.Win64.Bprotector.dkbqab

0.30.26.3947

Panda Antivirus

Trj/WLT.A

15.11.29.08

Qihoo 360 Security

Win32/Trojan.2fa

1.0.0.1015

Quick Heal

TrojanDropper.Rotbrow.rw6

11.15.14.00

Reason Heuristics

PUP.Performersoft (M)

16.11.21.21

Sophos

Mal/Generic-L

4.98

SUPERAntiSpyware

Adware.InstallBrain/Variant

9478

Total Defense

Win64/Rotbrow.E

37.1.62.1

Trend Micro House Call

TROJ_SPNR.3CGP14

7.2.333

Trend Micro

TROJ_SPNR.3CGP14

10.465.29

VIPRE Antivirus

Win32.Malware!Drop

44432

ViRobot

Trojan.Win32.S.Agent.132576.C[h]

2014.3.20.0

Zillya! Antivirus

Trojan.Bromngr.Win64.1

2.0.0.2437

File size:

129.5 KB (132,576 bytes)

File type:

Executable application (Win64 EXE)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\x64injector.exe

Digital Signature

Signed by:

MediaTechSoft Inc.

Authority:

GoDaddy.com, Inc.

Valid from:

8/4/2013 4:09:22 AM

Valid to:

3/29/2016 1:18:00 PM

Subject:

CN=MediaTechSoft Inc., O=MediaTechSoft Inc., L=Beaverton, S=Oregon, C=US

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

047346D0687AB1

File PE Metadata

Compilation timestamp:

10/3/2013 5:17:28 AM

OS version:

5.2

OS bitness:

Win64

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

3072:fjPahAoMqlD9yXy++TUQZzAypLEYCDiwQ7hNOamQS:fHoME9yXGTvZznREKiamt

Entry address:

0x947C

Entry point:

48, 83, EC, 28, E8, 47, 41, 00, 00, 48, 83, C4, 28, E9, 52, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, 66, 66, 0F, 1F, 84, 00, 00, 00, 00, 00, 4C, 8B, D9, 48, 2B, D1, 0F, 82, 9E, 01, 00, 00, 49, 83, F8, 08, 72, 61, F6, C1, 07, 74, 36, F6, C1, 01, 74, 0B, 8A, 04, 0A, 49, FF, C8, 88, 01, 48, FF, C1, F6, C1, 02, 74, 0F, 66, 8B, 04, 0A, 49, 83, E8, 02, 66, 89, 01, 48, 83, C1, 02, F6, C1, 04, 74, 0D, 8B, 04, 0A, 49, 83, E8, 04, 89, 01, 48, 83, C1, 04, 4D, 8B, C8, 49, C1, E9, 05, 75, 51, 4D, 8B, C8, 49, C1, E9... 
[+]

Entropy:

5.9310

Code size:

67.5 KB (69,120 bytes)

Remove x64injector.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.