ibsvc.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application ibsvc.exe by Performersoft has been detected as a potentially unwanted program by 35 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. It runs as a windows Service named “Updater Service”. This file is typically installed with the program Updater Service by PerformerSoft LLC which is a potentially unwanted software program. According to AVG, this software downloads additional adware offers during setup.
Publisher:
InstallBrain  (signed by Performersoft LLC)

Product:
InstallBrain Installer

Version:
14,1,1,4

MD5:
04fe442ccb1dd185c2115c77de13c207

SHA-1:
b918bff2c39ca86129fad7a2aecce5f315790b4a

SHA-256:
043a2128aadd87985e4c7fb96ae0be0b7141dcdc2806b11779767d27cd767fe6

Scanner detections:
35 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
11/24/2024 4:21:15 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Bundler.InstallBrain.A
911

Agnitum Outpost
Adware.BrainInst
7.1.1

Avira AntiVirus
APPL/InstallBrain.Gen5
7.11.133.136

avast!
Win32:PUP-gen [PUP]
2014.9-140304

AVG
Downloader
2015.0.3389

Baidu Antivirus
Adware.Win32.BrainInst
4.0.3.1434

Bitdefender
Application.Bundler.InstallBrain.A
1.0.20.1095

Bkav FE
W32.Clodf9b.Trojan
1.3.0.4562

Boost by Reason
Optional.Service.Performersoft.F
188838

Clam AntiVirus
Trojan.Agent-294202
0.98/18989

Comodo Security
ApplicUnwnt.Win32.AdWare.IBrain.C
17844

Dr.Web
Adware.Downware.1295
9.0.1.063

ESET NOD32
Win32/InstallBrain
8.9466

Fortinet FortiGate
Adware/InstallBrain.OP
3/4/2014

F-Prot
W32/IBrain.B.gen
v6.4.7.1.166

F-Secure
Application.Bundler.InstallBrain
11.2014-07-08_5

G Data
Win32.Application.InstallBrain
14.3.24

IKARUS anti.virus
AdWare.InstallBrain
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.176.11256

Kaspersky
not-a-virus:AdWare.Win32.BrainInst
14.0.0.4221

Malwarebytes
Adware.InstallBrain
v2014.03.04.05

Microsoft Security Essentials
1.10302

MicroWorld eScan
Application.Bundler.InstallBrain.A
15.0.0.657

NANO AntiVirus
Trojan.Win32.Downware.bdczug
0.28.0.58101

nProtect
Trojan-Clicker/W32.BrainInst.373728
14.05.23.01

Panda Antivirus
PUP/Ibups
14.03.04.05

Quick Heal
TrojanDownloader.Brantall
3.14.12.00

Reason Heuristics
PUP.Service.Performersoft.F
14.8.7.22

Rising Antivirus
PE:Trojan.Win32.Generic.131E05D0!320734672
23.00.65.14302

Sophos
InstallBrain
4.97

SUPERAntiSpyware
Trojan.Agent/Gen-InstallBrain[PUP]
10435

Total Defense
Win32/Tnega.aEfTZDD
37.0.10938

Trend Micro House Call
HV_INSTALLBRAIN_CA225D33.TOMC
7.2.219

Vba32 AntiVirus
BScope.Trojan.Agent
3.12.24.3

VIPRE Antivirus
InstallBrain
26824

File size:
541.2 KB (554,176 bytes)

Product version:
14,1,1,4

Copyright:
Copyright 2011

Trademarks:
InstallBrain

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\ProgramData\ibupdaterservice\ibsvc.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
7/13/2011 1:38:26 PM

Valid to:
6/25/2012 6:20:46 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
277B96F94D20C1

File PE Metadata
Compilation timestamp:
6/15/2012 4:51:53 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
12288:bXYfH2j5DNMiGuCI941OJ26OXNxgZ/3+vNSlGoAlmYVG:bofH+GA9Wld6+vqL5YVG

Entry address:
0xC7E7

Entry point:
E8, BA, 34, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 8B, 5D, 08, 83, FB, E0, 77, 6F, 56, 57, 83, 3D, C8, C0, 41, 00, 00, 75, 18, E8, 05, 2D, 00, 00, 6A, 1E, E8, 4F, 2B, 00, 00, 68, FF, 00, 00, 00, E8, 13, 26, 00, 00, 59, 59, 85, DB, 74, 04, 8B, C3, EB, 03, 33, C0, 40, 50, 6A, 00, FF, 35, C8, C0, 41, 00, FF, 15, D8, 60, 41, 00, 8B, F8, 85, FF, 75, 26, 6A, 0C, 5E, 39, 05, EC, C0, 41, 00, 74, 0D, 53, E8, 2B, 19, 00, 00, 59, 85, C0, 75, A9, EB, 07, E8, 05, 03, 00, 00, 89, 30, E8, FE, 02, 00, 00, 89...
 
[+]

Code size:
82 KB (83,968 bytes)

Service
Display name:
Updater Service

Service name:
IBUpdaterService

Type:
Win32ShareProcess


The file ibsvc.exe has been discovered within the following program.

Updater Service  by PerformerSoft LLC
The program creates a Windows Service under the name "IBUpdaterService" and display name of "Updater Service" which is run by the executable ibsvc.exe digitally signed by Performersoft LLC.
www.installbrain.com
83% remove it
 
Powered by Should I Remove It?

The file ibsvc.exe has been seen being distributed by the following 2 URLs.

http://version.etype.com/.../etype_setup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-23-21-51-165.compute-1.amazonaws.com  (23.21.51.165:80)

Remove ibsvc.exe - Powered by Reason Core Security