install pc performer153218.exe

InstallBrain Installer

Performersoft LLC

This is the Performersoft setup installer. The application install pc performer153218.exe by Performersoft has been detected as a potentially unwanted program by 9 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. This file is typically installed with the program InstallBrain Updater Service by PerformerSoft LLC which is a potentially unwanted software program. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.
Publisher:
InstallBrain  (signed by Performersoft LLC)

Product:
InstallBrain Installer

Description:
Install Module

Version:
11,6,20,2

MD5:
032fd52dd518da05295148945e83d01f

SHA-1:
2a9eca1c324f3b305469112fbf7a68ebdafe73c3

SHA-256:
be01f505b6ad5392f2351494e3fad63fb60a743e86854a592aa6ea66b6921c28

Scanner detections:
9 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
11/23/2024 10:07:38 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/InstallBrain.Gen5
7.11.63.204

Comodo Security
ApplicUnwnt.Win32.AdWare.IBrain.B
15470

Dr.Web
Adware.Downware.371
9.0.1.036

Emsisoft Anti-Malware
Riskware.Win32.InstallBrain
8.14.02.05.09

ESET NOD32
Win32/InstallBrain (variant)
8.8082

Fortinet FortiGate
Adware/Fam.NB
2/5/2014

MicroWorld eScan
ADWARE/InstallBrain.Gen
15.0.0.108

Reason Heuristics
PUP.Installer.Performersoft.AA
14.8.7.22

VIPRE Antivirus
InstallBrain
15878

File size:
268 KB (274,424 bytes)

Product version:
11,6,20,2

Copyright:
Copyright 2011

Trademarks:
InstallBrain

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\install pc performer153218.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
7/13/2011 6:38:26 AM

Valid to:
6/25/2012 11:20:46 AM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
277B96F94D20C1

File PE Metadata
Compilation timestamp:
11/6/2011 5:27:50 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
6144:wA+i3UX3NIkhK1uQPsjsHThpooMYCr9JIFQx3CFO5PzoSAk6:wA+s6dBK1uQPsgVpx2r9Px3CFO5boSA3

Entry address:
0xB3E30

Entry point:
60, BE, 00, C0, 47, 00, 8D, BE, 00, 50, F8, FF, 57, 89, E5, 8D, 9C, 24, 80, C1, FF, FF, 31, C0, 50, 39, DC, 75, FB, 46, 46, 53, 68, 91, 15, 0B, 00, 57, 83, C3, 04, 53, 68, 27, 7E, 03, 00, 56, 83, C3, 04, 53, 50, C7, 03, 03, 00, 00, 00, 90, 90, 90, 90, 90, 55, 57, 56, 53, 83, EC, 7C, 8B, 94, 24, 90, 00, 00, 00, C7, 44, 24, 74, 00, 00, 00, 00, C6, 44, 24, 73, 00, 8B, AC, 24, 9C, 00, 00, 00, 8D, 42, 04, 89, 44, 24, 78, B8, 01, 00, 00, 00, 0F, B6, 4A, 02, 89, C3, D3, E3, 89, D9, 49, 89, 4C, 24, 6C, 0F, B6, 4A...
 
[+]

Entropy:
7.7965  (probably packed)

Code size:
228 KB (233,472 bytes)

The file install pc performer153218.exe has been discovered within the following program.

InstallBrain Updater Service  by PerformerSoft LLC
InstallBrain Updater Service runs in the background as a Windows Service named InstallBrainService. InstallBrain Updater Service is possibly part of InstallBrain, a software download manager.
88% remove it
 
Powered by Should I Remove It?

The file install pc performer153218.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

TCP (HTTP):

Remove install pc performer153218.exe - Powered by Reason Core Security