installer.exe

Installer

Performersoft LLC

This is part of a Performersoft product, a 'PC optimzation' application that provides minimal benifits and may have been bundled by a third party installer. The application installer.exe by Performersoft has been detected as a potentially unwanted program by 17 anti-malware scanners. It bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins.
Publisher:
Performersoft LLC  (signed and verified)

Product:
Installer

Version:
15.9.28.27

MD5:
8ac02716631a12de2fbe3013225f8687

SHA-1:
f92e3fac8a70035bd4e22a595b728b9b373c4321

SHA-256:
05e80f867778a6777ab7f7e9e6ce03d34f02bf0365e12df7d2468ba5da40553b

Scanner detections:
17 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Analysis date:
12/25/2024 4:23:34 AM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.InstallBrain
2013.11.16

Avira AntiVirus
APPL/InstallBrain.Gen
7.11.91.88

Boost by Reason
Adware.Installer.Performersoft.J
2013.7.23.1

Comodo Security
UnclassifiedMalware
16620

Dr.Web
Adware.Downware.1295
9.0.1.0204

ESET NOD32
Win32/InstallBrain.AJ (variant)
7.8588

F-Secure
Trojan:W32/InstallBrain.A
11.2014-07-08_5

G Data
Win32.Application.InstallBrain
14.8.22

IKARUS anti.virus
Trojan-Downloader.Win32.Brantall
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.173.10217

Malwarebytes
Adware.InstallBrain
v2014.08.07.10

McAfee
Artemis!8AC02716631A
5600.7144

Microsoft Security Essentials
TrojanDownloader:Win32/Brantall.D
1.163.1557.3

Reason Heuristics
PUP.Installer.Performersoft.J
14.8.7.22

Sophos
InstallBrain
4.91

Trend Micro House Call
TROJ_GEN.F47V0719
7.2.204

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
23408

File size:
558.6 KB (572,032 bytes)

Product version:
15.9.28.27

Copyright:
Copyright 2012

Original file name:
installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\installer.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
6/27/2012 1:28:03 PM

Valid to:
6/27/2015 1:28:03 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07DAC5F73C6773

File PE Metadata
Compilation timestamp:
7/15/2013 1:51:26 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0xAC58

Code size:
91 KB (93,184 bytes)

The file installer.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove installer.exe - Powered by Reason Core Security