pcperformer.exe

PC Performer

Performersoft LLC

This is the Performersoft setup installer. The application pcperformer.exe by Performersoft has been detected as a potentially unwanted program by 10 anti-malware scanners. The program is a setup application that uses the InstallBrain installer. The setup program bundles additional offers, mostly adware, using the InstallBrain installer, a pay-per-install monetization download manager. InstallBrain will also install a background updater service that will update any installed browser add-ons and plug-ins. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from cdn.appoder.com. While running, it connects to the Internet address www.ibbalance.com on port 443.
Publisher:
PerformerSoft LLC   (signed by Performersoft LLC)

Product:
PC Performer

Version:
PC Performer

MD5:
db2927610df2ff9888b394a3c8a918db

SHA-1:
d717e392d8b7b123a232a147c2a7708b96b5b8d9

SHA-256:
bbc19581452210dd320447e4ad3550070a42d6c9827a8f705cbc7b8ea32753d7

Scanner detections:
10 / 68

Status:
Potentially unwanted

Explanation:
Uses the InstallBrain monetization platform from iBario to deliver bundled adware both search toolbars and PC optimizers from Performersoft.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
11/23/2024 9:29:31 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
APPL/InstallBrain.EK
7.11.135.48

AVG
MalSign.InstallBrain
2015.0.3513

Boost by Reason
Optional.Performersoft.L
188838

Comodo Security
UnclassifiedMalware
17893

ESET NOD32
Win32/PCPerformer
8.9509

Malwarebytes
PUP.Optional.PCPerformer.A
v2014.04.05.05

Panda Antivirus
PUP/Ibups
14.04.05.05

Reason Heuristics
PUP.Performersoft.L
14.8.7.22

VIPRE Antivirus
InstallBrain
27136

XVirus List
Win32.Detected
2.8.7

File size:
3.2 MB (3,343,896 bytes)

Product version:
11.10

Copyright:
© PerformerSoft LLC

File type:
Executable application (Win32 EXE)

Bundler/Installer:
InstallBrain

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\pcperformer.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
6/27/2012 10:28:03 PM

Valid to:
6/27/2015 10:28:03 PM

Subject:
CN=Performersoft LLC, O=Performersoft LLC, L=Beaverton, S=OR, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
07DAC5F73C6773

File PE Metadata
Compilation timestamp:
10/9/2012 10:48:22 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:aVDkCjjMYCjiiMZElazlQWRkzPlcXOSpkPa7KIt23ikW3d4gqDFVE:q4CjwpMZmm+ckiXOSpkbC23rkWzjE

Entry address:
0xF3BC

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, 64, ED, 40, 00, E8, E8, 71, FF, FF, 33, C0, 55, 68, 89, FA, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 45, FA, 40, 00, 64, FF, 32, 64, 89, 22, A1, 48, 3B, 41, 00, E8, BE, F7, FF, FF, E8, 65, F3, FF, FF, 8D, 55, EC, 33, C0, E8, F7, C3, FF, FF, 8B, 55, EC, B8, 4C, 66, 41, 00, E8, 6A, 58, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, 4C, 66, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
59 KB (60,416 bytes)

The file pcperformer.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to www.softologic.com  (174.37.181.31:80)

TCP (HTTP SSL):
Connects to www.ibbalance.com  (173.192.190.227:443)

Remove pcperformer.exe - Powered by Reason Core Security