InstallBrain

Category: Adware and PUAs Protection available since:19 Oct 2012 23:28:06 (GMT)
Type: Unspecified PUA Last Updated:26 Sep 2017 22:53:19 (GMT)

Download Download our free Virus Removal Tool - Find and remove threats your antivirus missed

InstallBrain is an installer which bundles legitimate applications with offers for additional third party applications that may be unwanted by the user. Such third party applications are typically installed onto users’ computers by default, but may include an option to ‘opt-out’ during or after the installation process.

Examples of InstallBrain include:

Example 1

File Information

Size
607K
SHA-1
00973db08688f3a08330c3592f6bccb257ac3798
MD5
b75658f48da08c100060f4f81aee35e2
CRC-32
57ac6fe5
File type
Windows executable
First seen
2012-10-12

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\ZoolaGames Setup313312.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\pb-bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\b3.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\btn.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\b4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\btn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\trust.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\arrow.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\corn4.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ajax-loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\pb-bg-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\pb-bg-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\mid.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\red-pb-act-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\lbg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\red-pb-act-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\check.jpg
  • c:\Documents and Settings\test user\Desktop\Continue ZoolaGames Setup installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\corn1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\corn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\lbg-bottom.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\corn3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\lbg-top.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\3.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ajax-loader2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\center2.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\red-pb-act.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\page_1584_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\arrow.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp8f0f383\config\ib\b-bg.gif
HTTP Requests
  • http://s3.amazonaws.com/installbrain/bootstrap/383/start.cf
  • http://s3.amazonaws.com/installbrain/bootstrap/383/startgui.cf
  • http://stats-182385724-1591972470.us-east-1.elb.amazonaws.com/installer/bootstrap.php
DNS Requests
  • s3.amazonaws.com
  • stats-182385724-1591972470.us-east-1.elb.amazonaws.com

Example 2

File Information

Size
555K
SHA-1
010d6bc58ebcca316d182e69ca6ffcdf8c9cb0cd
MD5
98018fd764256da69236c4f2d5dae892
CRC-32
109ff391
File type
Windows executable
First seen
2012-10-01

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\Audio Performer53484.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1626.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\2084.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1624_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1629_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1627.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\b3.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\corn1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\corn3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\btn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\2085.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1629.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\arrow.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\corn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\js\jquery.noselect.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\2469.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\arrow.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\mid.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\check.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1627_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\lbg-top.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ajax-loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\center2.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\events\events.js
  • c:\Documents and Settings\test user\Desktop\Continue Audio Performer installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1625.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\b4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1624.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\1628.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\corn4.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1625_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\lbg-bottom.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\b-bg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ajax-loader2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1628_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\btn.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2084_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\pb-bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1625_feature_.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1627_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1628_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\pb-bg-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\template_40.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\trust.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\red-pb-act.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\red-pb-act-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\js\jquery-1.7.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1627_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1625_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\js\smart.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1626_feature_.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2469_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1629_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2469_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2469_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2085_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1626_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2084_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\pb-bg-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\red-pb-act-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_2085_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\ib\lbg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1626_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\js\config.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmpc0b9390\config\page_1624_attr_46.bmp
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Run
    Audio Performer53484.exe
    "C:\DOCUME~1\support\LOCALS~1\Temp\Audio Performer53484.exe" /XML="C:\DOCUME~1\support\LOCALS~1\Temp\2.tmp" /STP=0:2
Processes Created
  • c:\docume~1\support\locals~1\temp\4.tmp
HTTP Requests
  • http://bootstrap1-639932975.us-east-1.elb.amazonaws.com/installer/bootstrap.php
  • http://s3.amazonaws.com/installbrain/bootstrap/390/start.cf
  • http://s3.amazonaws.com/installbrain/bootstrap/390/startgui.cf
  • http://s3.amazonaws.com/installbrain/conditions/bandoocheck.exe
DNS Requests
  • bootstrap1-639932975.us-east-1.elb.amazonaws.com
  • s3.amazonaws.com
  • stats1-1013604270.us-east-1.elb.amazonaws.com

Example 3

File Information

Size
600K
SHA-1
0192a98bbb17aa3f8dca65e741baeb56d78c0eab
MD5
4120f3c3f135545f04fb0529ee3c6cef
CRC-32
0005882f
File type
Windows executable
First seen
2012-10-31

Runtime Analysis

Copies Itself To
  • c:\Documents and Settings\test user\Local Settings\Temp\Zoola Games Setup313312.exe
Dropped Files
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\pb-bg.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2588.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\corn1.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\lbg-top.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\arrow.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2584_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2586_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2589_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2584_feature_.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\component_532
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\corn4.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\b3.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\btn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\component_568
  • c:\Documents and Settings\test user\Desktop\Continue Zoola Games Setup installation.lnk
  • c:\Documents and Settings\test user\Local Settings\Temp\2.tmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\corn3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2588_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\pb-bg-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ajax-loader.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2584.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\corn2.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2586.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\events\events.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2587_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\arrow.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2588_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2589.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\center2.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2591.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ajax-loader2.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2590.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\mid.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\js\jquery.noselect.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2587_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\b-bg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2584_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\lbg-bottom.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2590_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\2587.html
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\b4.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\check.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\btn.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2589_attr_15.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\js\config.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2588_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\js\jquery-1.7.min.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2589_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\main.css
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\js\smart.js
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\red-pb-act-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2591_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2590_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\template_40.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\red-pb-act.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2591_attr_46.bmp
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\lbg.gif
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\pb-bg-right.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\page_2586_attr_3.png
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\red-pb-act-left.jpg
  • c:\Documents and Settings\test user\Local Settings\Temp\ibtmp0220544\config\ib\trust.gif
Registry Keys Created
  • HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\Cache\Extensible Cache\MSHist012012110120121102
    CacheRepair
    0x00000000
HTTP Requests
  • http://bootstrap1-639932975.us-east-1.elb.amazonaws.com/installer/bootstrap.php
  • http://d2qsma9t6l5kt7.cloudfront.net/components/MyBabylonTBv4.cf
  • http://d2qsma9t6l5kt7.cloudfront.net/components/ProtectorSetup.exe
  • http://s3.amazonaws.com/installbrain/bootstrap/544/start.cf
  • http://s3.amazonaws.com/installbrain/bootstrap/544/startgui.cf
  • http://s3.amazonaws.com/installbrain/components/ZGSetupnoAR.cf
DNS Requests
  • bootstrap1-639932975.us-east-1.elb.amazonaws.com
  • d2qsma9t6l5kt7.cloudfront.net
  • s3.amazonaws.com
  • stats1-1013604270.us-east-1.elb.amazonaws.com

download Try Sophos products for free
Download now