» 1eb62cd6.ftf.ftf
Overview
Analysis
File Details

1eb62cd6.ftf.ftf

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The file 1eb62cd6.ftf.ftf by PC Utilities Software Limited has been detected as a potentially unwanted program by 10 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider.

File name:

1eb62cd6.ftf.ftf

Publisher:

PC Utilities Software Limited (signed and verified)

MD5:

f8e9cdcec8dbd5a3253873c5e31016c7

SHA-1:

fd9c94a5425d06fb1a6467e44e97e98177e2ce78

SHA-256:

2416c977823ef01ad15b09e3616445db9b79e9c9a7aa4edf0ee8b87848c67506

Scanner detections:

10 / 68

Status:

Potentially unwanted

Explanation:

Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:

5/9/2024 6:17:07 PM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Graftor.127350

805

AVG

Generic_r

2015.0.3283

Bitdefender

Gen:Variant.Graftor.127350

1.0.20.1630

Emsisoft Anti-Malware

Gen:Variant.Graftor.127350

8.14.11.22.12

ESET NOD32

Win32/SProtector (variant)

8.9363

F-Secure

Gen:Variant.Graftor.127350

11.2014-22-11_7

G Data

Gen:Variant.Graftor.127350

14.11.24

IKARUS anti.virus

AdWare.Bprotector

t3scan.2.2.29

MicroWorld eScan

Gen:Variant.Graftor.127350

15.0.0.978

Reason Heuristics

PUP.PCUtilities.O

14.11.21.23

File size:

4 MB (4,149,576 bytes)

Common path:

C:\windows\temp\1eb62cd6.ftf.ftf

Digital Signature

Signed by:

PC Utilities Software Limited

Authority:

GoDaddy.com, Inc.

Valid from:

4/5/2013 2:29:35 PM

Valid to:

4/3/2015 10:23:14 AM

Subject:

CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B239BABC97410

File PE Metadata

Compilation timestamp:

1/28/2014 11:24:54 AM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:9b77Z9zlAeTDBd1ZJ67WmI51hrf76HIUF+h2H:bhd1Zc6mI5DCoLAH

Entry address:

0x136024

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, C5, DE, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 60, 14, 26, 10, E8, 2D, 5E, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 90, 5D, 2A, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 44, EC, 24, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

7.1345

Developed / compiled with:

Microsoft Visual C++

Code size:

2.3 MB (2,406,400 bytes)

Remove 1eb62cd6.ftf.ftf - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.