» 2570bd6c.ftf.ftf
Overview
Analysis
File Details

2570bd6c.ftf.ftf

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The file 2570bd6c.ftf.ftf by PC Utilities Software Limited has been detected as a potentially unwanted program by 15 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider.

File name:

2570bd6c.ftf.ftf

Publisher:

PC Utilities Software Limited (signed and verified)

MD5:

eee07532bda3d2cfa24063b7787789c0

SHA-1:

bfd3136b4e94668666b7dddfc628be5e5454a4cb

SHA-256:

97e0423ac2680c070f471e7dd484583194a3ba98a8300b56b04835c7a51d8bec

Scanner detections:

15 / 68

Status:

Potentially unwanted

Explanation:

Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:

4/27/2024 12:21:53 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Gen:Variant.Adware.Bprotector.5

826

AegisLab AV Signature

Troj.W32.Gen

2.1.4+

Avira AntiVirus

TR/BProtector.Gen2

7.11.182.172

AVG

Generic_r

2015.0.3304

Bitdefender

Gen:Variant.Adware.Bprotector.5

1.0.20.1525

Comodo Security

Application.Win32.BProtect.COLC

19960

Emsisoft Anti-Malware

Gen:Variant.Adware.Bprotector

8.14.11.01.07

ESET NOD32

Win32/SProtector (variant)

8.10654

F-Secure

Gen:Variant.Adware.Bprotector.5

11.2014-01-11_7

G Data

Gen:Variant.Adware.Bprotector

14.11.24

IKARUS anti.virus

Win32.SuspectCrc

t3scan.1.8.3.0

K7 AntiVirus

Trojan

13.185.13866

MicroWorld eScan

Gen:Variant.Adware.Bprotector.5

15.0.0.915

Reason Heuristics

PUP.PCUtilities.O

14.11.1.6

Sophos

BProtector

4.98

File size:

3.8 MB (4,031,304 bytes)

Common path:

C:\windows\temp\2570bd6c.ftf.ftf

Digital Signature

Signed by:

PC Utilities Software Limited

Authority:

GoDaddy.com, Inc.

Valid from:

4/5/2013 2:29:35 PM

Valid to:

4/3/2015 10:23:14 AM

Subject:

CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B239BABC97410

File PE Metadata

Compilation timestamp:

12/17/2013 5:02:48 PM

OS version:

6.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

98304:5Cvvza95sMlzkvsSSbofaaWgGydsKZ0YeEv:5CMlzkvsSSMCMGyVZ0O

Entry address:

0x1CCAD1

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 83, D1, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, C0, 1A, 25, 10, E8, D0, 4F, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, 90, 5D, 29, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 50, FC, 23, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

7.1243

Developed / compiled with:

Microsoft Visual C++

Code size:

2.2 MB (2,343,936 bytes)

Remove 2570bd6c.ftf.ftf - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.