» BatteryOptimizer.exe
Overview
Analysis
File Details
Network (2)

BatteryOptimizer.exe

Battery Optimizer

ReviverSoft LLC

The application BatteryOptimizer.exe, “Battery Optimizer is an advanced laptop battery diagnostic tool that can help you get extra life out of your battery.” by ReviverSoft has been detected as a potentially unwanted program by 2 anti-malware scanners. While running, it connects to the Internet address hans-moleman.w3.org on port 80 using the HTTP protocol.

File name:

Publisher:

ReviverSoft LLC (signed and verified)

Product:

Battery Optimizer

Description:

Battery Optimizer is an advanced laptop battery diagnostic tool that can help you get extra life out of your battery.

Version:

3, 0, 3, 5

MD5:

33249a7096cf36bf971775322564f813

SHA-1:

080244db2c63272b202bf0ee46124121d77eb358

SHA-256:

3cc519d4d134dc26b3d08c4882e005c60c3ecefcfe46beee98d56341326f01cb

Scanner detections:

2 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 11:04:56 PM UTC (a few moments ago)

Scan engine

Detection

Engine version

Comodo Security

Heur.Suspicious

20093

Reason Heuristics

PUP.Optional.ReviverSoft

15.2.13.16

File size:

9.3 MB (9,801,072 bytes)

Product version:

3, 0, 3, 5

ReviverSoft 2009

Original file name:

BatteryOptimizer.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\Program Files\reviversoft\battery optimizer\batteryoptimizer.exe

Digital Signature

Signed by:

ReviverSoft LLC

Authority:

Thawte Consulting (Pty) Ltd.

Valid from:

10/29/2009 1:00:00 AM

Valid to:

10/27/2010 1:59:59 AM

Subject:

CN=ReviverSoft LLC, OU=Secure Application Development, O=ReviverSoft LLC, L=Walnut Creek, S=California, C=US

Issuer:

CN=Thawte Code Signing CA, O=Thawte Consulting (Pty) Ltd., C=ZA

Serial number:

63EB81EA551540406D7B7123BD90D4C3

File PE Metadata

Compilation timestamp:

5/14/2010 5:07:16 PM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

49152:xWf9Z1X2K6yAHivY3QNDvQPBYHprBjtHdHThSKMSVF6JXirVo9:x49DXN6yhY3QNbIuHbh4pC4

Entry address:

0x1BABFA

Entry point:

E8, F6, 4D, 01, 00, E9, 79, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 55, 8B, EC, 57, 56, 8B, 75, 0C, 8B, 4D, 10, 8B, 7D, 08, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, A4, 01, 00, 00, 81, F9, 00, 01, 00, 00, 72, 1F, 83, 3D, 64, 21, 63, 00, 00, 74, 16, 57, 56, 83, E7, 0F, 83, E6, 0F, 3B, FE, 5E, 5F, 75, 08, 5E, 5F, 5D, E9, C8, A8, 00, 00, F7, C7, 03, 00, 00, 00, 75, 15, C1, E9, 02, 83, E2, 03, 83, F9, 08, 72, 2A, F3, A5, FF, 24, 95, 84, AD, 5B, 00, 90, 8B, C7, BA, 03, 00, 00... 
[+]

Code size:

1.9 MB (2,033,152 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):

Connects to hans-moleman.w3.org (128.30.52.100:80)

TCP (HTTP):

Connects to ec2-52-5-232-222.compute-1.amazonaws.com (52.5.232.222:80)

Remove BatteryOptimizer.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.