» Fix-It_Registry_Optimizer_FR.exe
Overview
Analysis
File Details
Downloads (36)

Fix-It_Registry_Optimizer_FR.exe

Fix-It Registry Optimizer

Smart PC Solutions, Inc.

The application Fix-It_Registry_Optimizer_FR.exe, “Fix PC problems and optimize performance ” by Smart PC Solutions has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Inno Setup installer. The file has been seen being downloaded from webtools.avanquest.com and multiple other hosts.

File name:

Publisher:

Avanquest Software (signed by Smart PC Solutions, Inc.)

Product:

Fix-It Registry Optimizer

Description:

Fix PC problems and optimize performance

Version:

2.0

MD5:

ea40f1aaeb287671bdb6c0ceea7faf73

SHA-1:

a6c0c7d1822b472268b41e0bea044f6c53c79f26

SHA-256:

2abc8c3fc27042dc2fa23a7c53a572be4261a513604df6ae0c8fe71d10c3bd99

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

4/26/2024 4:42:34 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.SmartPCSolutions.CC

14.6.10.14

File size:

1.3 MB (1,325,736 bytes)

Product version:

2.0

Avanquest Software

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\downloads\fix-it_registry_optimizer_fr.exe

Digital Signature

Signed by:

Smart PC Solutions, Inc.

Authority:

VeriSign, Inc.

Valid from:

4/15/2009 8:00:00 PM

Valid to:

5/30/2011 7:59:59 PM

Subject:

CN="Smart PC Solutions, Inc.", OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Smart PC Solutions, Inc.", L=Alexandria, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

5267DCE6AF375FA7C4F1CA65BD87DF80

File PE Metadata

Compilation timestamp:

6/19/1992 6:22:17 PM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

24576:g20nmlZY3jWkVP1j1BlEiTkWXwDZBmBUU6PGGRsNh2KuItGcesZ:g2nbYzWkVP1jPlxwn4NpNAmtD

Entry address:

0x9B24

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, A2, 95, FF, FF, E8, A9, A7, FF, FF, E8, D4, C9, FF, FF, E8, 1B, CA, FF, FF, E8, 0E, F3, FF, FF, E8, 75, F4, FF, FF, 33, C0, 55, 68, DB, A1, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, A4, A1, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 9B, FE, FF, FF, E8, 02, FA, FF, FF, 8D, 55, F0, 33, C0, E8, 04, D0, FF, FF, 8B, 55, F0, B8, E4, CD, 40, 00, E8, 53, 96, FF, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, E4, CD, 40, 00, B2, 01, B8... 
[+]

Entropy:

7.9876

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

37 KB (37,888 bytes)

The file Fix-It_Registry_Optimizer_FR.exe has been seen being distributed by the following 36 URLs.

http://webtools.avanquest.com/download.cfm?tracking=AQ_FR_AD_PA_ED_FIRO_0815&skip=1&em=1&email=[EMV FIELD]email[EMV /FIELD]&firstname=[EMV FIELD]FirstName[EMV /FIELD]&lastname=[EMV FIELD]LastName[EMV /FIELD]&go=http://fastcdn.avanquest.com/FIRO/.../Fix-It_Registry_Optimizer_FR.exe

http://software.avanquest.com/HP?b=psQj45_SKKm5Tj5z_4uYgzMPzhHfyQUx1swJ2NZYRBb9mHYbBwAxSyolviu20Izs&c=rczt9RpBrI0HU6XppNTvuA

https://www.google.com/url?hl=fr&q=http://.../HP?b=WqCt7CzfZDxDWDX6yX7X_uKn0-Ts-OX8H4NdX9CRo7lc4jubLvO7rgD71YsZtZQX&c=zk8OpYjc4c-Onfcrb1djSA&source=gmail&ust=1479031052659000&usg=AFQjCNFovfQIZ0bJe-zj62xHbwicUwCwcQ

https://www.google.com/url?hl=fr&q=http://.../HP?b=fGz3YHSnWvWJMrJi6nYH-3-hZ-1YCaKZ2eyGzTFMfzCfcmwA_xWZWQvHndy2MFzt&c=fKKAZtqCQ2DOt1zq5_FGgA&source=gmail&ust=1472984048598000&usg=AFQjCNGeT4XGoshp1CriAZPa_oP2o8wumg

http://software.avanquest.com/HP?b=N9pAt5Slv1ynLJuMmYDhAS5MBdHMTRDlm9jbbcP3I9A5CSyjmcRi_H0UVHMOMx2w&c=6IHgNpeJXd4RX3WoESA1oQ

http://software.avanquest.com/HP?b=pMbel_20ZN0aFIE31_Cc7Pos1QVIr4seFQGqrusDNoIV1qLeGEhAu9GjPg8B28aK&c=mzsgaAmGHRnbDYB97MNLzA

http://software.avanquest.com/HP?b=EKnuvbCGy98GstB7PxfjYJWtpQAm5nZHPQw9vG8cfcvOy8goZl7F0HHxTrXwHMRa&c=PKH5gKuSrCxF4lxjnScPTw

https://www.google.com/url?hl=fr&q=http://.../HP?b=BO8gLTnwjyF-CViTpTcus6ANT-TN0_b3AaH6qmAn5RLJ8cxMgT0OnGV4yu3DhPUj&c=RzjKkG1EudeC5UwVTKrxew&source=gmail&ust=1479216108996000&usg=AFQjCNGVwNTKetflsrbaN_PMhQil8fy0Yw

http://software.avanquest.com/HP?b=jG7ezO2peDPwUW71ZX0Umz_HdD4o1LuhNq-YshZDa_nzfT1zLC44zCc4b8mlNxD6&c=5mAeo5Cjo5jydrPVXXh5DQ

http://software.avanquest.com/HP?b=sJDe_T7aFNyje8R4PRhKBNvSi_xkHdjAJjL45Q3ojoYtmaBQzI0E2FPpZqNTmvyi&c=2Af1ZDHsiJGdN40kQdHelg

http://software.avanquest.com/HP?b=q4ymKp25XzjlxVbgA3HP41ZLOnFx0vRFogD62Wiy51qECuFa4OQmc4A9N0YFVpob&c=6XKsKsx7Ivk0HuE5ZQnRVg

https://www.google.com/url?hl=ru&q=http://.../HP?b=itIrRnWyqg9zVEeRURmDGSfEnCTyopmk5woBqje9fy44FZkPbF8j68ATp5YQRa5i&c=r-slY8T9heoeGiDIcn4Ysg&source=gmail&ust=1474619920999000&usg=AFQjCNECEp1c-2tuu6DNRk9I90Cr3Mx-kg

https://www.google.com/url?hl=fr&q=http://.../HP?b=jpyAZglJO3khlXQaew79d0QA33l3tYwVMXkNCnUvoIDNxS8ZqHmPZjMGPwaXsuof&c=5oUR47uzzjj8xpOwU_gcXg&source=gmail&ust=1467656769511000&usg=AFQjCNESvT-Vzni8GPEMl5w5O4nqFSoa7w

https://shop.avanquest.com/.../download_link.php?type=master&id=aca1473a8d394198579d071e708943d417062707

http://software.avanquest.com/HP?b=eKUeOiT5LBmmuIFa66ImepztyzYwpj7QLLyK4D8vKYcOGZXhKmKazRrmjUp24KrC&c=dHG7-4gUkOCC9rjGeJlivw

http://software.avanquest.com/HP?b=lnXwyoXQO9G-fP196q_xej16lXymhhT_V2j5L-RwH9GKBkONJUPCdzDUMCpSikvZ&c=7zOVKOR5qzBbBWDMRQn7Jw

http://software.avanquest.com/HP?b=HGVks4PfkhwaNxoBsNb7sAcSjoVb6dI6hCOpTyJi6u30ClHr9L-Lppvd7ZbUYI29&c=kXqn6kWQYrz49-KeQNvKkw

http://webtools.avanquest.com/download.cfm?tracking=AQ_FR_AD_PA_ED_FIRO_0616&skip=1&go=http://fastcdn.avanquest.com/FIRO/.../Fix-It_Registry_Optimizer_FR.exe

http://software.avanquest.com/HP?b=mqOsYS7CAD4rjfjMKSVRsPXZ0Or55JR1eMBrRIpM7rvsayxsRlCynSzICPsmCBfG&c=-a92LI7asii-1zY_A59SxQ

http://software.avanquest.com/HP?b=uG4X9SFJDKADq-xX7dTLGw5lTpTLA2L0dzhIVctch3t-OFFU24I-XF0kH0TP9HUR&c=6dgJyqO5kPp-UqWXKxxXog

http://software.avanquest.com/HP?b=q8BocH3XK8WMNKVrQ3YwXwn6WNv28FQvwBAfysMILURmuvZKVDJMHjdMTd9aovZ0&c=gAkC6YNbybfnTebxY4GHgQ

http://software.avanquest.com/HP?b=X_l2f_iy3SD52g3vRHtYHvkYc9Y-yZ1H13ms_i53iHEgv7OtoG7V3BCVNxT1XWge&c=_nWjf5Cy6cbU1-i5nnk9WA

http://webtools.avanquest.com/download.cfm?tracking=AQ_FR_EM_CAT_PCTOOLS_V1_SCN&skip=&em=&email=&firstname=&lastname=&go=http://fastcdn.avanquest.com/FIRO/.../Fix-It_Registry_Optimizer_FR.exe

http://software.avanquest.com/HP?b=t7i1h7TP0Kiq7TOhD6AAssppq78kAsyuLRqX3y_Qb4mFk4Z9iM9im30IhoSqk2xS&c=1RYZnBAI2lmuoYaV1X3KkQ

http://software.avanquest.com/HP?b=4cr0EXncb26ztgFW53Xu5Fgn11pWP6lPMIEcMEFzwygzAY57STvvpzFHx1tEsuiJ&c=CpXQyM5jsf_XCigmq6pMAg

http://web.avanquest.com/download/download.cfm?filter={placement}&keyword=nettoyage d ordinateur&campaignid=CLEAN_Nettoyage_Ordinateur_Exact&msclkid=b15a34f432d6417e8748ea677daa086a&tracking=AQ_FR_PP_MS_SE_FIRO&go=http://fastcdn.avanquest.com/FIRO/.../Fix-It_Registry_Optimizer_FR.exe

http://software.avanquest.com/HP?b=dHnBmiVl8AleYMZemTSP3INAkqBGVAZ9iKJ4MEZJzN5vxXqy3wauliVOSfJ8M89V&c=ReQLM9KIEOMMmFqUIbSt6w

http://software.avanquest.com/HP?b=iRg7ScgMrhp1cyw4tIQtQU3R76LHurRxU6-c33Xsgvz0GP7Tl9OBRUrchF61NbNV&c=68U_am4Gjh0oc54bWLDUWA

http://software.avanquest.com/HP?b=x4_Ibhm_I8J3nMn0uq_5GdgGIKpOQR-2FweHfNa_zDN38SscIsIxU1UninC1tevP&c=QNrjRy4r2_OCASwi1IOwTw

http://software.avanquest.com/HP?b=Vt_qJWIiT7NEX82ITT2nuXf-0vOU5m7y2OP2xHZLpcWxEQOsgeyyxQclBDCwtcqU&c=iW1M3IVNzOc8s0xgHszLIg

Latest 30 of 36 download URLs

Remove Fix-It_Registry_Optimizer_FR.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.