home

livesupport.exe

LiveSupport Installer Wrapper

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application livesupport.exe, “LiveSupport Installer” by PC Utilities Software Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software.
Publisher:
PC Utilities Software Limited  (signed and verified)

Product:
LiveSupport Installer Wrapper

Description:
LiveSupport Installer

Version:
1.2.8.0

MD5:
faa6333619afb019d7ec031755f52b55

SHA-1:
c88e52d9049020205dc26b8915a023ebe6581b15

SHA-256:
ccda3e50178901358073ce22f91cbb0c3aaf3771d95287b018e6ffbda23600c4

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/19/2024 4:00:50 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PCUtilities.LiveSupport.PC Utilities.Installer (M)
16.6.6.14

File size:
1.4 MB (1,503,528 bytes)

Product version:
1.2.8.0

Copyright:
(C) 2013 PC Utilities Software Limited

Original file name:
LiveSupport_installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\downloads\livesupport.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/5/2013 8:29:35 PM

Valid to:
4/3/2015 4:23:14 PM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
3/18/2014 12:06:14 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:X7NSxGLHCuj6GdPq9fE5BlmxbeO70IPwtQk:xXuEpdPqSOl

Entry address:
0x67E8

Entry point:
E8, 02, 57, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, A9, EC, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 3E, 2E, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, A8, A1, 41, 00, 74, 12, 8B, 0D, 60, 9F, 41, 00, 85, 48, 70, 75, 07, E8, DC, 60, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 68, 9E, 41, 00, 74, 16, 8B, 46, 08, 8B, 0D, 60, 9F, 41, 00...
 
[+]

Code size:
74 KB (75,776 bytes)

The file livesupport.exe has been seen being distributed by the following URL.

http://www.pcutilitiespro.com/download/.../171000501

Remove livesupport.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.