home

opprosetup.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application opprosetup.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 15 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
0eadf23a0d0cf484d23badd606532ec5

SHA-1:
aad44a62fb95cd15eddbea61013d0a0d07299ddc

SHA-256:
c45275cb9237158ecbf14c392c5a1ad1da81dce64030a89d62dc207781edee03

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/25/2024 12:24:16 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OptimizerPro
2014.08.26

AVG
OptimizerPro
2015.0.3312

Dr.Web
Trojan.NtRootKit.17528
9.0.1.0296

ESET NOD32
Win32/AdWare.SpeedingUpMyPC (variant)
8.10314

G Data
Win32.Application.OptimizerPro
14.10.24

IKARUS anti.virus
AdWare.Bprotector
t3scan.1.7.5.0

Kaspersky
not-a-virus:RiskTool.Win32.Agent
14.0.0.3055

McAfee
Artemis!0EADF23A0D0C
5600.6968

NANO AntiVirus
Riskware.Win32.Agent.decbpv
0.28.2.61861

Panda Antivirus
Trj/Genetic.gen
14.10.23.11

Reason Heuristics
PUP.Installer.PCUtilities.K
14.10.23.23

Total Defense
Win32/Tnega.MHdEFO
37.0.11143

VIPRE Antivirus
Trojan.Win32.Generic
32544

Zillya! Antivirus
Trojan.Black.Win32.16768
2.0.0.1901

File size:
4.2 MB (4,366,424 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\temp\opprosetup.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/18/2014 8:04:54 PM

Valid to:
4/18/2015 8:04:54 PM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
4B6A44F88EC8CF

File PE Metadata
Compilation timestamp:
8/20/2014 3:06:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:uXPDVLdlnQtysAx3pkMMWp28uz9R1oCK7x75DMKP:YPDldlnQt9OSMMW28uCCe75wy

Entry address:
0x3D74C

Entry point:
55, 8B, EC, 83, C4, F0, B8, F8, A5, 43, 00, E8, 14, C4, FC, FF, E8, 03, 86, FC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9549

Developed / compiled with:
Microsoft Visual C++

Code size:
240.5 KB (246,272 bytes)

Remove opprosetup.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.