home

optimizerproinstaller.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerproinstaller.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 23 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address dl.softservers.net on port 80 using the HTTP protocol.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
cc2d0e5da5efd2a94153376f1bc33add

SHA-1:
3f0a2d1d27d6a3af008e80a6c1c9e8f878b6c45a

SHA-256:
0d58f645f8168f6ff24fc27b89e918d386f90c5f2f1eff21405548f768982abe

Scanner detections:
23 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
5/4/2024 5:54:57 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.671155
870

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.Optimizer
2014.09.18

Avira AntiVirus
SPR/Tool.Agent.ihv
7.11.173.16

avast!
Win32:Malware-gen
2014.9-140917

AVG
MalSign.Generic
2015.0.3348

Baidu Antivirus
Hacktool.Win32.SpeedingUpMyPC
4.0.3.14918

Bitdefender
Application.Generic.671155
1.0.20.1305

Dr.Web
Trojan.PWS.Tibia.2616
9.0.1.0260

Emsisoft Anti-Malware
Application.Generic.671155
14.09.17

ESET NOD32
Win32/SpeedingUpMyPC.J application
7.0.302.0

F-Prot
W32/A-d7153df2
v6.4.7.1.166

F-Secure
Application.Generic.671155
11.2014-18-09_5

G Data
Application.Generic.671155
14.9.24

herdProtect (fuzzy)
variant of optimizerpro.exe (PUP)
2014.11.22.20

K7 AntiVirus
Adware
13.183.13407

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.494

Malwarebytes
PUP.Optional.OptimizerPro
v2014.09.18.12

McAfee
Artemis!1F35AD24BC91
5600.6938

MicroWorld eScan
Application.Generic.671155
15.0.0.783

NANO AntiVirus
Trojan.Win32.SpeedingUpMyPC.dbygaj
0.28.2.62151

Panda Antivirus
Trj/Genetic.gen
14.09.18.12

Reason Heuristics
PUP.PCUtilities.V
14.9.18.0

File size:
4.9 MB (5,111,824 bytes)

File type:
Executable application (Win32 EXE)

Language:
Sérvio (Latino, Sérvia)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/5/2013 3:29:35 PM

Valid to:
4/3/2015 11:23:14 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
4/28/2014 3:33:57 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:C3uGIKJ0qKOj/syw6HILdi6vNNsNb4yBKK+utUY1hXqT4LrXA9+GLgqZ:QuHg05PhyItLsFKOETSbe7sqZ

Entry address:
0x6869

Entry point:
E8, 67, 5F, 00, 00, E9, 89, FE, FF, FF, FF, 35, 84, E2, 41, 00, FF, 15, 58, 60, 41, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, D9, 53, 00, 00, 6A, 01, 6A, 00, E8, FC, 2E, 00, 00, 83, C4, 0C, E9, C1, 2E, 00, 00, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B...
 
[+]

Code size:
81.5 KB (83,456 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to domore.pcutilitiespro.revenuewire.net  (199.83.128.157:80)

 
http://domore.pcutilitiespro.revenuewire.net/optimizerpro/register?10388737-US-002_D7D0387A-030B-8038-BD80-433876E5

TCP (HTTP):
Connects to dl.softservers.net  (198.20.70.67:80)

TCP (HTTP):
Connects to bi.softservers.net  (184.154.38.36:80)

Remove optimizerproinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.