optimizerproinstaller.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerproinstaller.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address dl.softservers.net on port 80 using the HTTP protocol.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
7b206e5a5a88a59f7b013be14bdde9fd

SHA-1:
4880b98d3d86e8581cda41d173d9f79ecee0106c

SHA-256:
fa633f3d0032d56505832ed344af4ed090202e33d879b9ce480bca61633f6374

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/20/2024 1:01:18 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PC Utilities.PCUtilities.Installer (M)
16.2.1.8

File size:
5.1 MB (5,306,992 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
2/20/2014 2:00:00 AM

Valid to:
2/21/2016 1:59:59 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, STREET=78 York Street, L=London, S=England, PostalCode=W1H 1DP, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00950E57C386D6B1EDADD9385C821B8BC8

File PE Metadata
Compilation timestamp:
4/16/2014 5:00:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:UOhwYUUBbUAfdUYH2i20ivyw+G7qgzwlP4n0bUcQgVkM13:UOhJnNUiiv90QywVqD4+UoV/3

Entry address:
0x3D74C

Entry point:
55, 8B, EC, 83, C4, F0, B8, EC, A5, 43, 00, E8, 14, C4, FC, FF, E8, 03, 86, FC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
240.5 KB (246,272 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to domore.pcutilitiespro.revenuewire.net  (199.83.128.157:80)

 
http://domore.pcutilitiespro.revenuewire.net/optimizerpro/register?56697794-US-002_D7D6696A-660B-8669-BD80-436966E5

TCP (HTTP):
Connects to dl.softservers.net  (198.20.70.67:80)

TCP (HTTP):
Connects to bi.softservers.net  (184.154.38.36:80)

Remove optimizerproinstaller.exe - Powered by Reason Core Security