home

optimizerproinstaller.exe

Optimizer Pro

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerproinstaller.exe, “Fix, clean, optimize your PC!” by PC Utilities Software Limited has been detected as a potentially unwanted program by 24 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address dl.softservers.net on port 80 using the HTTP protocol.
Publisher:
PC Utilities Pro  (signed by PC Utilities Software Limited)

Product:
Optimizer Pro

Description:
Fix, clean, optimize your PC!

Version:
3.0.1.0

MD5:
816fa1114fcb7b3367184406a41144eb

SHA-1:
925d51562b6d7b494ad85684cd2d68a1bf59abbf

SHA-256:
96c06ddd0c1e7356ba1ff2abbf5f95c7917ddac1510547c60cca77a2f0254423

Scanner detections:
24 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/25/2024 2:15:50 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Agent
7.1.1

Avira AntiVirus
TR/Trash.Gen
7.11.30.172

AVG
MalSign.Generic
2017.0.2833

Bkav FE
W32.Clod4c3.Trojan
1.3.0.4613

Comodo Security
UnclassifiedMalware
16837

Dr.Web
riskware program Program.Unwanted.311, is riskware program Program.Unwanted.29, is riskware program
9.0.1.046

ESET NOD32
Win32/SpeedingUpMyPC.B application
10.7.0.302.0

Fortinet FortiGate
W32/SpeedingUpMyPC.B
2/15/2016

F-Prot
W32/OptimizePro.A.gen
v6.4.7.1.166

F-Secure
Gen:Variant.Adware.MPlug
11.2016-15-02_2

G Data
Win32.Application.OptimizerPro
16.2.24

IKARUS anti.virus
PUA.SpeedingUpMyPC
t3scan.1.6.1.0

K7 AntiVirus
Trojan
13.176.11510

Malwarebytes
PUP.Optional.OptimizePro.A
v2016.02.15.11

McAfee
Artemis!D84B92824CEE
5600.6489

NANO AntiVirus
Riskware.Win32.Unwanted.ccmwkx
0.26.0.55366

Norman
Application.Generic.1028257
11.20160215

Qihoo 360 Security
Malware.QVM06.Gen
1.0.0.1015

Quick Heal
PUA.Pcutilitie1.Gen
2.16.14.00

Reason Heuristics
PUP.PC Utilities.PCUtilities.Installer (M)
16.2.15.11

SUPERAntiSpyware
Trojan.Agent/Gen-Nullo[Short]
9322

Trend Micro House Call
TROJ_GEN.F47V0809
7.2.46

VIPRE Antivirus
Trojan.Win32.Generic
25654

Zillya! Antivirus
Trojan.Autoit.Win32.27511
2.0.0.2554

File size:
3.6 MB (3,800,184 bytes)

Product version:
3.0.1.0

Copyright:
PC Utilities Pro

Trademarks:
PC Utilities Pro

Original file name:
OptimizerPro

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/6/2013 1:29:35 AM

Valid to:
4/3/2015 9:23:14 PM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
6/20/1992 5:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:7/ICh0m6ZKJNLF1pxmY4XmRXPk8O9dSvq/nmzbp3Nq:1h0mNLFJD4XmRXs/94vq/Gd3Nq

Entry address:
0x13474

Entry point:
55, 8B, EC, B9, 27, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, EC, 33, 41, 00, E8, F8, 26, FF, FF, 33, C0, 55, 68, 44, 39, 41, 00, 64, FF, 30, 64, 89, 20, B2, 01, A1, 38, 2F, 41, 00, E8, 3A, FB, FF, FF, 8B, D8, BA, 01, 00, 00, 80, 8B, C3, E8, CC, FB, FF, FF, B1, 01, BA, 5C, 39, 41, 00, 8B, C3, E8, 22, FC, FF, FF, 84, C0, 74, 20, 8D, 55, EC, 33, C0, E8, FC, F7, FE, FF, 8B, 4D, EC, BA, 7C, 39, 41, 00, 8B, C3, E8, 29, FD, FF, FF, 8B, C3, E8, 6A, FB, FF, FF, B2, 01, 8B, C3, 8B, 08, FF, 51, FC, 8D...
 
[+]

Entropy:
7.9859

Developed / compiled with:
Microsoft Visual C++

Code size:
75 KB (76,800 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to domore.pcutilitiespro.revenuewire.net  (199.83.128.157:80)

 
http://domore.pcutilitiespro.revenuewire.net/optimizerpro/register?69688869-US-002_D7D9687A-960B-8968-BD80-436877E5

TCP (HTTP):
Connects to dl.softservers.net  (198.20.70.67:80)

TCP (HTTP):
Connects to bi.softservers.net  (184.154.38.36:80)

Remove optimizerproinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.