home

optimizerproinstaller.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerproinstaller.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 5 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. While running, it connects to the Internet address dl.softservers.net on port 80 using the HTTP protocol.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
8d44e13667866b9489ada4b392852311

SHA-1:
aa718862626e94e6676b0cffc274dcfa33e45bd7

Scanner detections:
5 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/16/2024 1:47:00 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
SHeur4
2015.0.3496

Dr.Web
Trojan.NtRootKit.17026
9.0.1.0113

ESET NOD32
Win32/SpeedingUpMyPC
8.9709

McAfee
Artemis!E41FB3FE7B81
5600.7152

Reason Heuristics
PUP.PCUtilities.V
14.8.8.3

File size:
5 MB (5,226,504 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Documents and Settings\{user}\Local settings\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/5/2013 10:29:35 AM

Valid to:
4/3/2015 6:23:14 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
2/5/2014 1:10:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:ciqwFedmg1JboOMg98gxSaK44ktSB6nlARuJd5zknv:cq2DkOMyvxSa63B6lARuJ3Yv

Entry address:
0x3D74C

Entry point:
55, 8B, EC, 83, C4, F0, B8, B0, A5, 43, 00, E8, 14, C4, FC, FF, E8, 03, 86, FC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9662

Developed / compiled with:
Microsoft Visual C++

Code size:
240.5 KB (246,272 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to domore.pcutilitiespro.revenuewire.net  (199.83.128.157:80)

 
http://domore.pcutilitiespro.revenuewire.net/optimizerpro/register?2874813-US-002_D7D8736A-870B-8873-BD80-437369E5

TCP (HTTP):
Connects to dl.softservers.net  (198.20.70.67:80)

TCP (HTTP):
Connects to bi.softservers.net  (184.154.38.36:80)

Remove optimizerproinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.