home

optimizerproinstaller.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerproinstaller.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 20 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.softservers.net. While running, it connects to the Internet address dl.softservers.net on port 80 using the HTTP protocol.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
d578cb854c3845c9da116dbcaab87c3c

SHA-1:
b7c149743630c2c6a0b3bc53cec09ff6ae0d2cc7

SHA-256:
df1684d7989e6d05f602c78c9214d57a5eabd7860d46e3a7a36ec779e32dcd95

Scanner detections:
20 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/19/2024 3:06:28 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.Agent
7.1.1

AhnLab V3 Security
PUP/Win32.OptimizerPro
2014.09.09

Avira AntiVirus
Adware/SpeedingUpMyPC.D.7
7.11.144.106

AVG
SHeur4
2015.0.3333

Comodo Security
ApplicUnwnt
19459

Dr.Web
Trojan.NtRootKit.17156
9.0.1.05190

ESET NOD32
Win32/AdWare.SpeedingUpMyPC.L application
7.0.302.0

F-Prot
W32/OptimizePro.B.gen
v6.4.7.1.166

G Data
Win32.Application.OptimizerPro
14.10.24

IKARUS anti.virus
PUA.SpeedingUpMyPC
t3scan.1.6.1.0

K7 AntiVirus
Adware
13.183.13504

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.494

McAfee
Artemis!EB475FA035A0
5600.6989

NANO AntiVirus
Trojan.Win32.Generic.dbyggj
0.28.2.61942

Panda Antivirus
Trj/Genetic.gen
14.10.03.01

Reason Heuristics
PUP.PCUtilities.V
14.10.3.1

Total Defense
Win32/Tnega.BUCBNZC
37.0.10926

Trend Micro House Call
TROJ_GEN.F47V0418
7.2.276

VIPRE Antivirus
Trojan.Win32.Generic!SB.0
28570

Zillya! Antivirus
Trojan.Black.Win32.16778
2.0.0.1915

File size:
5.1 MB (5,306,992 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
COMODO CA Limited

Valid from:
2/20/2014 5:30:00 AM

Valid to:
2/21/2016 5:29:59 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, STREET=78 York Street, L=London, S=England, PostalCode=W1H 1DP, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00950E57C386D6B1EDADD9385C821B8BC8

File PE Metadata
Compilation timestamp:
4/16/2014 7:30:23 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:UOhwYUUBbUAfdUYH2i20ivyw+G7qgzwlP4n0bUcQgVkM1:UOhJnNUiiv90QywVqD4+UoV/

Entry address:
0x3D74C

Entry point:
55, 8B, EC, 83, C4, F0, B8, EC, A5, 43, 00, E8, 14, C4, FC, FF, E8, 03, 86, FC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9674

Developed / compiled with:
Microsoft Visual C++

Code size:
240.5 KB (246,272 bytes)

The file optimizerproinstaller.exe has been seen being distributed by the following URL.

http://dl.softservers.net/.../OptimizerPro.exe

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to domore.pcutilitiespro.revenuewire.net  (199.83.128.157:80)

 
http://domore.pcutilitiespro.revenuewire.net/optimizerpro/register?11322402-US-002_D7D1321A-130B-8132-BD80-433212E5

TCP (HTTP):
Connects to dl.softservers.net  (198.20.70.67:80)

TCP (HTTP):
Connects to bi.softservers.net  (184.154.38.36:80)

Remove optimizerproinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.