home

optimizerproinstaller.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerproinstaller.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. While running, it connects to the Internet address dl.softservers.net on port 80 using the HTTP protocol.
Publisher:
PC Utilities Software Limited  (signed and verified)

Version:
3.0.1.0

MD5:
e886001cc386792317fd2e354377c7e1

SHA-1:
d221e93a8ec84328dc34fed3e18b8dabf1e25d9a

SHA-256:
1d2312ece095c5ce4c1f7751534dc0edccab54ce2daaecdc7860ebec0d2990e3

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/19/2024 9:29:19 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.1034313
6764508

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
PUA/OptimizerPro.Gen
7.11.214.38

AVG
Adware Generic5.AMIN
2014.0.4253

Baidu Antivirus
Adware.Win32.SpeedingUpMyPC
4.0.3.1536

Bitdefender
Application.Generic.1034313
1.0.20.325

Dr.Web
Trojan.Fakealert.44938
9.0.1.065

Emsisoft Anti-Malware
Application.Generic.1034313
9.0.0.4799

ESET NOD32
Win32/AdWare.SpeedingUpMyPC (variant)
9.9307

F-Prot
W32/OptimizePro.B.gen
v6.4.7.1.166

F-Secure
Riskware.Application.Generic.1034313
5.13.68

G Data
Win32.Application.OptimizerPro
15.3.24

herdProtect (fuzzy)
variant of optimizerpro.exe (PUP)
2015.6.12.16

IKARUS anti.virus
PUA.SpeedUpMyPC
t3scan.1.7.5.0

K7 AntiVirus
Adware
13.200.15178

Kaspersky
not-a-virus:RiskTool.Win32.Agent
15.0.0.543

Malwarebytes
PUP.Optional.OptimizerPro.A
v2015.03.06.02

MicroWorld eScan
Application.Generic.1034313
16.0.0.195

NANO AntiVirus
Trojan.Win32.Generic.dbyggq
0.28.2.61942

Reason Heuristics
PUP.Installer.PC Utilities
15.3.6.2

VIPRE Antivirus
Threat.4150696
37788

File size:
3.9 MB (4,091,480 bytes)

Product version:
3.0.1.0

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/6/2013 2:29:35 AM

Valid to:
4/3/2015 10:23:14 PM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
6/20/1992 6:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:hJj6A38mL4cPeFP6Nz9WCuCL+f7XAb89Ka2M+Y9dsZn:248mUciUkHi+kNM+Y9dK

Entry address:
0x13D60

Entry point:
55, 8B, EC, 83, C4, F0, B8, C8, 3C, 41, 00, E8, C4, 1F, FF, FF, E8, 07, 00, FF, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9832

Developed / compiled with:
Microsoft Visual C++

Code size:
75.5 KB (77,312 bytes)

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to domore.pcutilitiespro.revenuewire.net  (199.83.128.157:80)

 
http://domore.pcutilitiespro.revenuewire.net/optimizerpro/register?18639942-US-002_D7D8638A-860B-8863-BD80-436388E5

TCP (HTTP):
Connects to dl.softservers.net  (198.20.70.67:80)

TCP (HTTP):
Connects to bi.softservers.net  (184.154.38.36:80)

Remove optimizerproinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.