» optpromon.dll
Overview
Analysis
File Details
Behaviors (1)

optpromon.dll

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The module optpromon.dll by PC Utilities Software Limited has been detected as a potentially unwanted program by 12 anti-malware scanners. It runs as a separate (within the context of its own process) windows Service named “Optimizer Pro Crash Monitor”. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider.

File name:

optpromon.dll

Publisher:

PC Utilities Software Limited (signed and verified)

MD5:

8e4883a1cfab6502ab553dc1b989edfd

SHA-1:

139b3999a2a31d7f042db732e265e83563c4255e

SHA-256:

5f742c8064a38ada5b52830c3ba7f6cf9df1c24a4d2a9d33a664efbca2d98f1d

Scanner detections:

12 / 68

Status:

Potentially unwanted

Explanation:

Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:

4/18/2024 10:00:39 AM UTC (today)

Scan engine

Detection

Engine version

AhnLab V3 Security

PUP/Win32.MultiPlug

2015.02.12

Avira AntiVirus

TR/Bprotector.1652280

7.11.209.210

AVG

Generic

2016.0.3179

Bkav FE

W32.HfsAdware

1.3.0.6379

G Data

Win32.Application.OptimizerPro

15.3.25

herdProtect (fuzzy)

variant of __tmp_31834c70 (PUP)

2015.6.12.15

IKARUS anti.virus

PUA.SProtector

t3scan.1.8.6.0

McAfee

Artemis!8E4883A1CFAB

5600.6835

Qihoo 360 Security

Win32/Trojan.f10

1.0.0.1015

Reason Heuristics

PUP.Service.PC Utilities

15.3.5.22

Trend Micro House Call

Suspicious_GEN.F47V0209

7.2.64

VIPRE Antivirus

OptimizerPro

37472

File size:

1.6 MB (1,652,280 bytes)

File type:

Dynamic link library (Win32 DLL)

Common path:

C:\Program Files\optimizer pro 3.38\optpromon.dll

Digital Signature

Signed by:

PC Utilities Software Limited

Authority:

COMODO CA Limited

Valid from:

7/28/2014 8:00:00 PM

Valid to:

7/29/2015 7:59:59 PM

Subject:

CN=PC Utilities Software Limited, O=PC Utilities Software Limited, STREET=78 York Street, L=London, S=England, PostalCode=W1H 1DP, C=GB

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

44E2576B707881CA345E8A3219EDDEBE

File PE Metadata

Compilation timestamp:

1/27/2015 8:20:21 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

11.0

CTPH (ssdeep):

24576:8lIeqqskxyUabzjdi0cF0B2Tc2YYPDtuOf01deEBjB8E8ibMcVL/pmFSG:oKjdKKOcEPBLf0CEBjF7VrYFR

Entry address:

0x110E0

Entry point:

55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 3E, 47, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 60, ED, 06, 10, E8, 41, 0A, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, D8, FA, 18, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 7C, D2, 05, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4... 
[+]

Entropy:

7.7851

Developed / compiled with:

Microsoft Visual C++

Code size:

353.5 KB (361,984 bytes)

Service

Display name:

Optimizer Pro Crash Monitor

Service name:

4ef60154

Type:

Win32OwnProcess

Remove optpromon.dll - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.