» optserve.exe
Overview
Analysis
File Details
Behaviors (1)

optserve.exe

optserve.exe released on 2007/04/12

Optlynx CO., LTD.

The application optserve.exe by Optlynx CO. has been detected as a potentially unwanted program by 13 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘optserve’.

File name:

optserve.exe

Publisher:

Optlynx Co.,Ltd. (signed by Optlynx CO., LTD.)

Product:

optserve.exe released on 2007/04/12

Version:

1.06

MD5:

8dc92ed472b5236977e64d812313f8b6

SHA-1:

ce7c17970b1c0d3b3b3224fbb0a2220c0bbbe703

Scanner detections:

13 / 68

Status:

Potentially unwanted

Analysis date:

4/26/2024 7:26:19 AM UTC (today)

Scan engine

Detection

Engine version

Agnitum Outpost

Adware.Optserve

7.1.1

Avira AntiVirus

ADSPY/Optserve.A

7.11.119.222

avast!

Win32:PUP-gen [PUP]

2014.9-140212

Clam AntiVirus

Win.Adware.Optserve

0.98/18355

Comodo Security

UnclassifiedMalware

17448

Fortinet FortiGate

Adware/OptServe

2/12/2014

IKARUS anti.virus

not-a-virus:AdWare.Optmedia

t3scan.2.2.29

Malwarebytes

Spyware.OnlineGames

v2014.02.12.12

McAfee

Adware-OptServe

5600.7222

MicroWorld eScan

Adware.Optserve

15.0.0.129

Quick Heal

Adware.Optserve (Not a Virus)

2.14.12.00

Sophos

Generic PUA MO

4.96

Trend Micro

ADW_OPTMEDIA

10.465.12

File size:

29.6 KB (30,264 bytes)

Product version:

1.06

Original file name:

optserve.exe

File type:

Executable application (Win32 EXE)

Common path:

C:\Windows\System32\optserve.exe

Digital Signature

Signed by:

Optlynx CO., LTD.

Authority:

VeriSign, Inc.

Valid from:

3/1/2007 9:00:00 AM

Valid to:

3/1/2008 8:59:59 AM

Subject:

CN="Optlynx CO., LTD.", OU=Coordination, OU=Digital ID Class 3 - Microsoft Software Validation v2, O="Optlynx CO., LTD.", L=Nishi-ku Osaka-shi, S=Osaka, C=JP

Issuer:

CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

475D4973A000810A5409CC1F7132A4F1

File PE Metadata

Compilation timestamp:

4/12/2007 2:10:31 PM

OS version:

4.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

6.0

CTPH (ssdeep):

768:/X/X5DEL3iZFN3jWrTX5DEL3iZFXL3t5bOVl:/X/X5DEL3iZFNSrTX5DEL3iZFXBJK

Entry address:

0x1190

Entry point:

68, A8, 21, 40, 00, E8, EE, FF, FF, FF, 00, 00, 00, 00, 00, 00, 30, 00, 00, 00, 40, 00, 00, 00, 00, 00, 00, 00, 0D, EA, 60, FE, 94, 88, 9C, 4E, A3, 0B, C4, F2, 42, 32, A6, 74, 00, 00, 00, 00, 00, 00, 01, 00, 00, 00, B9, B9, B9, B9, B9, AA, 70, 72, 6A, 43, 6C, 69, 65, 6E, 74, 00, 25, 26, 25, 25, 25, 25, 00, 00, 00, 00, FF, CC, 31, 00, 00, 4F, A8, 04, 88, F9, 7F, 75, 4C, 90, 92, 7F, FF, 26, 1D, BF, E1, 8F, 5D, A9, 81, 9D, 20, 00, 41, AB, CE, 0A, 32, 3D, 16, 52, B3, 3A, 4F, AD, 33, 99, 66, CF, 11, B7, 0C, 00... 
[+]

Entropy:

4.2923

Code size:

8 KB (8,192 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

optserve

Command:

C:\Windows\System32\optserve.exe

Remove optserve.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.