home

PCOptimizerPro.exe

PCOptimizerPro

Xportsoft Technologies

The application PCOptimizerPro.exe, “TWEAK REPAIR ENHANCE & PROTECT” by Xportsoft Technologies has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program PC Optimizer Pro by PC Optimizer Pro, Inc.. While running, it connects to the Internet address rs59.steeprockinc.com on port 80 using the HTTP protocol.
Publisher:
Tweaking Tools Inc  (signed by Xportsoft Technologies)

Product:
PCOptimizerPro

Description:
TWEAK REPAIR ENHANCE & PROTECT

Version:
6, 2, 4, 5

MD5:
dfbffc52ee68ebc8d2fa1fd1c01d15c6

SHA-1:
6badf0dbca861ff9b3a4f18090c09c96186c78cf

SHA-256:
dd7b31e04c4b2c99ac34989a53ee2382a9a57f835a4002108190f75f33a9e782

Scanner detections:
1 / 68

Status:
Potentially unwanted

Analysis date:
5/9/2024 3:10:27 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Optional.XportsoftTechnologies.O
14.5.13.4

File size:
11.5 MB (12,049,176 bytes)

Product version:
6, 2, 4, 5

Copyright:
(c) Tweaking Tools Inc. All rights reserved.

Original file name:
PCOptimizerPro.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\pc optimizer pro\pcoptimizerpro.exe

Digital Signature
Signed by:
Xportsoft Technologies

Authority:
COMODO CA Limited

Valid from:
10/24/2011 3:30:00 AM

Valid to:
10/24/2013 3:29:59 AM

Subject:
CN=Xportsoft Technologies, OU=Admin, O=Xportsoft Technologies, STREET="Near Gugga Maadi, Kohjkipur", STREET=Kardhan Road, L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00B836BB5EBC9FBEE7AC39B7D577D1EC85

File PE Metadata
Compilation timestamp:
4/23/2012 6:47:02 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
9.0

CTPH (ssdeep):
49152:teQSOC3ZVYYzKSfyohfZK0Fxae3uiHo3XOVQyy3t/Ztl+Un0y4jBrLwcwYlRnEw8:t6OqjYwK8/gOVQyyZlfn0y4t4d5

Entry address:
0xB75BE

Entry point:
E8, FD, 84, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, F0, 9A, 54, 00, 75, 02, F3, C3, E9, 7F, 85, 00, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 7F, 31, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, B3, 0C, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 3F, 86, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, 9E, 5A, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73...
 
[+]

Entropy:
4.9760

Code size:
1022.5 KB (1,047,040 bytes)

The file PCOptimizerPro.exe has been discovered within the following program.

PC Optimizer Pro  by PC Optimizer Pro, Inc.
This is a PC optimization program that is supposed to increase the speed of computer by removing invalid entries the computer's registry.
www.twekingtools.com/PC Optimizer Pro
53% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to rs59.steeprockinc.com  (69.20.11.235:80)

Remove PCOptimizerPro.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.