» pcoptimizerprosetup.exe
Overview
Analysis
File Details
Downloads (17)
Network (1)

pcoptimizerprosetup.exe

PC Optimizer Pro Installer

Xportsoft Technologies

The application pcoptimizerprosetup.exe by Xportsoft Technologies has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from www.tucows.com and multiple other hosts. While running, it connects to the Internet address rs59.steeprockinc.com on port 80 using the HTTP protocol.

File name:

Publisher:

Xportsoft Technologies (signed and verified)

Product:

PC Optimizer Pro Installer

Version:

1.0.1.1

MD5:

2443404ace07dd660b0683e4bff2ec40

SHA-1:

587404d3743ee99f8eef58bdf322acb6e2e01bbe

SHA-256:

3c8d2ca3a4b4c568dfb2639eb4ed257e3d688f24cc30f0ba8031586a5c4d4105

Scanner detections:

1 / 68

Status:

Potentially unwanted

Analysis date:

4/25/2024 10:52:01 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Optional.Installer.T

14.7.1.6

File size:

620.2 KB (635,104 bytes)

Product version:

1.0.1.1

Original file name:

PCOPInstaller.exe

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\downloads\pcoptimizerprosetup.exe

Digital Signature

Signed by:

Xportsoft Technologies

Authority:

COMODO CA Limited

Valid from:

10/31/2013 4:00:00 AM

Valid to:

10/31/2016 3:59:59 AM

Subject:

CN=Xportsoft Technologies, O=Xportsoft Technologies, STREET=Khojkipur, STREET="Near Gugga Maadi, Kardhan Road", L=Ambala Cantt, S=Haryana, PostalCode=133001, C=IN

Issuer:

CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:

1AA2A20320AF27B7DB8E85BCA67CBE9A

File PE Metadata

Compilation timestamp:

4/18/2014 11:14:05 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

12288:ReDWgiRb4CMuc4I0MyZIWyLRY/oTib8QGwX8O+:RuNiNMuc4IssY/oTiAwXO

Entry address:

0x2B0EF

Entry point:

E8, E4, 6B, 00, 00, E9, 79, FE, FF, FF, 3B, 0D, 00, 97, 45, 00, 75, 02, F3, C3, E9, 66, 6C, 00, 00, 8B, FF, 51, C7, 01, 3C, 84, 44, 00, E8, 5E, 6D, 00, 00, 59, C3, 8B, FF, 55, 8B, EC, 56, 8B, F1, E8, E3, FF, FF, FF, F6, 45, 08, 01, 74, 07, 56, E8, 7F, 13, FE, FF, 59, 8B, C6, 5E, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 83, C1, 09, 51, 83, C0, 09, 50, E8, A2, 6D, 00, 00, F7, D8, 59, 1B, C0, 59, 40, 5D, C2, 04, 00, 8B, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D... 
[+]

Entropy:

6.0570

Code size:

264.5 KB (270,848 bytes)

The file pcoptimizerprosetup.exe has been seen being distributed by the following 17 URLs.

http://www.tucows.com/download/windows/.../PCOptimizerProSetup.exe

http://gsf-cf.softonic.com/587/404/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69676736&instance=softonic_en&type=PROGRAM&Expires=1439243546&Signature=FHd8OuNS1yvgaNjt3Lqctcnec5IVhpY6THXf2LGo2AEztMLqGJmG9fT2ZBnEpgqx9cjXHhUrchwyw8YPZwRI0w3OL7ULPxodW17fOyzwtlwNEXg7Ja7kD9aTVbl66sxHAyVgLhbPkdBfYP0GQdwVdazm4ICCQA-LPwNzNmdhYdo_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=PCOptimizerProSetup.exe

http://gsf-cf.softonic.com/587/404/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69676736&instance=softonic_en&type=PROGRAM&Expires=1428640663&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=VamkhK4cPa-QuGA5nVF70tZcMipA6VYjv3Fcq9ZRrc00r07P7wRSvNexL11oszd5h4nPRBbC32UWY3aLFpEMaylF3ex4Gi~Hko2NiVlDCPtm-4StVQmd1SFVQCF233bjkzVUgjOG9zLWCR33c7kmIuKpTRbDW2UYWediOqwuNJs_&filename=PCOptimizerProSetup.exe

http://gsf-cf.softonic.com/587/404/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69676736&instance=softonic_en&type=PROGRAM&Expires=1445542469&Signature=AKOguJ788MHj86iNLmOZHz4RWwyHLm~wYfJlIb9IJo-e4A-RvEkqR8npXU5Am96C-KWVHDApzZhLCqcpy2-qzOuC8sskZzrV4ZuGeuNpcKuuluz0VijpFVHSXrQPDvpweWsjhHD77KNF4BsMXGMNm4hjzoTRBwfVEeCokN~ZPUQ_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=PCOptimizerProSetup.exe

http://gsf-cf.softonic.com/587/404/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69676736&instance=softonic_en&type=PROGRAM&Expires=1457017547&Signature=e3TKlPmsX1xgtlWyL27gjYx8l2yB2hqvFwOAKLE~87qfXfiIpMjeCulO8e1kOnaDQefn8uER8t5gLGepB8ht~XJSQ5IQEufw7GLWQbhGV53jKZ8myUt-XsfHjGCVonUaNlHNkKj3i4AhUmEXVMT4aLtigmuhPnxWLaVGMWuYS6o_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=PCOptimizerProSetup.exe

http://gsf-cf.softonic.com/587/404/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69676736&instance=softonic_en&type=PROGRAM&Expires=1459870473&Signature=ZZqlegF3w7c-9hWZAmjVbwq523oulaGU7r6SJ63T-JHIZbwXeRXD6D0A2u2juSLZOoFbcqhz~LaEmTC4ZNfr1J1rynoM4S~ql7aB61d~-B9LnBj2VHYqGDi-1Wztc2GZs2VhgJKJDLWpyUgE6ByGsZZNwrpAzFPYl1se-~v2Bg8_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=PCOptimizerProSetup.exe

http://files.downloadnow.com/s/software/14/20/42/.../PCOptimizerProSetup.exe

http://files.downloadnow-5.com/s/software/14/20/42/.../PCOptimizerProSetup.exe

http://gsf-cf.softonic.com/587/404/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69676736&instance=softonic_en&type=PROGRAM&Expires=1449108563&Signature=LPL9zfY1hWJbgZUfM228z00f9cuzXhDjtlR2rK3WI0Pu7JStyj-9I0fQxUy3RcbxRe-p17neK3dM99MtRUQ6ITNXwwBc9U0xjXG4SUfuZXy~kCS8Ms3q~3OEqBvJPSFMp19pqkvNJUXWqTrDXLhiOrcikjtwfmee1pbn-tQBQTY_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=PCOptimizerProSetup.exe

http://gsf-cf.softonic.com/587/404/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69676736&instance=softonic_en&type=PROGRAM&Expires=1445930961&Signature=an4OJA75B0OP3NMs5V9MSSu-vGu6vI2BJWD86f2Qgv3OsQvRsvio6I6hGLgXI0MnLcvV5ALGu8o-nH3xcb7XwXxqlRYxyXW~0ara-QZugXyijODCgUpuHooi1TXjnIPrniLu5b7i05j4d7pITtUItL7wXiKkuExESERNhumWaOE_&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&filename=PCOptimizerProSetup.exe

http://software-files-a.cnet.com/s/software/14/20/42/.../PCOptimizerProSetup.exe

http://gsf-cf.softonic.com/587/404/.../file?SD_used=0&channel=WEB&fdh=no&id_file=69676736&instance=softonic_en&type=PROGRAM&Expires=1422348494&Key-Pair-Id=APKAJUA62FNWTI37JTGQ&Signature=E7pXQwE7mbm92w0QBViySGxKnjMoKLwgTsS8zbmvzZCMU4RQd~AipKd8WeAxTXQ2yHr581EO-iGzrf4ALXlUlH-l5e7Cd9HMzdfyQ8LaJRuDmKTERwYE5Ys8UzR7dSXTUQGSJVnLghUHZ12kUQElx7LHxRe1s6wQyamartaVi4w_&filename=PCOptimizerProSetup.exe

http://www.pcoptimizerpro.com/downld.aspx

http://www.pcoptimizerpro.com/dwld.aspx

http://www.pcoptimizerpro.com/download.aspx

http://www.pcoptimizerpro.com/.../dmokg==

http://www.pcoptimizerpro.com/.../PCOptimizerProSetup.exe

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):

Connects to rs59.steeprockinc.com (69.20.11.235:80)

Remove pcoptimizerprosetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.