home

__tmp_02fde5fb

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The file __tmp_02fde5fb by PC Utilities Software Limited has been detected as a potentially unwanted program by 16 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from the user's temporary directory.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
1ad8f30a0fa1f180864e2ae58dd657cc

SHA-1:
0628f29d443095ee34e85c2c279ff2df7e8b6985

SHA-256:
828c411c9b4c9f8cf3fcef2ee7f661c586105268e6cc28c7a1eb3da732a56e92

Scanner detections:
16 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/26/2024 11:50:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Bprotector.5
836

AegisLab AV Signature
Troj.W32.Gen
2.1.4+

Avira AntiVirus
TR/BProtector.Gen2
7.11.180.70

avast!
Win32:Adware-gen [Adw]
141003-0

AVG
Generic
2015.0.3314

Bitdefender
Gen:Variant.Adware.Bprotector.5
1.0.20.1475

Comodo Security
Application.Win32.BProtect.COLC
19870

Emsisoft Anti-Malware
Gen:Variant.Adware.Bprotector
14.10.21

ESET NOD32
Win32/SProtector.D potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.Bprotector.5
11.2014-22-10_4

G Data
Gen:Variant.Adware.Bprotector
14.10.24

K7 AntiVirus
Unwanted-Program
13.184.13741

MicroWorld eScan
Gen:Variant.Adware.Bprotector.5
15.0.0.885

Reason Heuristics
PUP.PCUtilities.O
14.10.21.23

Sophos
BProtector
4.98

SUPERAntiSpyware
Adware.BProtector/Variant
10285

File size:
3.9 MB (4,109,640 bytes)

Common path:
C:\users\{user}\appdata\local\temp\__tmp_02fde5fb

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/5/2013 11:29:35 AM

Valid to:
4/3/2015 7:23:14 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
12/21/2013 6:26:43 PM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:yU7CvIVjbou4/6oVU9e1WRnOWbnlO+WQFXw+SgdxEO:yU7CkHe6EU9e1WRn5LUkygdxEO

Entry address:
0x19EF34

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, AD, D9, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 70, 54, 25, 10, E8, 7D, 64, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, D4, AD, 29, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 50, 2C, 24, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
7.1378

Developed / compiled with:
Microsoft Visual C++

Code size:
2.2 MB (2,356,224 bytes)

Remove __tmp_02fde5fb - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.