home

__tmp_2dae1a4f

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The file __tmp_2dae1a4f by PC Utilities Software Limited has been detected as a potentially unwanted program by 15 anti-malware scanners. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider. It is also typically executed from the user's temporary directory.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
bfbafcd3cefcf1fcd0e8b96cbba2713d

SHA-1:
1550364e46d38a469bb5032b75862bc83ebac4cc

SHA-256:
b317f5616b0701e55eb4ed0620480ebcdb3d0f75f2fda5373e41afe8cc63a38d

Scanner detections:
15 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
4/26/2024 11:46:32 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Bprotector.5
870

Agnitum Outpost
Riskware.Agent
7.1.1

Avira AntiVirus
TR/BProtector.Gen2
7.11.173.16

avast!
Win32:BProtect-J [Trj]
2014.9-140917

AVG
Generic
2015.0.3348

Bitdefender
Gen:Variant.Adware.Bprotector.5
1.0.20.1300

Comodo Security
Application.Win32.BProtect.COLC
19546

Emsisoft Anti-Malware
Gen:Variant.Adware.Bprotector
14.09.17

ESET NOD32
probably Win32/SProtector.E potentially unwanted application
7.0.302.0

F-Secure
Gen:Variant.Adware.Bprotector.5
11.2014-17-09_4

G Data
Gen:Variant.Adware.Bprotector
14.9.24

K7 AntiVirus
Trojan
13.183.13407

MicroWorld eScan
Gen:Variant.Adware.Bprotector.5
15.0.0.780

Reason Heuristics
PUP.PCUtilities.O
14.9.17.19

Sophos
BProtector
4.98

File size:
4 MB (4,222,792 bytes)

Common path:
C:\users\{user}\appdata\local\temp\__tmp_2dae1a4f

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/5/2013 2:29:35 PM

Valid to:
4/3/2015 10:23:14 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
1/28/2014 3:15:01 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
11.0

CTPH (ssdeep):
98304:VWg7n7rpbDI2sjO9Cy1kAhBasX85W4cO/eMWU54c+CqN:H7FxsjO9huAhdXbI/0U5MxN

Entry address:
0x179A25

Entry point:
55, 8B, EC, 83, 7D, 0C, 01, 75, 05, E8, 42, BB, 00, 00, FF, 75, 10, FF, 75, 0C, FF, 75, 08, E8, 07, 00, 00, 00, 83, C4, 0C, 5D, C2, 0C, 00, 6A, 0C, 68, 38, DB, 27, 10, E8, 5C, 08, 00, 00, 33, C0, 40, 8B, 75, 0C, 85, F6, 75, 0C, 39, 35, CC, 3B, 2C, 10, 0F, 84, E4, 00, 00, 00, 83, 65, FC, 00, 83, FE, 01, 74, 05, 83, FE, 02, 75, 35, 8B, 0D, 04, A6, 26, 10, 85, C9, 74, 0C, FF, 75, 10, 56, FF, 75, 08, FF, D1, 89, 45, E4, 85, C0, 0F, 84, B1, 00, 00, 00, FF, 75, 10, 56, FF, 75, 08, E8, 11, FE, FF, FF, 89, 45, E4...
 
[+]

Entropy:
7.1020

Developed / compiled with:
Microsoft Visual C++

Code size:
2.4 MB (2,523,648 bytes)

Remove __tmp_2dae1a4f - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.