home

upsell1.exe

Driver Pro v3.2

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application upsell1.exe, “Keep your PC drivers up to date” by PC Utilities Software Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
PC Utilities Software Limited  (signed and verified)

Product:
Driver Pro v3.2

Description:
Keep your PC drivers up to date

Version:
3.2.0.2

MD5:
aa6b6ef7cef78cc086cfaed447f7352e

SHA-1:
d013dfdd9be94342581698ca7f3b353b34a46e48

SHA-256:
917bf78dab4720210b357b390b3df5cab91aeaf78dda124df09bc07132b2be9a

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
6/13/2024 8:55:13 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PC Utilities (M)
17.3.1.2

File size:
3.5 MB (3,655,704 bytes)

Product version:
3.2.0.2

Copyright:
PC Utilities Software Limited

Original file name:
Driver Pro

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\one system care\upsell1.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
COMODO CA Limited

Valid from:
11/6/2015 2:00:00 AM

Valid to:
11/6/2016 1:59:59 AM

Subject:
CN=PC Utilities Software Limited, OU=IT Department, O=PC Utilities Software Limited, STREET=78 York Street, L=London, S=England, PostalCode=W1H 1DP, C=GB

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
547CFDC5D70FD7C944A9BA11E88CCB1C

File PE Metadata
Compilation timestamp:
11/1/2016 11:22:02 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

Entry address:
0x6869

Entry point:
E8, 67, 5F, 00, 00, E9, 89, FE, FF, FF, FF, 35, 84, E2, 41, 00, FF, 15, 58, 60, 41, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, D9, 53, 00, 00, 6A, 01, 6A, 00, E8, FC, 2E, 00, 00, 83, C4, 0C, E9, C1, 2E, 00, 00, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B...
 
[+]

Entropy:
7.8298  (probably packed)

Code size:
81.5 KB (83,456 bytes)

Remove upsell1.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.