» 8ad3e5ea8bc3e6ff41fc276db2a03b6028fddd412f36f583ccee91f676c2fb00
Overview
Analysis
File Details
Downloads (1)

8ad3e5ea8bc3e6ff41fc276db2a03b6028fddd412f36f583ccee91f676c2fb00

LiveSupport Installer Wrapper

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The file 8ad3e5ea8bc3e6ff41fc276db2a03b6028fddd412f36f583ccee91f676c2fb00, “LiveSupport Installer” by PC Utilities Software Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. The file has been seen being downloaded from updates.livesupport.pcutilitiespro.com.

File name:

Publisher:

PC Utilities Software Limited (signed and verified)

Product:

LiveSupport Installer Wrapper

Description:

LiveSupport Installer

Version:

1.2.2.0

MD5:

d86ac775ddbef17a6a7c99c6355de27b

SHA-1:

5b83cf4763b8d2e698c6868fec822f89d672358f

SHA-256:

8ad3e5ea8bc3e6ff41fc276db2a03b6028fddd412f36f583ccee91f676c2fb00

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:

11/27/2024 12:18:25 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PC Utilities.Installer

15.6.4.21

File size:

1.2 MB (1,229,296 bytes)

Product version:

1.2.2.0

Original file name:

LiveSupport_installer.exe

Language:

English (United States)

Digital Signature

Signed by:

PC Utilities Software Limited

Authority:

GoDaddy.com, Inc.

Valid from:

4/5/2013 8:29:35 PM

Valid to:

4/3/2015 4:23:14 PM

Subject:

CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

2B239BABC97410

File PE Metadata

Compilation timestamp:

9/18/2013 5:37:34 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

24576:g78axGQGBa0xeDjtlUThyfyCb9CQSrAKRSA979qdpz:LfFcZ1k5C8hRddYdd

Entry address:

0x67E8

Entry point:

E8, F2, 56, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, A9, EC, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 2E, 2E, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, A8, A1, 41, 00, 74, 12, 8B, 0D, 60, 9F, 41, 00, 85, 48, 70, 75, 07, E8, CC, 60, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 68, 9E, 41, 00, 74, 16, 8B, 46, 08, 8B, 0D, 60, 9F, 41, 00... 
[+]

Entropy:

7.8199 (probably packed)

Code size:

74 KB (75,776 bytes)

The file 8ad3e5ea8bc3e6ff41fc276db2a03b6028fddd412f36f583ccee91f676c2fb00 has been seen being distributed by the following URL.

http://updates.livesupport.pcutilitiespro.com/LiveSupport_setup_1.2.2.exe

Remove 8ad3e5ea8bc3e6ff41fc276db2a03b6028fddd412f36f583ccee91f676c2fb00 - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.