home

livesupport_update.exe

LiveSupport Installer Wrapper

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application livesupport_update.exe, “LiveSupport Installer” by PC Utilities Software Limited has been detected as a potentially unwanted program by 8 anti-malware scanners. This is a self-extracting archive and installer and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from updates.livesupport.pcutilitiespro.com.
Publisher:
PC Utilities Software Limited  (signed and verified)

Product:
LiveSupport Installer Wrapper

Description:
LiveSupport Installer

Version:
1.2.7.0

MD5:
5301aa118094edf5b214a7d592c085c2

SHA-1:
3e8961acd3cd92dedca63f961ff7c89cccf0b984

SHA-256:
7fd241099e1a243da2121a2246131536dee06f3cfa4a4383059a9f1cc4773150

Scanner detections:
8 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
11/23/2024 8:04:43 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Generic
2015.0.3389

Dr.Web
Trojan.DownLoader9.16948
9.0.1.0220

ESET NOD32
Win32/LiveSupport.B potentially unwanted application
8.0.319.0

IKARUS anti.virus
PUA.SpeedingUpMyPC
t3scan.1.6.1.0

Malwarebytes
PUP.Optional.LiveSupport
v2014.08.08.03

McAfee
Artemis!F41C79BEA548
5600.7045

Reason Heuristics
PUP.PC Utilities.PCUtilit.Installer (M)
16.6.23.4

Trend Micro House Call
TROJ_GEN.F47V0321
7.2.220

File size:
1.1 MB (1,177,072 bytes)

Product version:
1.2.7.0

Copyright:
(C) 2013 PC Utilities Software Limited

Original file name:
LiveSupport_installer.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\livesupport_update.exe

Digital Signature
Signed by:
PC Utilities Software Limited

Authority:
GoDaddy.com, Inc.

Valid from:
4/5/2013 3:29:35 PM

Valid to:
4/3/2015 11:23:14 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
11/7/2013 1:42:09 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
24576:JimKxG/+x2aOgkRVKFXbxLwVzb5ttGw9CQSrAKRSA979qKSy1/:jv7nEFXbxUN1+hRddYKZ1/

Entry address:
0x67F8

Entry point:
E8, F2, 56, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, A9, EC, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 2E, 2E, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, A8, A1, 41, 00, 74, 12, 8B, 0D, 60, 9F, 41, 00, 85, 48, 70, 75, 07, E8, CC, 60, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 68, 9E, 41, 00, 74, 16, 8B, 46, 08, 8B, 0D, 60, 9F, 41, 00...
 
[+]

Code size:
74 KB (75,776 bytes)

The file livesupport_update.exe has been seen being distributed by the following URL.

http://updates.livesupport.pcutilitiespro.com/LiveSupport_setup_1.2.7.exe

Remove livesupport_update.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.