» opprosetup.exe
Overview
Analysis
File Details
Downloads (1)

opprosetup.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application opprosetup.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.softservers.net.

File name:

opprosetup.exe

Publisher:

PC Utilities Software Limited (signed and verified)

MD5:

83f7892be70dad20e6b28bcc1fe77e2b

SHA-1:

86e7303d776236b4f726a65f86538206c6ad1564

SHA-256:

8b1a4523b42c9588076e728368b45db4cb20379f12d988ead47a6e8bcf1cf593

Scanner detections:

1 / 68

Status:

Potentially unwanted

Explanation:

Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:

11/15/2024 4:45:17 AM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.PC Utilities.PCUtilities.Installer (M)

16.1.31.6

File size:

5.1 MB (5,397,576 bytes)

File type:

Executable application (Win32 EXE)

Language:

Serbio (latino, Serbia)

Common path:

C:\users\{user}\appdata\local\temp\{random}.tmp\temp\opprosetup.exe

Digital Signature

Signed by:

PC Utilities Software Limited

Authority:

GoDaddy.com, Inc.

Valid from:

4/18/2014 11:34:54 AM

Valid to:

4/18/2015 11:34:54 AM

Subject:

CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, C=GB

Issuer:

SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:

4B6A44F88EC8CF

File PE Metadata

Compilation timestamp:

7/2/2014 6:48:07 AM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:i3F6XOOMZVRJ1rmtla+CUzE/eapk8ihakgIUn8MRrNbz61C0:wFgOOMZzJobqeaf1qUnHrNbz61t

Entry address:

0x6869

Entry point:

E8, 67, 5F, 00, 00, E9, 89, FE, FF, FF, FF, 35, 84, E2, 41, 00, FF, 15, 58, 60, 41, 00, 85, C0, 74, 02, FF, D0, 6A, 19, E8, D9, 53, 00, 00, 6A, 01, 6A, 00, E8, FC, 2E, 00, 00, 83, C4, 0C, E9, C1, 2E, 00, 00, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B... 
[+]

Code size:

81.5 KB (83,456 bytes)

The file opprosetup.exe has been seen being distributed by the following URL.

http://dl.softservers.net/.../OptimizerPro.exe

Remove opprosetup.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.