home

optimizerpro18.exe

Optimizer Pro

Subeo Tech, Inc.

The application optimizerpro18.exe, “Fix, clean, optimize your PC!” by Subeo Tech has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup program which is used to install the application. It is also typically executed from an Internet Explorer cache folder. The file has been seen being downloaded from i1.installbox1.info and multiple other hosts.
Publisher:
PC Utilities Pro  (signed by Subeo Tech, Inc.)

Product:
Optimizer Pro

Description:
Fix, clean, optimize your PC!

Version:
3.0.1.0

MD5:
adbd07fb857010fa1073ad69d7336e56

SHA-1:
d64696bd5cc86379feb51dd3b55ad8ec32c6cb46

SHA-256:
1eade87145c6f04f7164e85a58abbcdea15b81843cdca8654ce7261248f7ff6c

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
12/26/2024 12:24:01 AM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
ApplicUnwnt
16082

Emsisoft Anti-Malware
Adware.Win32.SpeedingUpMyPC.AMN
8.13.12.26.11

ESET NOD32
Win32/Adware.SpeedingUpMyPC (variant)
7.8274

herdProtect (fuzzy)
variant of optimizerproinstaller.exe (PUP)
2014.1.5.16

Malwarebytes
PUP.Optional.OptimizePro.A
v2014.01.05.04

MicroWorld eScan
Win32/Adware.SpeedingUpMyPC.A
15.0.0.15

Reason Heuristics
PUP.Optional.SubeoTech.O
14.2.16.8

Rising Antivirus
Trojan.Win32.Generic.137661CA
23.00.65.14103

Trend Micro House Call
TROJ_GEN.F47V1127
7.2.360

File size:
4 MB (4,171,296 bytes)

Product version:
3.0.1.0

Copyright:
PC Utilities Pro

Trademarks:
PC Utilities Pro

Original file name:
OptimizerPro

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\temporary internet files\content.ie5\{random}\optimizerpro18.exe

Digital Signature
Signed by:
Subeo Tech, Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
10/15/2012 11:52:11 PM

Valid to:
10/15/2015 11:41:53 PM

Subject:
CN="Subeo Tech, Inc.", O="Subeo Tech, Inc.", L=Reno, S=NV, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B71FFD6601803

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:JJzytbQjlRePmeeekWG3MBW4pOF+Fo58jWaCj:GQR+DPjW4nI8jWZj

Entry address:
0x12848

Entry point:
55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, D0, 27, 41, 00, E8, C0, 2D, FF, FF, 33, C0, 55, 68, 7F, 2A, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, 33, C0, E8, 60, 00, FF, FF, 8B, 45, E8, 8D, 55, EC, E8, E9, 47, FF, FF, 8B, 55, EC, B8, 7C, 48, 41, 00, E8, 04, 12, FF, FF, 8D, 55, E4, A1, 7C, 48, 41, 00, E8, FF, 82, FF, FF, 8B, 55, E4, B8, 7C, 48, 41, 00, E8, EA, 11, FF, FF, B8, 80, 48, 41, 00, BA, 98, 2A, 41, 00, E8, DB, 11, FF, FF, A1, 80, 48, 41, 00, E8, 01, 46, FF, FF, 84...
 
[+]

Entropy:
7.9886  (probably packed)

Code size:
71 KB (72,704 bytes)

The file optimizerpro18.exe has been seen being distributed by the following 2 URLs.

http://i1.installbox1.info/.../optimizerpro18.exe

http://i1.reportbox3.info/.../optimizerpro18.exe

Remove optimizerpro18.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.