optimizerpro4.exe

Optimizer Pro v3.2

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerpro4.exe, “Optimizer Pro – Clean up your PC” by PC Utilities Software Limited has been detected as a potentially unwanted program by 26 anti-malware scanners. This is a setup program which is used to install the application. Also know as BrowserDefender, this bundled service will prevent various web browser toolbars and extensions from running as well as block changes to the search page and provider.
Publisher:
PCUtilities Software Limited  (signed by PC Utilities Software Limited)

Product:
Optimizer Pro v3.2

Description:
Optimizer Pro – Clean up your PC

Version:
3.3.1.7

MD5:
27081f1125fcb718a7247193fefa7468

SHA-1:
997bc95e8e61be7aff421d2ee6382600b367b36e

SHA-256:
58981603210361384b764a2d88c0375885148218d0088b6d2f65f66a313af75d

Scanner detections:
26 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
11/5/2024 8:21:07 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Trojan.Inject
7.1.1

Avira AntiVirus
TR/Bprotector.1969704
7.11.217.14

avast!
PUP-gen [PUP]
2014.9-150404

AVG
Generic
2016.0.3150

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Trojan.Inject-10791
0.98/21511

Dr.Web
Threat.Undefined
9.0.1.094

ESET NOD32
Win32/Adware.SpeedingUpMyPC.AB
9.11380

Fortinet FortiGate
W32/Inject.UMUB!tr
4/4/2015

G Data
Win32.Application.OptimizerPro
15.4.25

herdProtect (fuzzy)
2015.7.8.15

IKARUS anti.virus
Trojan.SuspectCRC
t3scan.1.8.6.0

K7 AntiVirus
Adware
13.202.15389

Kaspersky
Trojan.Win32.Inject
14.0.0.2243

Malwarebytes
PUP.Optional.OptimizerPR0
v2015.04.04.08

McAfee
Artemis!83104CC0EBA4
5600.6806

NANO AntiVirus
Trojan.Win32.Inject.dpcnsi
0.30.8.659

Panda Antivirus
Trj/Genetic.gen
15.04.04.08

Qihoo 360 Security
Win32/Trojan.Multi.daf
1.0.0.1015

Reason Heuristics
PUP.PC Utilities
15.4.4.8

Sophos
Mal/Generic-S
4.98

Trend Micro House Call
TROJ_GEN.R047C0ECH15
7.2.94

Trend Micro
TROJ_GEN.R047C0ECH15
10.465.04

Vba32 AntiVirus
Trojan.Inject
3.12.26.3

VIPRE Antivirus
Threat.4150696
37788

Zillya! Antivirus
Trojan.Inject.Win32.159775
2.0.0.2117

File size:
7 MB (7,346,640 bytes)

Product version:
3.3.1.7

Copyright:
PCUtilities Software Limited

Original file name:
OptimizerPR0

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\ProgramData\{5ee17a7f-f28b-db87-5ee1-17a7ff28e9ff}\optimizerpro4.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/20/2014 5:00:00 PM

Valid to:
11/21/2015 4:59:59 PM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, STREET=78 York Street, L=London, PostalCode=W1H 1DP, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F10854548D47F74C920D7091D9057D6E

File PE Metadata
Compilation timestamp:
3/4/2015 6:39:40 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
196608:J0ZoF2s4hOn80p14Zu5rFRrErO34UrUPT4ARHvW0cE6:J0ZA2C8U4Zud934g2PwE6

Entry address:
0xA193

Entry point:
E8, 97, 76, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 8B, 45, 08, 85, C0, 74, 12, 83, E8, 08, 81, 38, DD, DD, 00, 00, 75, 07, 50, E8, 28, ED, FF, FF, 59, 5D, C3, 8B, FF, 55, 8B, EC, 83, EC, 10, A1, F0, 36, 43, 00, 33, C5, 89, 45, FC, 8B, 55, 18, 53, 33, DB, 56, 57, 3B, D3, 7E, 1F, 8B, 45, 14, 8B, CA, 49, 38, 18, 74, 08, 40, 3B, CB, 75, F6, 83, C9, FF, 8B, C2, 2B, C1, 48, 3B, C2, 7D, 01, 40, 89, 45, 18, 89, 5D, F8, 39, 5D, 24, 75, 0B, 8B, 45, 08, 8B, 00, 8B, 40, 04, 89, 45, 24, 8B, 35, 40, A1, 42, 00...
 
[+]

Entropy:
7.9798  (probably packed)

Code size:
163 KB (166,912 bytes)

The file optimizerpro4.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-72-9-115.eu-west-1.compute.amazonaws.com  (54.72.9.115:80)

Remove optimizerpro4.exe - Powered by Reason Core Security