optimizerpro5.exe

Optimizer Pro v3.2

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerpro5.exe, “OptimizerPro – Clean up your PC” by PC Utilities Software Limited has been detected as a potentially unwanted program by 21 anti-malware scanners. This is a setup program which is used to install the application. The file has been seen being downloaded from cdn2.chironexfleckerisilver.com.
Publisher:
PC Utilities Software Limited  (signed and verified)

Product:
Optimizer Pro v3.2

Description:
OptimizerPro – Clean up your PC

Version:
3.2.0.3

MD5:
b28a09eae8266d377288d948e5f5ec09

SHA-1:
13ef9467ef4ebbec6db112b8282c2d7c98212d6b

SHA-256:
23fd7b78745733bf3b4cb8f8cbf176fc2bc31efcd1fe67e3e06c533e4c29cc3c

Scanner detections:
21 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
11/5/2024 8:20:23 AM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Riskware.SpeedingUpMyPC
7.1.1

avast!
OptimizerPro-G [PUP]
2014.9-150714

AVG
Generic
2016.0.3142

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Agent-43056
0.98/20551

Comodo Security
Application.Win32.OptimizerPro.FY
21717

Dr.Web
riskware program Program.Unwanted.295
9.0.1.0101

Emsisoft Anti-Malware
Gen:Variant.Adware.Mikey.11354
8.15.07.14.09

ESET NOD32
Win32/Adware.SpeedingUpMyPC.AA application
9.7.0.302.0

Fortinet FortiGate
Riskware/ArchSMS
4/11/2015

F-Secure
Gen:Variant.Adware.Mikey
11.2015-14-07_3

G Data
Win32.Application.OptimizerPro
15.4.25

Kaspersky
Hoax.Win32.ArchSMS
14.0.0.2206

Malwarebytes
PUP.Optional.OptimizerPro
v2015.04.11.08

McAfee
Artemis!4CFD8AF2562F
5600.6798

MicroWorld eScan
Gen:Variant.Adware.Mikey.11354
16.0.0.585

Norman
Gen:Variant.Adware.Mikey.11354
11.20150714

Panda Antivirus
Trj/Genetic.gen
15.04.11.08

Reason Heuristics
PUP.PC Utilities
15.4.11.16

VIPRE Antivirus
Threat.4893613
40828

File size:
6.2 MB (6,543,312 bytes)

Product version:
3.2.0.3

Copyright:
PC Utilities Software Limited

Original file name:
Optimizer Pro

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\4sryrye2\optimizerpro5.exe

Digital Signature
Authority:
COMODO CA Limited

Valid from:
11/20/2014 5:00:00 PM

Valid to:
11/21/2015 4:59:59 PM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, STREET=78 York Street, L=London, PostalCode=W1H 1DP, C=GB

Issuer:
CN=COMODO Code Signing CA 2, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
00F10854548D47F74C920D7091D9057D6E

File PE Metadata
Compilation timestamp:
4/8/2015 4:48:42 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:1ZATtVOo4qty5LOmHtEix/mrChXeutdWavXXH9zT6GuQA+Vo4F0R4Mpj8hGGaw9/:1OxVOVqk99Gix/mWtthXkPeo17Yh9H9/

Entry address:
0x13907

Entry point:
E8, 86, 7A, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 00, 65, 42, 00, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 5F, 89, 45, FC, 5E, 85, C0, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 1C, 61, 42, 00, C9, C2, 08, 00, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00...
 
[+]

Entropy:
7.9773  (probably packed)

Code size:
144.5 KB (147,968 bytes)

The file optimizerpro5.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communication in live environments.

TCP (HTTP):
Connects to ec2-54-72-9-115.eu-west-1.compute.amazonaws.com  (54.72.9.115:80)

Remove optimizerpro5.exe - Powered by Reason Core Security