optimizerproinstaller.exe

PC Utilities Software Limited

Part of the Optimizer Pro / Driver 'PC optimizer' product lines marketed by Adsology and distributed through various bundled software (PPI and commission) channels. The application optimizerproinstaller.exe by PC Utilities Software Limited has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from dl.softservers.net. While running, it connects to the Internet address dl.softservers.net on port 80 using the HTTP protocol.
Publisher:
PC Utilities Software Limited  (signed and verified)

MD5:
60ef03b0731be637dbf2b132ebca2aa1

SHA-1:
07ee15d28202c8feb0250faa7e5651966f951478

SHA-256:
95fa0ad51fdc1a5a30cbf75ecc1ded8f5b3a3cdb2bc5bdf5793549b5c36cfa92

Scanner detections:
1 / 68

Status:
Potentially unwanted

Explanation:
Installed with the Optimizer Pro software which is bundled by 3rd-party monetization programs.

Analysis date:
11/15/2024 4:48:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.PC Utilities.PCUtilit.Installer (M)
16.6.29.20

File size:
5 MB (5,226,504 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Authority:
GoDaddy.com, Inc.

Valid from:
4/5/2013 11:29:35 AM

Valid to:
4/3/2015 7:23:14 AM

Subject:
CN=PC Utilities Software Limited, O=PC Utilities Software Limited, L=London, S=UK, C=GB

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
2B239BABC97410

File PE Metadata
Compilation timestamp:
2/5/2014 1:10:00 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:ciqwFedmg1JboOMg98gxSaK44ktSB6nlARuJd5zknE:cq2DkOMyvxSa63B6lARuJ3YE

Entry address:
0x3D74C

Entry point:
55, 8B, EC, 83, C4, F0, B8, B0, A5, 43, 00, E8, 14, C4, FC, FF, E8, 03, 86, FC, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
7.9662

Developed / compiled with:
Microsoft Visual C++

Code size:
240.5 KB (246,272 bytes)

The file optimizerproinstaller.exe has been seen being distributed by the following URL.

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to domore.pcutilitiespro.revenuewire.net  (199.83.128.157:80)

 
http://domore.pcutilitiespro.revenuewire.net/optimizerpro/register?232594885-US-002_D7D3259A-320B-8325-BD80-432593E5

TCP (HTTP):
Connects to dl.softservers.net  (198.20.70.67:80)

TCP (HTTP):
Connects to bi.softservers.net  (184.154.38.36:80)

Remove optimizerproinstaller.exe - Powered by Reason Core Security