home

optimizerproinstaller.exe

Optimizer Pro

Subeo Tech, Inc.

The application optimizerproinstaller.exe, “Fix, clean, optimize your PC!” by Subeo Tech has been detected as a potentially unwanted program by 10 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.premiumsave.info and multiple other hosts.
Publisher:
PC Utilities Pro  (signed by Subeo Tech, Inc.)

Product:
Optimizer Pro

Description:
Fix, clean, optimize your PC!

Version:
3.0.1.0

MD5:
e79087c78a617ab83d4115fc573d92cd

SHA-1:
89be2b41d0f17493d721cd0b5f1a9b1e91604cfa

SHA-256:
a71557d7bcb86913a762f2aacf959b148b3d159af1e463abd86bea41796e548e

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 2:47:53 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OptimizerPro
2013.07.10

avast!
Win32:Dropper-gen [Drp]
2014.9-131225

AVG
PCCleaner.B
2014.0.3615

Baidu Antivirus
AdWare.Win32.SpeedingUpMyPC
4.0.3.1412

Boost by Reason
Optional.SubeoTech.V
188163

Comodo Security
Heur.Suspicious
16572

ESET NOD32
Win32/Adware.SpeedingUpMyPC (variant)
7.8548

herdProtect (fuzzy)
variant of registryoptimizer.exe (PUP)
2014.1.2.11

IKARUS anti.virus
Virus.Win32.Dropper
t3scan.2.0.127

Reason Heuristics
PUP.Optional.SubeoTech.V
14.2.22.22

File size:
2.6 MB (2,686,768 bytes)

Product version:
3.0.1.0

Copyright:
PC Utilities Pro

Trademarks:
PC Utilities Pro

Original file name:
OptimizerPro

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Signed by:
Subeo Tech, Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
11/22/2011 3:49:01 PM

Valid to:
11/21/2012 7:14:37 PM

Subject:
CN="Subeo Tech, Inc.", O="Subeo Tech, Inc.", L=Reno, S=NV, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27D4E25FB4CFE9

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:t2Su6yRIX0B2BnrBrsQIO5ql4cXJwvE7xornYgei7ABYA8mCLb3zxt2:4cyRIX8IrBr95CJGKxoTgi7AaA8mCH3y

Entry address:
0x12848

Entry point:
55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, D0, 27, 41, 00, E8, C0, 2D, FF, FF, 33, C0, 55, 68, 7F, 2A, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, 33, C0, E8, 60, 00, FF, FF, 8B, 45, E8, 8D, 55, EC, E8, E9, 47, FF, FF, 8B, 55, EC, B8, 7C, 48, 41, 00, E8, 04, 12, FF, FF, 8D, 55, E4, A1, 7C, 48, 41, 00, E8, FF, 82, FF, FF, 8B, 55, E4, B8, 7C, 48, 41, 00, E8, EA, 11, FF, FF, B8, 80, 48, 41, 00, BA, 98, 2A, 41, 00, E8, DB, 11, FF, FF, A1, 80, 48, 41, 00, E8, 01, 46, FF, FF, 84...
 
[+]

Entropy:
7.9762

Developed / compiled with:
Microsoft Visual C++

Code size:
71 KB (72,704 bytes)

The file optimizerproinstaller.exe has been seen being distributed by the following 2 URLs.

http://www.premiumsave.info/installmate/.../optimizerpro15.exe

http://www.nlstorage.info/installmate/.../optimizerpro15.exe

Remove optimizerproinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.