home

optimizerproinstaller.exe

Optimizer Pro

Subeo Tech, Inc.

The application optimizerproinstaller.exe, “Fix, clean, optimize your PC!” by Subeo Tech has been detected as a potentially unwanted program by 9 anti-malware scanners. This is a setup and installation application and has been known to bundle potentially unwanted software. It is also typically executed from the user's temporary directory. The file has been seen being downloaded from www.nlstorage.info.
Publisher:
PC Utilities Pro  (signed by Subeo Tech, Inc.)

Product:
Optimizer Pro

Description:
Fix, clean, optimize your PC!

Version:
3.0.1.0

MD5:
430fe90a0f51bfcfd78f4f7f9a33266e

SHA-1:
9ba1dbf133d1cdd2e0d780dbbd119071c26234f6

SHA-256:
aca2cce972073cacc2194a9cf349254859d79fa5915810b19bf8e18b43a33887

Scanner detections:
9 / 68

Status:
Potentially unwanted

Analysis date:
11/14/2024 3:21:16 PM UTC  (today)

Scan engine
Detection
Engine version

AhnLab V3 Security
PUP/Win32.OptimizerPro
2013.10.21

avast!
Win32:Dropper-gen [Drp]
2014.9-140327

AVG
PCCleaner.B.dropper
2015.0.3522

Baidu Antivirus
AdWare.Win32.SpeedingUpMyPC
4.0.3.14327

Bkav FE
HW32.FilDoer
1.3.0.4261

Comodo Security
Heur.Suspicious
17137

ESET NOD32
Win32/Adware.SpeedingUpMyPC (variant)
8.8943

Malwarebytes
PUP.Optional.OptimizePro.A
v2014.03.27.06

Reason Heuristics
PUP.Optional.SubeoTech.V
14.3.27.18

File size:
2.6 MB (2,686,768 bytes)

Product version:
3.0.1.0

Copyright:
PC Utilities Pro

Trademarks:
PC Utilities Pro

Original file name:
OptimizerPro

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\addons\optimizerproinstaller.exe

Digital Signature
Signed by:
Subeo Tech, Inc.

Authority:
GoDaddy.com, Inc.

Valid from:
11/22/2011 3:49:01 PM

Valid to:
11/21/2012 7:14:37 PM

Subject:
CN="Subeo Tech, Inc.", O="Subeo Tech, Inc.", L=Reno, S=NV, C=US

Issuer:
SERIALNUMBER=07969287, CN=Go Daddy Secure Certification Authority, OU=http://certificates.godaddy.com/repository, O="GoDaddy.com, Inc.", L=Scottsdale, S=Arizona, C=US

Serial number:
27D4E25FB4CFE9

File PE Metadata
Compilation timestamp:
6/20/1992 1:22:17 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:E2nu6yRIX0B2BnrBrsQIO5qlrNvOS5f9dwgPSuGs+O4ZtH:JPyRIX8IrBr95CrNv7PPS9sn4f

Entry address:
0x12848

Entry point:
55, 8B, EC, B9, 08, 00, 00, 00, 6A, 00, 6A, 00, 49, 75, F9, 53, 56, 57, B8, D0, 27, 41, 00, E8, C0, 2D, FF, FF, 33, C0, 55, 68, 7F, 2A, 41, 00, 64, FF, 30, 64, 89, 20, 8D, 55, E8, 33, C0, E8, 60, 00, FF, FF, 8B, 45, E8, 8D, 55, EC, E8, E9, 47, FF, FF, 8B, 55, EC, B8, 7C, 48, 41, 00, E8, 04, 12, FF, FF, 8D, 55, E4, A1, 7C, 48, 41, 00, E8, FF, 82, FF, FF, 8B, 55, E4, B8, 7C, 48, 41, 00, E8, EA, 11, FF, FF, B8, 80, 48, 41, 00, BA, 98, 2A, 41, 00, E8, DB, 11, FF, FF, A1, 80, 48, 41, 00, E8, 01, 46, FF, FF, 84...
 
[+]

Entropy:
7.9763

Developed / compiled with:
Microsoft Visual C++

Code size:
71 KB (72,704 bytes)

The file optimizerproinstaller.exe has been seen being distributed by the following URL.

http://www.nlstorage.info/installmate/.../optimizerpro18.exe

Remove optimizerproinstaller.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.