winoptfilter_.exe

Window Optimizer

LLC

The application winoptfilter_.exe by LLC has been detected as adware by 2 anti-malware scanners. This file is typically installed with the program Window Optimizer by Digital Light Co..
Publisher:
Digital Light Co.  (signed by LLC )

Product:
Window Optimizer

Version:
2.9.1.2

MD5:
322d51f48d31c0fa3b7083bc508f9b00

SHA-1:
a33876b144bac07ba4f5654c84c6e7013b80b94d

SHA-256:
7c896b3c1e2c51eb350b5d85958771d35c354780df97f25935189fa43101a08b

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
11/23/2024 7:49:58 AM UTC  (today)

Scan engine
Detection
Engine version

ESET NOD32
Win32/Yelloader.A potentially unwanted (variant)
9.12401

Reason Heuristics
PUP.Amonitize.DigitalLightCo (M)
15.10.15.4

File size:
578.6 KB (592,512 bytes)

Product version:
2.9.1.2

Copyright:
Copyright (C) 2015

Original file name:
Window Optimizer

File type:
Executable application (Win32 EXE)

Language:
Russian (Russia)

Common path:
C:\Program Files\winoptfilter\winoptfilter_.exe

Digital Signature
Signed by:

Authority:
COMODO CA Limited

Valid from:
9/30/2015 7:00:00 PM

Valid to:
9/30/2016 6:59:59 PM

Subject:
CN="LLC ""AZ SOFT""", O="LLC ""AZ SOFT""", STREET="Vulytsya Dalnytska, Budynok 23/4, Ofis 310", L=Odesa, S=Odeska, PostalCode=65005, C=UA

Issuer:
CN=COMODO RSA Code Signing CA, O=COMODO CA Limited, L=Salford, S=Greater Manchester, C=GB

Serial number:
3CCA67117AE7C5BE2F99ECBA3ECC9F69

File PE Metadata
Compilation timestamp:
10/8/2015 9:20:13 AM

OS version:
6.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
12.0

CTPH (ssdeep):
12288:HEPhaSWiNZA5kn8FDA5eE6eJYkAMsHkphai9KAusODpT:HAvAKn8K5esYdfEpZ9/us4pT

Entry address:
0x39878

Entry point:
E8, F6, B2, 00, 00, E9, 7F, FE, FF, FF, E9, 5D, 06, 00, 00, 3B, 0D, 74, 76, 48, 00, 75, 02, F3, C3, E9, 8B, 17, 00, 00, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 57, 56, 8B, 74, 24, 10, 8B, 4C, 24, 14, 8B, 7C, 24, 0C, 8B, C1, 8B, D1, 03, C6, 3B, FE, 76, 08, 3B, F8, 0F, 82, 68, 03, 00, 00, 0F, BA, 25, E8, D8, 48, 00, 01, 73, 07, F3, A4, E9, 17, 03, 00, 00, 81, F9, 80, 00, 00, 00, 0F, 82, CE, 01, 00, 00, 8B, C7, 33, C6, A9, 0F, 00, 00, 00, 75, 0E, 0F, BA, 25, 70, 79, 48, 00, 01, 0F, 82, DA, 04, 00, 00, 0F, BA...
 
[+]

Entropy:
6.5988

Code size:
437 KB (447,488 bytes)

The file winoptfilter_.exe has been discovered within the following program.

Window Optimizer  by Digital Light Co.
45% remove it
 
Powered by Should I Remove It?

The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to 91.245.serverel.net  (173.214.245.91:80)

TCP (HTTP):
Connects to yyz08s13-in-f1.1e100.net  (74.125.226.97:80)

TCP (HTTP):
Connects to yx-in-f95.1e100.net  (64.233.177.95:80)

TCP (HTTP SSL):
Connects to yk-in-f155.1e100.net  (74.125.196.155:443)

TCP (HTTP SSL):
Connects to ya-in-f95.1e100.net  (173.194.219.95:443)

TCP (HTTP):
Connects to tacoda-atwola-prod-adcom_nwa_blue.evip.aol.com  (149.174.67.69:80)

TCP (HTTP SSL):
Connects to server-54-230-39-189.jfk1.r.cloudfront.net  (54.230.39.189:443)

TCP (HTTP SSL):
Connects to server-54-230-38-103.jfk1.r.cloudfront.net  (54.230.38.103:443)

TCP (HTTP):
Connects to server-54-230-138-41.lax1.r.cloudfront.net  (54.230.138.41:80)

TCP (HTTP):
Connects to server-54-192-54-134.jfk6.r.cloudfront.net  (54.192.54.134:80)

TCP (HTTP):
Connects to log-sj.adap.tv  (64.236.122.13:80)

TCP (HTTP):
Connects to lga25s41-in-f226.1e100.net  (216.58.219.226:80)

TCP (HTTP):
Connects to lga25s41-in-f1.1e100.net  (216.58.219.225:80)

TCP (HTTP SSL):
Connects to lga15s49-in-f25.1e100.net  (173.194.123.121:443)

TCP (HTTP):
Connects to lga15s48-in-f13.1e100.net  (173.194.123.77:80)

TCP (HTTP):
Connects to lga15s47-in-f30.1e100.net  (173.194.123.62:80)

TCP (HTTP):
Connects to lga15s46-in-f13.1e100.net  (173.194.123.13:80)

TCP (HTTP):
Connects to lga15s42-in-f26.1e100.net  (74.125.226.26:80)

TCP (HTTP):
Connects to ip-69.65.41.2.servernap.net  (69.65.41.2:80)

TCP (HTTP):
Connects to ec2-54-193-1-52.us-west-1.compute.amazonaws.com  (54.193.1.52:80)

Remove winoptfilter_.exe - Powered by Reason Core Security