File name:

PCOptimizerProInstaller.exe

Full analysis: https://app.any.run/tasks/0e064131-5316-4d29-83bf-09179546f926
Verdict: Malicious activity
Analysis date: December 27, 2024, 07:38:43
OS: Windows 10 Professional (build: 19045, 64 bit)
Indicators:
MIME: application/vnd.microsoft.portable-executable
File info: PE32 executable (GUI) Intel 80386, for MS Windows, Nullsoft Installer self-extracting archive, 5 sections
MD5:

A50C74202E2F4D938BABF556B9F54725

SHA1:

6810DB1606CAC6AB19EDBAA49620BA197EF7BC64

SHA256:

937CCAD21C0271169104539269B5F3FAA43D6CA2E36D676FBF9B6FA6DF41B40A

SSDEEP:

49152:ow3E/lpFJpOhj8ZJvL/QAwN1h1zjZblxwr2UGlm3qnzvSZsrKCB4TlwuwHNBb2j:paa4Zpc7h15bDwvGA6zvSZse7TSoj

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Registers / Runs the DLL via REGSVR32.EXE

      • PCOptimizerProInstaller.exe (PID: 6524)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • PCOptimizerProInstaller.exe (PID: 6524)

    • Malware-specific behavior (creating "System.dll" in Temp)

      • PCOptimizerProInstaller.exe (PID: 6524)

    • The process creates files with name similar to system file names

      • PCOptimizerProInstaller.exe (PID: 6524)

    • Creates a software uninstall entry

      • PCOptimizerProInstaller.exe (PID: 6524)

    • Reads security settings of Internet Explorer

      • PCOptimizerProStartApps.exe (PID: 7008)
      • PCOptimizerPro.exe (PID: 7144)

    • Checks Windows Trust Settings

      • PCOptimizerPro.exe (PID: 7144)

  • INFO

    • Checks supported languages

      • PCOptimizerProInstaller.exe (PID: 6524)
      • PCOptimizerProStartApps.exe (PID: 7008)
      • PCOptimizerPro.exe (PID: 7144)

    • The sample compiled with english language support

      • PCOptimizerProInstaller.exe (PID: 6524)

    • Create files in a temporary directory

      • PCOptimizerProInstaller.exe (PID: 6524)
      • PCOptimizerPro.exe (PID: 7144)

    • Creates files in the program directory

      • PCOptimizerProInstaller.exe (PID: 6524)
      • PCOptimizerPro.exe (PID: 7144)

    • Sends debugging messages

      • regsvr32.exe (PID: 6960)

    • Reads the computer name

      • PCOptimizerProInstaller.exe (PID: 6524)
      • PCOptimizerPro.exe (PID: 7144)

    • The process uses the downloaded file

      • PCOptimizerProStartApps.exe (PID: 7008)

    • Process checks computer location settings

      • PCOptimizerProStartApps.exe (PID: 7008)

    • Reads CPU info

      • PCOptimizerPro.exe (PID: 7144)

    • Checks proxy server information

      • PCOptimizerPro.exe (PID: 7144)

    • Reads the software policy settings

      • PCOptimizerPro.exe (PID: 7144)

    • Reads the machine GUID from the registry

      • PCOptimizerPro.exe (PID: 7144)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable MS Visual C++ (generic) (42.2)
.exe | Win64 Executable (generic) (37.3)
.dll | Win32 Dynamic Link Library (generic) (8.8)
.exe | Win32 Executable (generic) (6)
.exe | Generic Win/DOS Executable (2.7)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 2019:12:16 00:50:56+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, 32-bit
PEType: PE32
LinkerVersion: 6
CodeSize: 25600
InitializedDataSize: 162816
UninitializedDataSize: 1024
EntryPoint: 0x326b
OSVersion: 4
ImageVersion: 6
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 8.1.1.6
ProductVersionNumber: 8.1.1.6
FileFlagsMask: 0x0000
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: Spanish (Castilian)
CharacterSet: Windows, Latin1
Comments: PC Optimizer Pro Nothing optimize your PC better for more details visit http://www.pcoptmizerpro.com
CompanyName: Xportsoft.com
FileDescription: PC Optimizer Pro
FileVersion: 8.1.1.6
InternalName: PC Optimizer Pro Nothing optimize your PC better
LegalCopyright: (c) Xportsoft Technologies. All rights reserved.
LegalTrademarks: Xportsoft Technoliges Pvt. Ltd.
OriginalFileName: PC Optimizer Pro
ProductName: PC Optimizer Pro
ProductVersion: 8.1.1.6
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
128
Monitored processes
5
Malicious processes
1
Suspicious processes
0

Behavior graph

Click at the process to see the details
start pcoptimizerproinstaller.exe regsvr32.exe pcoptimizerprostartapps.exe no specs pcoptimizerpro.exe pcoptimizerproinstaller.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
6320"C:\Users\admin\AppData\Local\Temp\PCOptimizerProInstaller.exe" C:\Users\admin\AppData\Local\Temp\PCOptimizerProInstaller.exeexplorer.exe
User:
admin
Company:
Xportsoft.com
Integrity Level:
MEDIUM
Description:
PC Optimizer Pro
Exit code:
3221226540
Version:
8.1.1.6
Modules
Images
c:\users\admin\appdata\local\temp\pcoptimizerproinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
6524"C:\Users\admin\AppData\Local\Temp\PCOptimizerProInstaller.exe" C:\Users\admin\AppData\Local\Temp\PCOptimizerProInstaller.exe
explorer.exe
User:
admin
Company:
Xportsoft.com
Integrity Level:
HIGH
Description:
PC Optimizer Pro
Exit code:
0
Version:
8.1.1.6
Modules
Images
c:\users\admin\appdata\local\temp\pcoptimizerproinstaller.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
6960regsvr32.exe /s "C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll" C:\Windows\SysWOW64\regsvr32.exe
PCOptimizerProInstaller.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
HIGH
Description:
Microsoft(C) Register Server
Exit code:
0
Version:
10.0.19041.1 (WinBuild.160101.0800)
Modules
Images
c:\windows\syswow64\regsvr32.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\aclayers.dll
7008"C:\Program Files\PC Optimizer Pro\PCOPtimizerproStartApps.exe" "C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe"C:\Program Files\PC Optimizer Pro\PCOptimizerProStartApps.exePCOptimizerProInstaller.exe
User:
admin
Company:
Xportsoft Technologies
Integrity Level:
HIGH
Description:
Starting up the applicaiton
Exit code:
0
Version:
1.0.0.9
Modules
Images
c:\program files\pc optimizer pro\pcoptimizerprostartapps.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
7144"C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe" C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
PCOptimizerProStartApps.exe
User:
admin
Company:
Xportsoft Technologies
Integrity Level:
HIGH
Description:
Nothing optimize your PC better
Version:
8, 1, 1, 6
Modules
Images
c:\program files\pc optimizer pro\pcoptimizerpro.exe
c:\windows\system32\ntdll.dll
c:\windows\syswow64\ntdll.dll
c:\windows\system32\wow64.dll
c:\windows\system32\wow64win.dll
c:\windows\system32\wow64cpu.dll
c:\windows\syswow64\kernel32.dll
c:\windows\syswow64\kernelbase.dll
c:\windows\syswow64\apphelp.dll
c:\windows\syswow64\user32.dll
Total events
1 347
Read events
1 316
Write events
26
Delete events
5

Modification events

(PID) Process:(6960) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(6960) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}\InprocServer32
Operation:delete keyName:(default)
Value:
(PID) Process:(6960) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}
Operation:delete keyName:(default)
Value:
(PID) Process:(6960) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\*\shellex\ContextMenuHandlers\PCProCtxMenu
Operation:delete keyName:(default)
Value:
(PID) Process:(6960) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\lnkfile\shellex\ContextMenuHandlers\PCProCtxMenu
Operation:delete keyName:(default)
Value:
(PID) Process:(6960) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{12AB121E-44C6-488B-8773-B0AE25E662E1}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6960) regsvr32.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{12AB121E-44C6-488B-8773-B0AE25E662E1}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(6524) PCOptimizerProInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Optimizer Pro
Operation:writeName:DisplayName
Value:
PC Optimizer Pro
(PID) Process:(6524) PCOptimizerProInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Optimizer Pro
Operation:writeName:UninstallString
Value:
C:\Program Files\PC Optimizer Pro\uninst.exe
(PID) Process:(6524) PCOptimizerProInstaller.exeKey:HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PC Optimizer Pro
Operation:writeName:DisplayIcon
Value:
C:\Program Files\PC Optimizer Pro\PCOptimizerPro.exe
Executable files
10
Suspicious files
14
Text files
9
Unknown types
0

Dropped files

PID
Process
Filename
Type
6524PCOptimizerProInstaller.exeC:\Users\admin\AppData\Local\Temp\nsr5BD0.tmp\modern-header.bmpimage
MD5:2E9AD88F5A52C0CBDBE3D4FD93DCF6CC
SHA256:D31D0DA901EDA4A56BC1AA899F69BA90CC2B8338AE382CEFA088DDFDBCA41A58
6524PCOptimizerProInstaller.exeC:\Users\admin\AppData\Local\Temp\nsr5BD0.tmp\nsDialogs.dllexecutable
MD5:AB101F38562C8545A641E95172C354B4
SHA256:3CDF3E24C87666ED5C582B8B028C01EE6AC16D5A9B8D8D684AE67605376786EA
6524PCOptimizerProInstaller.exeC:\Program Files\PC Optimizer Pro\PCOptimizerProStartApps.exeexecutable
MD5:FEF32B3E500338788F90A80DF1CE328B
SHA256:877E4CE4230C68504DBA02BE9EA2A17D5FF52FC08E1E25A386F1E49BAF2373B8
6524PCOptimizerProInstaller.exeC:\Users\admin\AppData\Local\Temp\nsr5BD0.tmp\GetVersion.dllexecutable
MD5:DC9562578490DF8BC464071F125BFC19
SHA256:0351FE33A6EB13417437C1BAAEE248442FB1ECC2C65940C9996BCDA574677C3F
6524PCOptimizerProInstaller.exeC:\Program Files\PC Optimizer Pro\PCOptimizerPro.exeexecutable
MD5:E3EAF30B68A0D5D7ECC66EE20245DA04
SHA256:81AC2BF8338D5068BF224A058B9DA8F45CF7CD19F76EAD74DC356A1CAB305DC4
6524PCOptimizerProInstaller.exeC:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dllexecutable
MD5:A48A127D70AE86AF98508F2AD7B51728
SHA256:B92120A3B97183DE620AFCA0770958EC21A5BA97F84D8630AF687057E6558A0E
6524PCOptimizerProInstaller.exeC:\Users\admin\AppData\Local\Temp\nsr5BD0.tmp\System.dllexecutable
MD5:FBE295E5A1ACFBD0A6271898F885FE6A
SHA256:A1390A78533C47E55CC364E97AF431117126D04A7FAED49390210EA3E89DD0E1
6524PCOptimizerProInstaller.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro\Live Support.urlbinary
MD5:EB04CCAA8B853BEF9978CF425842A11D
SHA256:AA8E20377AA67040E7178CB24119674CBA8C543ED28A08E54A0C26C9EDDF4FF8
6524PCOptimizerProInstaller.exeC:\Program Files\PC Optimizer Pro\Languages\ES.xmlxml
MD5:A7E9104C1DE46483560E151F85A4A9E1
SHA256:6E5B9045D103B446873868C02CD90C33EE4C79D24885411486EA9EB5F14EF110
6524PCOptimizerProInstaller.exeC:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Optimizer Pro\Visit Website.urlbinary
MD5:C4FB9A78EECDC05DD9302A4045C42BC5
SHA256:BA4E66F656828F8573998495209A7BD5641E2C01E43A3CBAC73242FE32248D1E
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
15
TCP/UDP connections
35
DNS requests
17
Threats
3

HTTP requests

PID
Process
Method
HTTP Code
IP
URL
CN
Type
Size
Reputation
7144
PCOptimizerPro.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/admin/isrenewed.aspx?bitver=32&h=&uq=525400A80C84&uq1=18F7786F96EE&uq2=000000000000&tid=GLF&tidsub=1
unknown
whitelisted
7144
PCOptimizerPro.exe
GET
200
104.18.38.233:80
http://ocsp.comodoca.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBRTtU9uFqgVGHhJwXZyWCNXmVR5ngQUoBEKIz6W8Qfs4q8p74Klf9AwpLQCEDlyRDr5IrdR19NsEN0xNZU%3D
unknown
whitelisted
7144
PCOptimizerPro.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/admin/islivechat.aspx?bit=32&tid=GLF&tidsub=1&lang=EN
unknown
whitelisted
1176
svchost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBSAUQYBMq2awn1Rh6Doh%2FsBYgFV7gQUA95QNVbRTLtm8KPiGxvDl7I90VUCEAJ0LqoXyo4hxxe7H%2Fz9DKA%3D
unknown
whitelisted
7144
PCOptimizerPro.exe
GET
200
172.64.149.23:80
http://ocsp.usertrust.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBTNMNJMNDqCqx8FcBWK16EHdimS6QQUU3m%2FWqorSs9UgOHYm8Cd8rIDZssCEGxVq9vQB5LHnQcM2BGe1r8%3D
unknown
whitelisted
7144
PCOptimizerPro.exe
GET
301
50.63.8.124:80
http://www.pcoptimizerpro.com/admin/showongui.aspx?bit=32&tid=GLF&tidsub=1&lang=EN
unknown
whitelisted
2484
backgroundTaskHost.exe
GET
200
192.229.221.95:80
http://ocsp.digicert.com/MFEwTzBNMEswSTAJBgUrDgMCGgUABBQ50otx%2Fh0Ztl%2Bz8SiPI7wEWVxDlQQUTiJUIBiV5uNu5g%2F6%2BrkS7QYXjzkCEAUZZSZEml49Gjh0j13P68w%3D
unknown
whitelisted
1544
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Product%20Root%20Certificate%20Authority%202018.crl
unknown
whitelisted
1544
SIHClient.exe
GET
200
95.101.149.131:80
http://www.microsoft.com/pkiops/crl/Microsoft%20ECC%20Update%20Secure%20Server%20CA%202.1.crl
unknown
whitelisted
GET
200
2.16.164.49:80
http://crl.microsoft.com/pki/crl/products/MicRooCerAut2011_2011_03_22.crl
unknown
whitelisted
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
192.168.100.255:137
whitelisted
4.231.128.59:443
settings-win.data.microsoft.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
2.16.164.49:80
crl.microsoft.com
Akamai International B.V.
NL
whitelisted
95.101.149.131:80
www.microsoft.com
Akamai International B.V.
NL
whitelisted
4
System
192.168.100.255:138
whitelisted
5064
SearchApp.exe
2.23.209.177:443
www.bing.com
Akamai International B.V.
GB
whitelisted
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1176
svchost.exe
40.126.31.67:443
login.live.com
MICROSOFT-CORP-MSN-AS-BLOCK
IE
whitelisted
1176
svchost.exe
192.229.221.95:80
ocsp.digicert.com
EDGECAST
US
whitelisted
1076
svchost.exe
184.28.89.167:443
go.microsoft.com
AKAMAI-AS
US
whitelisted

DNS requests

Domain
IP
Reputation
crl.microsoft.com
  • 2.16.164.49
  • 2.16.164.120
whitelisted
www.microsoft.com
  • 95.101.149.131
whitelisted
google.com
  • 216.58.206.46
whitelisted
www.bing.com
  • 2.23.209.177
  • 2.23.209.179
  • 2.23.209.150
  • 2.23.209.182
  • 2.23.209.133
  • 2.23.209.176
  • 2.23.209.140
  • 2.23.209.161
  • 2.23.209.149
whitelisted
ocsp.digicert.com
  • 192.229.221.95
whitelisted
login.live.com
  • 40.126.31.67
  • 20.190.159.75
  • 20.190.159.73
  • 20.190.159.4
  • 20.190.159.68
  • 40.126.31.69
  • 20.190.159.64
  • 40.126.31.71
whitelisted
go.microsoft.com
  • 184.28.89.167
whitelisted
settings-win.data.microsoft.com
  • 4.231.128.59
whitelisted
www.pcoptimizerpro.com
  • 50.63.8.124
malicious
ocsp.comodoca.com
  • 104.18.38.233
  • 172.64.149.23
whitelisted

Threats

PID
Process
Class
Message
7144
PCOptimizerPro.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
7144
PCOptimizerPro.exe
Misc activity
ET INFO Observed ZeroSSL SSL/TLS Certificate
7144
PCOptimizerPro.exe
A Network Trojan was detected
ET USER_AGENTS Suspicious User Agent (Microsoft Internet Explorer)
Process
Message
regsvr32.exe
HKCR { NoRemove CLSID { ForceRemove {203ABD21-41F1-4F1B-BAE3-D6A89A90D239} = s 'PCProCtxMenu Class' { InprocServer32 = s 'C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll' { val ThreadingModel = s 'Apartment' } } } NoRemove * { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } NoRemove lnkfile { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } }
regsvr32.exe
HKCR { NoRemove CLSID { ForceRemove {203ABD21-41F1-4F1B-BAE3-D6A89A90D239} = s 'PCProCtxMenu Class' { InprocServer32 = s 'C:\Program Files\PC Optimizer Pro\PCOptProCtxMenu.dll' { val ThreadingModel = s 'Apartment' } } } NoRemove * { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } NoRemove lnkfile { NoRemove ShellEx { NoRemove ContextMenuHandlers { ForceRemove PCProCtxMenu = s '{203ABD21-41F1-4F1B-BAE3-D6A89A90D239}' } } } }
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PCOptimizerProInstaller.exe