File name:

PCOptimizerPro.exe

Full analysis: https://app.any.run/tasks/cfa0e082-0348-4680-bb93-10090ddb6506
Verdict: Malicious activity
Analysis date: March 08, 2024, 19:23:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

AB47498C978644826AD9B14F2DEAF00D

SHA1:

903BAC65D7406B5D558B785DBC7C08427B9EE1DB

SHA256:

949E5D08A6B24724C77EF9834A352C0B7D57DAFD626DE86210893B5F0EF01487

SSDEEP:

98304:hYu03L8WwDALKRvP9ObccmaXjEi3UuK5c80EE+BqygumEciAQXtrRrP/EYrOi1WU:NoImrq56tAx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • PCOptimizerPro.exe (PID: 1776)
      • is-D064Q.tmp (PID: 2964)

    • Creates a writable file in the system directory

      • is-D064Q.tmp (PID: 2964)

    • Scans artifacts that could help determine the target

      • pcoptimizer.exe (PID: 2256)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • PCOptimizerPro.exe (PID: 1776)
      • is-D064Q.tmp (PID: 2964)

    • Reads the Windows owner or organization settings

      • is-D064Q.tmp (PID: 2964)
      • pcoptimizer.exe (PID: 2256)

    • Process drops legitimate windows executable

      • is-D064Q.tmp (PID: 2964)

    • Creates/Modifies COM task schedule object

      • _RegDLL.tmp (PID: 3212)
      • _RegDLL.tmp (PID: 3992)
      • _RegDLL.tmp (PID: 3960)
      • _RegDLL.tmp (PID: 2120)
      • _RegDLL.tmp (PID: 3956)
      • _RegDLL.tmp (PID: 1692)
      • _RegDLL.tmp (PID: 116)
      • _RegDLL.tmp (PID: 3996)
      • _RegDLL.tmp (PID: 2408)
      • _RegDLL.tmp (PID: 2672)
      • _RegDLL.tmp (PID: 2908)
      • _RegDLL.tmp (PID: 2792)

    • Reads the BIOS version

      • pcoptimizer.exe (PID: 2256)

    • Checks for the .NET to be installed

      • pcoptimizer.exe (PID: 2256)

    • Reads Microsoft Outlook installation path

      • pcoptimizer.exe (PID: 2256)

    • Creates file in the systems drive root

      • pcoptimizer.exe (PID: 2256)

    • Reads Mozilla Firefox installation path

      • pcoptimizer.exe (PID: 2256)

    • Checks for Java to be installed

      • pcoptimizer.exe (PID: 2256)

  • INFO

    • Checks supported languages

      • PCOptimizerPro.exe (PID: 1776)
      • is-D064Q.tmp (PID: 2964)
      • _RegDLL.tmp (PID: 3212)
      • _RegDLL.tmp (PID: 3992)
      • _RegDLL.tmp (PID: 2120)
      • _RegDLL.tmp (PID: 116)
      • _RegDLL.tmp (PID: 3956)
      • _RegDLL.tmp (PID: 1692)
      • _RegDLL.tmp (PID: 3960)
      • _RegDLL.tmp (PID: 3996)
      • _RegDLL.tmp (PID: 2908)
      • pcoptimizer.exe (PID: 2256)
      • _RegDLL.tmp (PID: 2792)
      • _RegDLL.tmp (PID: 2408)
      • _RegDLL.tmp (PID: 2672)
      • wmpnscfg.exe (PID: 2244)

    • Create files in a temporary directory

      • PCOptimizerPro.exe (PID: 1776)
      • is-D064Q.tmp (PID: 2964)
      • pcoptimizer.exe (PID: 2256)

    • Reads the computer name

      • is-D064Q.tmp (PID: 2964)
      • _RegDLL.tmp (PID: 3212)
      • _RegDLL.tmp (PID: 3992)
      • _RegDLL.tmp (PID: 1692)
      • _RegDLL.tmp (PID: 3956)
      • _RegDLL.tmp (PID: 3960)
      • _RegDLL.tmp (PID: 116)
      • _RegDLL.tmp (PID: 2120)
      • _RegDLL.tmp (PID: 2408)
      • _RegDLL.tmp (PID: 2908)
      • _RegDLL.tmp (PID: 2672)
      • _RegDLL.tmp (PID: 2792)
      • _RegDLL.tmp (PID: 3996)
      • wmpnscfg.exe (PID: 2244)
      • pcoptimizer.exe (PID: 2256)

    • Creates files in the program directory

      • is-D064Q.tmp (PID: 2964)
      • pcoptimizer.exe (PID: 2256)

    • Creates files or folders in the user directory

      • is-D064Q.tmp (PID: 2964)

    • Reads mouse settings

      • _RegDLL.tmp (PID: 116)
      • _RegDLL.tmp (PID: 3996)
      • pcoptimizer.exe (PID: 2256)

    • Reads Microsoft Office registry keys

      • pcoptimizer.exe (PID: 2256)

    • Creates a software uninstall entry

      • is-D064Q.tmp (PID: 2964)

    • Reads the machine GUID from the registry

      • pcoptimizer.exe (PID: 2256)

    • Reads Windows Product ID

      • pcoptimizer.exe (PID: 2256)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2244)

    • Reads CPU info

      • pcoptimizer.exe (PID: 2256)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable PowerBASIC/Win 9.x (51.2)
.exe | Inno Setup installer (37.9)
.exe | Win32 Executable Delphi generic (4.9)
.dll | Win32 Dynamic Link Library (generic) (2.2)
.exe | Win32 Executable (generic) (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 36864
InitializedDataSize: 16896
UninitializedDataSize: -
EntryPoint: 0x98d8
OSVersion: 1
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: PC Optimizer Pro
FileDescription: PC Optimizer Pro Setup
FileVersion:
LegalCopyright:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
57
Monitored processes
17
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start pcoptimizerpro.exe is-d064q.tmp _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs pcoptimizer.exe no specs wmpnscfg.exe no specs pcoptimizerpro.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116_RegDLL.tmp 536 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1692_RegDLL.tmp 536 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1776"C:\Users\admin\Desktop\PCOptimizerPro.exe" C:\Users\admin\Desktop\PCOptimizerPro.exe
explorer.exe
User:
admin
Company:
PC Optimizer Pro
Integrity Level:
HIGH
Description:
PC Optimizer Pro Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\pcoptimizerpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2120_RegDLL.tmp 648 536C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2160"C:\Users\admin\Desktop\PCOptimizerPro.exe" C:\Users\admin\Desktop\PCOptimizerPro.exeexplorer.exe
User:
admin
Company:
PC Optimizer Pro
Integrity Level:
MEDIUM
Description:
PC Optimizer Pro Setup
Exit code:
3221226540
Version:
Modules
Images
c:\users\admin\desktop\pcoptimizerpro.exe
c:\windows\system32\ntdll.dll
2244"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2256"C:\Program Files\PC Optimizer Pro\pcoptimizer.exe"C:\Program Files\PC Optimizer Pro\pcoptimizer.exeis-D064Q.tmp
User:
admin
Company:
pc optimizer pro
Integrity Level:
HIGH
Exit code:
0
Version:
4.03.0006
Modules
Images
c:\program files\pc optimizer pro\pcoptimizer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2408_RegDLL.tmp 536 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2672_RegDLL.tmp 656 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2792_RegDLL.tmp 656 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
89 836
Read events
89 191
Write events
477
Delete events
168

Modification events

(PID) Process:(3212) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7325c922-bb81-47b0-8b2f-a5f8605e242f}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(3992) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD4610FD-77F8-4F45-8CA2-433791E82980}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3992) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B48A6F-7A2B-4E81-AC1E-C1DC5E5BF045}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(2120) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26A018C5-8C39-446A-B35A-3A74BF7FC83F}\TypeLib
Operation:writeName:Version
Value:
3.0
(PID) Process:(2120) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB22F9CE-4AE6-441B-8808-735882C87D50}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}
Operation:delete keyName:(default)
Value:
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}
Operation:delete keyName:(default)
Value:
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32
Operation:delete valueName:ThreadingModel
Value:
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}
Operation:delete keyName:(default)
Value:
Executable files
51
Suspicious files
26
Text files
218
Unknown types
177

Dropped files

PID
Process
Filename
Type
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-3IFLB.tmpexecutable
MD5:39D6465262DA114F0B4AC07F63B8D054
SHA256:633F4EA6CB92FE812C3BED0C6648F2387CBA0A7C8039CC99D91609D2EFC51A5D
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-P0OV1.tmptext
MD5:87AA38810989DDFA685539B5FA614E76
SHA256:EE753F548A07769BC635AFF7080559E479C81C3F7C0FCEF7BCB775C60205FE13
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-6KO0U.tmpexecutable
MD5:D719BCC2F8A53B227346C4506FB65135
SHA256:4BC5E70B6C89F9F2DFD37B699C37A0088545118C2DC37B799C77ECB865CB29BE
2964is-D064Q.tmpC:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_shfoldr.dllexecutable
MD5:92DC6EF532FBB4A5C3201469A5B5EB63
SHA256:9884E9D1B4F8A873CCBD81F8AD0AE257776D2348D027D811A56475E028360D87
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\srclient.dllexecutable
MD5:60106B27FCCE3E71EC8C8C757CC243E4
SHA256:36B35D811347138D0BA40434F0C70F4C4CEE3C066109A314202A453638854ABE
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-HVBUS.tmpexecutable
MD5:531CE3EAC88B5DC92C2223D6875D8148
SHA256:F46AF8331356A7824A4D5E486CD724B0603BF490A4216C9B5D8F239BD557F571
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\Fileuninstaller.dllexecutable
MD5:531CE3EAC88B5DC92C2223D6875D8148
SHA256:F46AF8331356A7824A4D5E486CD724B0603BF490A4216C9B5D8F239BD557F571
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-0LB5S.tmpbinary
MD5:5F564176670E5D3619843CCEC7A7554A
SHA256:0EFBBBDBF24726DDA7DD724CFEABF7760FCBB9251F73848940BECE3D27DB5582
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\SysInfo.dllexecutable
MD5:D719BCC2F8A53B227346C4506FB65135
SHA256:4BC5E70B6C89F9F2DFD37B699C37A0088545118C2DC37B799C77ECB865CB29BE
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\pcoptimizer.exeexecutable
MD5:32E0146A6545068C95ABBEF5A3485836
SHA256:38F47E8A8A9B03E79D8780D11EBCC41A8D535CF10F0CAEBA32779E73B2A1B959
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2026 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PCOptimizerPro.exe