File name:

PCOptimizerPro.exe

Full analysis: https://app.any.run/tasks/cfa0e082-0348-4680-bb93-10090ddb6506
Verdict: Malicious activity
Analysis date: March 08, 2024, 19:23:22
OS: Windows 7 Professional Service Pack 1 (build: 7601, 32 bit)
Indicators:
MIME: application/x-dosexec
File info: PE32 executable (GUI) Intel 80386, for MS Windows
MD5:

AB47498C978644826AD9B14F2DEAF00D

SHA1:

903BAC65D7406B5D558B785DBC7C08427B9EE1DB

SHA256:

949E5D08A6B24724C77EF9834A352C0B7D57DAFD626DE86210893B5F0EF01487

SSDEEP:

98304:hYu03L8WwDALKRvP9ObccmaXjEi3UuK5c80EE+BqygumEciAQXtrRrP/EYrOi1WU:NoImrq56tAx

ANY.RUN is an interactive service which provides full access to the guest system. Information in this report could be distorted by user actions and is provided for user acknowledgement as it is. ANY.RUN does not guarantee maliciousness or safety of the content.

  • MALICIOUS

    • Drops the executable file immediately after the start

      • PCOptimizerPro.exe (PID: 1776)
      • is-D064Q.tmp (PID: 2964)

    • Creates a writable file in the system directory

      • is-D064Q.tmp (PID: 2964)

    • Scans artifacts that could help determine the target

      • pcoptimizer.exe (PID: 2256)

  • SUSPICIOUS

    • Executable content was dropped or overwritten

      • PCOptimizerPro.exe (PID: 1776)
      • is-D064Q.tmp (PID: 2964)

    • Reads the Windows owner or organization settings

      • is-D064Q.tmp (PID: 2964)
      • pcoptimizer.exe (PID: 2256)

    • Process drops legitimate windows executable

      • is-D064Q.tmp (PID: 2964)

    • Creates/Modifies COM task schedule object

      • _RegDLL.tmp (PID: 3212)
      • _RegDLL.tmp (PID: 3992)
      • _RegDLL.tmp (PID: 2120)
      • _RegDLL.tmp (PID: 3956)
      • _RegDLL.tmp (PID: 1692)
      • _RegDLL.tmp (PID: 3960)
      • _RegDLL.tmp (PID: 2408)
      • _RegDLL.tmp (PID: 2792)
      • _RegDLL.tmp (PID: 2908)
      • _RegDLL.tmp (PID: 2672)
      • _RegDLL.tmp (PID: 116)
      • _RegDLL.tmp (PID: 3996)

    • Reads the BIOS version

      • pcoptimizer.exe (PID: 2256)

    • Checks for Java to be installed

      • pcoptimizer.exe (PID: 2256)

    • Creates file in the systems drive root

      • pcoptimizer.exe (PID: 2256)

    • Reads Mozilla Firefox installation path

      • pcoptimizer.exe (PID: 2256)

    • Checks for the .NET to be installed

      • pcoptimizer.exe (PID: 2256)

    • Reads Microsoft Outlook installation path

      • pcoptimizer.exe (PID: 2256)

  • INFO

    • Checks supported languages

      • PCOptimizerPro.exe (PID: 1776)
      • is-D064Q.tmp (PID: 2964)
      • _RegDLL.tmp (PID: 3212)
      • _RegDLL.tmp (PID: 3992)
      • _RegDLL.tmp (PID: 2120)
      • _RegDLL.tmp (PID: 3956)
      • _RegDLL.tmp (PID: 1692)
      • _RegDLL.tmp (PID: 3960)
      • _RegDLL.tmp (PID: 2408)
      • _RegDLL.tmp (PID: 2908)
      • _RegDLL.tmp (PID: 2672)
      • _RegDLL.tmp (PID: 116)
      • _RegDLL.tmp (PID: 3996)
      • pcoptimizer.exe (PID: 2256)
      • _RegDLL.tmp (PID: 2792)
      • wmpnscfg.exe (PID: 2244)

    • Create files in a temporary directory

      • PCOptimizerPro.exe (PID: 1776)
      • is-D064Q.tmp (PID: 2964)
      • pcoptimizer.exe (PID: 2256)

    • Reads the computer name

      • is-D064Q.tmp (PID: 2964)
      • _RegDLL.tmp (PID: 3212)
      • _RegDLL.tmp (PID: 3992)
      • _RegDLL.tmp (PID: 1692)
      • _RegDLL.tmp (PID: 2120)
      • _RegDLL.tmp (PID: 3956)
      • _RegDLL.tmp (PID: 3960)
      • _RegDLL.tmp (PID: 2408)
      • _RegDLL.tmp (PID: 2908)
      • _RegDLL.tmp (PID: 2672)
      • _RegDLL.tmp (PID: 2792)
      • _RegDLL.tmp (PID: 116)
      • _RegDLL.tmp (PID: 3996)
      • pcoptimizer.exe (PID: 2256)
      • wmpnscfg.exe (PID: 2244)

    • Creates files in the program directory

      • is-D064Q.tmp (PID: 2964)
      • pcoptimizer.exe (PID: 2256)

    • Creates files or folders in the user directory

      • is-D064Q.tmp (PID: 2964)

    • Reads mouse settings

      • _RegDLL.tmp (PID: 116)
      • _RegDLL.tmp (PID: 3996)
      • pcoptimizer.exe (PID: 2256)

    • Creates a software uninstall entry

      • is-D064Q.tmp (PID: 2964)

    • Reads Windows Product ID

      • pcoptimizer.exe (PID: 2256)

    • Reads the machine GUID from the registry

      • pcoptimizer.exe (PID: 2256)

    • Reads Microsoft Office registry keys

      • pcoptimizer.exe (PID: 2256)

    • Reads CPU info

      • pcoptimizer.exe (PID: 2256)

    • Manual execution by a user

      • wmpnscfg.exe (PID: 2244)
Find more information about signature artifacts and mapping to MITRE ATT&CK™ MATRIX at the full report
No Malware configuration.

TRiD

.exe | Win32 Executable PowerBASIC/Win 9.x (51.2)
.exe | Inno Setup installer (37.9)
.exe | Win32 Executable Delphi generic (4.9)
.dll | Win32 Dynamic Link Library (generic) (2.2)
.exe | Win32 Executable (generic) (1.5)

EXIF

EXE

MachineType: Intel 386 or later, and compatibles
TimeStamp: 1992:06:19 22:22:17+00:00
ImageFileCharacteristics: No relocs, Executable, No line numbers, No symbols, Bytes reversed lo, 32-bit, Bytes reversed hi
PEType: PE32
LinkerVersion: 2.25
CodeSize: 36864
InitializedDataSize: 16896
UninitializedDataSize: -
EntryPoint: 0x98d8
OSVersion: 1
ImageVersion: -
SubsystemVersion: 4
Subsystem: Windows GUI
FileVersionNumber: 0.0.0.0
ProductVersionNumber: 0.0.0.0
FileFlagsMask: 0x003f
FileFlags: (none)
FileOS: Win32
ObjectFileType: Executable application
FileSubtype: -
LanguageCode: English (U.S.)
CharacterSet: Windows, Latin1
Comments: This installation was built with Inno Setup: http://www.innosetup.com
CompanyName: PC Optimizer Pro
FileDescription: PC Optimizer Pro Setup
FileVersion:
LegalCopyright:
No data.
screenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshotscreenshot
All screenshots are available in the full report
All screenshots are available in the full report
Total processes
57
Monitored processes
17
Malicious processes
4
Suspicious processes
2

Behavior graph

Click at the process to see the details
start pcoptimizerpro.exe is-d064q.tmp _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs _regdll.tmp no specs pcoptimizer.exe no specs wmpnscfg.exe no specs pcoptimizerpro.exe no specs

Process information

PID
CMD
Path
Indicators
Parent process
116_RegDLL.tmp 536 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1692_RegDLL.tmp 536 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
1776"C:\Users\admin\Desktop\PCOptimizerPro.exe" C:\Users\admin\Desktop\PCOptimizerPro.exe
explorer.exe
User:
admin
Company:
PC Optimizer Pro
Integrity Level:
HIGH
Description:
PC Optimizer Pro Setup
Exit code:
0
Version:
Modules
Images
c:\users\admin\desktop\pcoptimizerpro.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\user32.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\oleaut32.dll
2120_RegDLL.tmp 648 536C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2160"C:\Users\admin\Desktop\PCOptimizerPro.exe" C:\Users\admin\Desktop\PCOptimizerPro.exeexplorer.exe
User:
admin
Company:
PC Optimizer Pro
Integrity Level:
MEDIUM
Description:
PC Optimizer Pro Setup
Exit code:
3221226540
Version:
Modules
Images
c:\users\admin\desktop\pcoptimizerpro.exe
c:\windows\system32\ntdll.dll
2244"C:\Program Files\Windows Media Player\wmpnscfg.exe"C:\Program Files\Windows Media Player\wmpnscfg.exeexplorer.exe
User:
admin
Company:
Microsoft Corporation
Integrity Level:
MEDIUM
Description:
Windows Media Player Network Sharing Service Configuration Application
Exit code:
0
Version:
12.0.7600.16385 (win7_rtm.090713-1255)
Modules
Images
c:\program files\windows media player\wmpnscfg.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\advapi32.dll
c:\windows\system32\sechost.dll
c:\windows\system32\rpcrt4.dll
2256"C:\Program Files\PC Optimizer Pro\pcoptimizer.exe"C:\Program Files\PC Optimizer Pro\pcoptimizer.exeis-D064Q.tmp
User:
admin
Company:
pc optimizer pro
Integrity Level:
HIGH
Exit code:
0
Version:
4.03.0006
Modules
Images
c:\program files\pc optimizer pro\pcoptimizer.exe
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\system32\ole32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2408_RegDLL.tmp 536 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2672_RegDLL.tmp 656 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
2792_RegDLL.tmp 656 648C:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpis-D064Q.tmp
User:
admin
Integrity Level:
HIGH
Exit code:
479930586
Modules
Images
c:\users\admin\appdata\local\temp\is-4kj2h.tmp\_isetup\_regdll.tmp
c:\windows\system32\ntdll.dll
c:\windows\system32\kernel32.dll
c:\windows\system32\kernelbase.dll
c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.24483_none_2b200f664577e14b\comctl32.dll
c:\windows\system32\msvcrt.dll
c:\windows\system32\gdi32.dll
c:\windows\system32\user32.dll
c:\windows\system32\lpk.dll
c:\windows\system32\usp10.dll
Total events
89 836
Read events
89 191
Write events
477
Delete events
168

Modification events

(PID) Process:(3212) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7325c922-bb81-47b0-8b2f-a5f8605e242f}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Both
(PID) Process:(3992) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{BD4610FD-77F8-4F45-8CA2-433791E82980}\TypeLib
Operation:writeName:Version
Value:
1.0
(PID) Process:(3992) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{77B48A6F-7A2B-4E81-AC1E-C1DC5E5BF045}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(2120) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{26A018C5-8C39-446A-B35A-3A74BF7FC83F}\TypeLib
Operation:writeName:Version
Value:
3.0
(PID) Process:(2120) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB22F9CE-4AE6-441B-8808-735882C87D50}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}
Operation:delete keyName:(default)
Value:
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F9043C85-F6F2-101A-A3C9-08002B2F49FB}\InprocServer32
Operation:writeName:ThreadingModel
Value:
Apartment
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}
Operation:delete keyName:(default)
Value:
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA2-3FE5-101B-A3C9-08002B2F49FB}\InprocServer32
Operation:delete valueName:ThreadingModel
Value:
(PID) Process:(3956) _RegDLL.tmpKey:HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7629CFA4-3FE5-101B-A3C9-08002B2F49FB}
Operation:delete keyName:(default)
Value:
Executable files
51
Suspicious files
26
Text files
218
Unknown types
177

Dropped files

PID
Process
Filename
Type
2964is-D064Q.tmpC:\Users\admin\AppData\Local\Temp\is-4KJ2H.tmp\_isetup\_RegDLL.tmpexecutable
MD5:C594B792B9C556EA62A30DE541D2FB03
SHA256:5DCC1E0A197922907BCA2C4369F778BD07EE4B1BBBDF633E987A028A314D548E
1776PCOptimizerPro.exeC:\Users\admin\AppData\Local\Temp\is-MA6UU.tmp\is-D064Q.tmpexecutable
MD5:4FA180886FF7C0FD86A65F760EDE6318
SHA256:1D9026C60374B056720CDFCFA598A641CC8FBC9932590D69B4CFBC32CD09871C
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\AutoUpdate.exeexecutable
MD5:BE906030A677648FD114BCD645308F7F
SHA256:CC5F9B5C056906ACEF3EC93FF5B67213DF6BC1FB18C5300A8A8CDE6E17B69A66
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\Fileuninstaller.dllexecutable
MD5:531CE3EAC88B5DC92C2223D6875D8148
SHA256:F46AF8331356A7824A4D5E486CD724B0603BF490A4216C9B5D8F239BD557F571
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-73JHD.tmpexecutable
MD5:60106B27FCCE3E71EC8C8C757CC243E4
SHA256:36B35D811347138D0BA40434F0C70F4C4CEE3C066109A314202A453638854ABE
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\SysInfo.dllexecutable
MD5:D719BCC2F8A53B227346C4506FB65135
SHA256:4BC5E70B6C89F9F2DFD37B699C37A0088545118C2DC37B799C77ECB865CB29BE
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-6KO0U.tmpexecutable
MD5:D719BCC2F8A53B227346C4506FB65135
SHA256:4BC5E70B6C89F9F2DFD37B699C37A0088545118C2DC37B799C77ECB865CB29BE
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-0LB5S.tmpbinary
MD5:5F564176670E5D3619843CCEC7A7554A
SHA256:0EFBBBDBF24726DDA7DD724CFEABF7760FCBB9251F73848940BECE3D27DB5582
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\resiea.resbinary
MD5:5F564176670E5D3619843CCEC7A7554A
SHA256:0EFBBBDBF24726DDA7DD724CFEABF7760FCBB9251F73848940BECE3D27DB5582
2964is-D064Q.tmpC:\Program Files\PC Optimizer Pro\is-U9LKV.tmpexecutable
MD5:BE906030A677648FD114BCD645308F7F
SHA256:CC5F9B5C056906ACEF3EC93FF5B67213DF6BC1FB18C5300A8A8CDE6E17B69A66
Download PCAP, analyze network streams, HTTP content and a lot more at the full report
HTTP(S) requests
0
TCP/UDP connections
4
DNS requests
0
Threats
0

HTTP requests

No HTTP requests
Download PCAP, analyze network streams, HTTP content and a lot more at the full report

Connections

PID
Process
IP
Domain
ASN
CN
Reputation
4
System
192.168.100.255:137
whitelisted
224.0.0.252:5355
unknown
4
System
192.168.100.255:138
whitelisted
1080
svchost.exe
224.0.0.252:5355
unknown

DNS requests

No data

Threats

No threats detected
No debug info
Interactive malware hunting service ANY.RUN
© 2017-2025 ANY.RUN ALL RIGHTS RESERVED
ANY.RUN
Reports
PCOptimizerPro.exe