home

autoupdater.exe

autoupdater

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application autoupdater.exe by Agence Exclusive has been detected as a potentially unwanted program by 8 anti-malware scanners.
Publisher:
Agence-Exclusive  (signed by Agence Exclusive)

Product:
autoupdater

Version:
2.0.0.0

MD5:
8bb80c36099c364bd04df2856757e7b7

SHA-1:
2fd3a2e840984d2ffa2ee14d9f2fa718f16ca244

SHA-256:
a0700646f0655194e420e1a09595511688b1bcc4d32ef1ac2d3948aad6692078

Scanner detections:
8 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 3:00:41 AM UTC  (today)

Scan engine
Detection
Engine version

AVG
Adware
2016.0.3192

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.15221

Clam AntiVirus
Adware.Agent-5200
0.98/21155

ESET NOD32
Win32/Adware.EoRezo (variant)
9.9903

Malwarebytes
PUP.Tuto4PC
v2015.02.21.09

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Startup.AgenceExclusive
15.2.21.9

Sophos
EoRezo Adware
4.98

File size:
655.6 KB (671,360 bytes)

Product version:
2.0.0.0

Copyright:
(c) PCTuto. All rights reserved.

Original file name:
autoupdater.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\agence-exclusive\agence-exclusive\autoupdater.exe

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 1:00:00 AM

Valid to:
1/23/2012 12:59:59 AM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
5/26/2011 10:34:10 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:rzGVbwPsgHQUJVDHrVFqnuilBzImfxkCeE/WiEn:utwPj3JBVF+uilBzZkCOiu

Entry address:
0x22166

Entry point:
E8, FF, 86, 00, 00, E9, 16, FE, FF, FF, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C, 24, 04, 2B, C1, C3, 8D, 41, FE, 8B, 4C, 24, 04, 2B, C1...
 
[+]

Code size:
248 KB (253,952 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
autoupdater

Command:
C:\users\{user}\appdata\roaming\agence-exclusive\agence-exclusive\autoupdater.exe -runonce


Remove autoupdater.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.