fst_br_47.exe

Tuto4PC.com

The application fst_br_47.exe by Tuto4PC.com has been detected as adware by 19 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘fst_br_47’.
Publisher:
Tuto4PC.com  (signed and verified)

MD5:
167e1f0d72efff88e5e1424757dbfd9f

SHA-1:
3e4a29125291b256c3fbacb8eee995801c08c2fd

SHA-256:
197f0d53c797d5f6da198b82930c8a53a84eb9dbcc03d72b546e712a709f0e76

Scanner detections:
19 / 68

Status:
Adware

Analysis date:
8/8/2014 7:21:45 AM UTC  (three months ago)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Gen:Variant.Adware.Graftor.125163
1101

avast!
Win32:Eorezo-BV [PUP]
2014.9-140129

Bitdefender
Gen:Variant.Adware.Graftor.125163
1.0.20.145

Comodo Security
ApplicUnwnt
17695

Emsisoft Anti-Malware
Gen:Variant.Adware.Graftor.125163
8.14.01.29.11

ESET NOD32
Win32/Adware.EoRezo.AT (variant)
8.9355

Fortinet FortiGate
Riskware/EoRezo
1/29/2014

F-Secure
Gen:Variant.Adware.Graftor.125163
11.2014-29-01_4

G Data
Gen:Variant.Adware.Graftor.125163
14.1.24

IKARUS anti.virus
AdWare.Win32.EoRezo
t3scan.2.2.29

Kingsoft AntiVirus
Win32.Troj.Generic.a.(kcloud)
331020.49267

Malwarebytes
Adware.Tuto4PC
v2014.01.29.11

McAfee
Artemis!167E1F0D72EF
5600.7235

McAfee Web Gateway
Artemis!167E1F0D72EF
7.7235

MicroWorld eScan
Gen:Variant.Adware.Graftor.125163
15.0.0.87

Reason Heuristics
PUP.Startup.Tuto4PC.J
14.8.8.3

Sophos
Eorezo
4.97

Trend Micro House Call
TROJ_GEN.F47V0127
7.2.29

VIPRE Antivirus
Trojan.Win32.Generic
25950

File size:
3.8 MB (3,998,152 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\fst_br_47\fst_br_47.exe

Digital Signature
Signed by:

Authority:
GlobalSign nv-sa

Valid from:
11/5/2013 2:27:40 PM

Valid to:
11/6/2014 2:27:40 PM

Subject:
E=contact@tuto4pc.com, CN=Tuto4PC.com, O=Tuto4PC.com, L=Paris, S=Ile-De-France, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DD93F3AC652F954C795B593955887E31

File PE Metadata
Compilation timestamp:
1/16/2014 7:28:58 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:vXMfTX2DAkXEHGQe+wZoAmZjkvUWMIWBmA7DWmChN1IjKaWf0Qc2oRWWu3w6X:yRGQBhmNA7aNc/bRWWuA6X

Entry address:
0x1E0184

Entry point:
E8, E9, B5, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, AB, 60, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, 6F, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 47, 87, 00, 00, 8B, C6, E9, B4, 00, 00, 00, 57, 39, 5D, 08, 77, 16, E8, 53, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 2B, 87, 00, 00, 8B, C6, E9, 97, 00, 00, 00, 33, C9, 39, 5D, 10, 66, 89, 0E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, 2C, 41...
 
[+]

Code size:
2.9 MB (3,008,000 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
fst_br_47

Command:
"C:\Program Files\fst_br_47\fst_br_47.exe"


22 / 68    (Adware)
webinstall_es.exe (by eoRezo)  (424d88948b2c808b9cebe5e456a7266becfefe88)

2 / 68      (Adware)
webinstaller.exe  (b8612a0de65e9b9dd228ffbc1dba2d33c906bc39)

2 / 68      (Adware)
setup_EoBureau_eo.exe  (c98e35427da72e5731b3efe164ce36ab6ea398f8)

2 / 68      (Adware)
setup_eoweather_eo.exe  (6bf047b7a687fa96ff16cfa7109bd037cc4de8a6)

21 / 68    (Adware)
tuto4pc.exe  (616bcdaa8b0d3c4a0d081e8141ffe869bfbacc19)

2 / 68      (Adware)
tuto_ccleaner_tuto4pc.exe  (e0a9cd126eefa9d06bae5e37d937d3331502e00e)

4 / 68      (Adware)
tuto_flash_tuto4pc.exe  (794c799cdaf68712e515ac3e1966b7b54ff39bef)

3 / 68      (Adware)
tuto_photoshop_06_tuto4pc.exe  (c940bb0799bc32087aeeb75f61febab071a4e9b6)

2 / 68      (Adware)
tuto_itunes_02_tuto4pc.exe  (6f37d24df548a24897661545b6cf96ed5e68e211)

2 / 68      (Adware)
tuto_utorrent_01_tuto4pc.exe  (61dfac07c4e0b50bb71d526c2bbecaec0b588243)

Detection Incidence by Country