home

fst_jp_71.exe

TUTO4PC COM INTERNATIONAL SL

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application fst_jp_71.exe by TUTO4PC COM INTERNATIONAL SL has been detected as adware by 16 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘fst_jp_71’. While running, it connects to the Internet address p072.net042127234.broadline.ne.jp on port 80 using the HTTP protocol.
Publisher:
TUTO4PC COM INTERNATIONAL SL  (signed and verified)

MD5:
1a40b5e92d5eab15f74180fc8c420694

SHA-1:
1713844a6368065961de746c2428811d987d5d9c

SHA-256:
171bedac3d351f3eee04520c9b4d437dadcb55b24a5c4438f256f6d9e4e96be8

Scanner detections:
16 / 68

Status:
Adware

Analysis date:
4/25/2024 4:40:49 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Eorezo.BA
983

avast!
Win32:Eorezo-CD [PUP]
2014.9-140527

AVG
Generic5.APLC
2014.0.3950

Bitdefender
Adware.Eorezo.BA
1.0.20.735

Dr.Web
Adware.Eorezo.28
9.0.1.05190

Emsisoft Anti-Malware
Adware.Eorezo.BA
8.14.05.27.08

ESET NOD32
Win32/AdWare.EoRezo.AU application
7.0.302.0

F-Secure
Adware.Eorezo.BA
11.2014-27-05_3

G Data
Adware.Eorezo.BA
14.5.24

IKARUS anti.virus
AdWare.Win32.EoRezo
t3scan.1.6.1.0

Malwarebytes
Adware.Tuto4PC
v2014.05.27.08

MicroWorld eScan
Adware.Eorezo.BA
15.0.0.441

NANO AntiVirus
Trojan.Win32.EoRezo.cumlzb
0.28.0.59921

nProtect
Adware.Eorezo.BA
14.05.27.01

Reason Heuristics
PUP.Startup.TUTO4PCCOMINTERNATIONALSL.J
14.8.8.3

VIPRE Antivirus
Threat.4895339
29560

File size:
3.8 MB (3,983,824 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\Program Files\fst_jp_71\fst_jp_71.exe

Digital Signature
Signed by:
TUTO4PC COM INTERNATIONAL SL

Authority:
GlobalSign nv-sa

Valid from:
6/26/2013 9:19:10 PM

Valid to:
6/27/2014 9:19:10 PM

Subject:
E=contact@tutoriales100.com, CN=TUTO4PC COM INTERNATIONAL SL, O=TUTO4PC COM INTERNATIONAL SL, L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E6FBF47B55F81EDBA70D3D2CA03E568F

File PE Metadata
Compilation timestamp:
3/24/2014 9:42:31 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:nTTjJA0WPEX4j80Nr5bz9vCUIn/rXFwrzkhHDcUDagvzpZwhmCdHlJdfudcD:/jX4j+TMzsPWu2dHlJAq

Entry address:
0x1DCAC4

Entry point:
E8, 99, B4, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 6A, 0A, 6A, 00, FF, 75, 08, E8, AB, 60, 00, 00, 83, C4, 0C, 5D, C3, 8B, FF, 55, 8B, EC, 5D, E9, DF, FF, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, 6F, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 47, 87, 00, 00, 8B, C6, E9, B4, 00, 00, 00, 57, 39, 5D, 08, 77, 16, E8, 53, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 2B, 87, 00, 00, 8B, C6, E9, 97, 00, 00, 00, 33, C9, 39, 5D, 10, 66, 89, 0E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, 2C, 41...
 
[+]

Entropy:
6.6323

Code size:
2.9 MB (2,994,176 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
fst_jp_71

Command:
"C:\Program Files\fst_jp_71\fst_jp_71.exe"


The executing file has been seen to make the following network communications in live environments.

TCP (HTTP):
Connects to p072.net042127234.broadline.ne.jp  (42.127.234.72:80)

TCP (HTTP):
Connects to mpr2.ngd.vip.kr3.yahoo.com  (119.161.22.34:80)

TCP (HTTP):
Connects to ad13.cloud4ads.com  (94.23.19.9:80)

TCP (HTTP):
Connects to 188-165-42-238.ovh.net  (188.165.42.238:80)

Remove fst_jp_71.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.