» mbot_gb_278.exe
Overview
Analysis
File Details
Behaviors (1)

mbot_gb_278.exe

Tuto4PC.com

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application mbot_gb_278.exe by Tuto4PC.com has been detected as adware by 18 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘mbot_gb_278’.

File name:

mbot_gb_278.exe

Publisher:

Tuto4PC.com (signed and verified)

MD5:

a288238eee2ee214e6fc9968c0486fe0

SHA-1:

92b06a34c8545898a45a119c67b0a879436cbe00

Scanner detections:

18 / 68

Status:

Adware

Analysis date:

4/23/2024 9:30:44 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Eorezo.BZ

776

AhnLab V3 Security

PUP/Win32.Eorezo

2014.12.19

Avira AntiVirus

ADWARE/EoRezo.Gen4

7.11.196.146

avast!

Win32:Eorezo-CM [PUP]

2014.9-141221

AVG

Generic

2015.0.3254

Bitdefender

Adware.Eorezo.BZ

1.0.20.1775

Emsisoft Anti-Malware

Adware.Eorezo.BZ

8.14.12.21.10

ESET NOD32

Win32/AdWare.EoRezo.AU (variant)

8.10897

F-Prot

W32/S-24d3daaa

v6.4.7.1.166

F-Secure

Adware.Eorezo.BZ

11.2014-21-12_1

G Data

Adware.Eorezo.BZ

14.12.24

IKARUS anti.virus

AdWare.Win32.EoRezo

t3scan.1.8.5.0

K7 AntiVirus

Adware

13.188.14380

MicroWorld eScan

Adware.Eorezo.BZ

15.0.0.1065

nProtect

Adware.Eorezo.BZ

14.12.18.01

Panda Antivirus

Trj/Genetic.gen

14.12.21.10

Reason Heuristics

PUP.Startup.Tuto4PC.L

14.12.21.10

VIPRE Antivirus

Tuto4PC

35838

File size:

3.8 MB (3,975,848 bytes)

File type:

Executable application (Win32 EXE)

Common path:

C:\Program Files\mbot_gb_278\mbot_gb_278.exe

Digital Signature

Signed by:

Tuto4PC.com

Authority:

GlobalSign nv-sa

Valid from:

10/27/2014 12:32:39 PM

Valid to:

12/7/2015 4:27:40 PM

Subject:

E=contact@tuto4pc.com, CN=Tuto4PC.com, O=Tuto4PC.com, L=Paris, S=Ile-de-France, C=FR

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11214E18677190942D49073E30C52D17C351

File PE Metadata

Compilation timestamp:

12/16/2014 12:42:52 PM

OS version:

5.1

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

10.0

CTPH (ssdeep):

98304:PGRIpEjOFUYzOHGJOj5W51864UA7Z8hg+qzzLYLvTfLFEVSyVKtdYcfaPPI03DN4:P+BHGFW+hqzILTG7cfaPg06

Entry address:

0x1DB874

Entry point:

E8, 99, B4, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, 90, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 68, 87, 00, 00, 8B, C6, E9, B4, 00, 00, 00, 57, 39, 5D, 08, 77, 16, E8, 74, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 4C, 87, 00, 00, 8B, C6, E9, 97, 00, 00, 00, 33, C9, 39, 5D, 10, 66, 89, 0E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, 4D, 41, 00, 00, 6A, 22, EB, D7, 8B, 4D, 0C, 83, C1, FE, 83, F9, 22, 77, C5, 8B, CE, 39, 5D, 10, 74, 0E, 6A, 2D, 59, 33, DB, 66, 89, 0E, 43... 
[+]

Entropy:

6.6375

Code size:

2.8 MB (2,987,520 bytes)

Startup File (All Users Run)

Registry location:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:

mbot_gb_278

Command:

"C:\Program Files\mbot_gb_278\mbot_gb_278.exe"

Remove mbot_gb_278.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.