home

package_block_installer_multilang.exe

Block

Tuto4PC.com

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The application package_block_installer_multilang.exe, “Block Setup ” by Tuto4PC.com has been detected as adware by 26 anti-malware scanners. The program is a setup application that uses the Eorezo Downloader installer. It is also typically executed from the user's temporary directory.
Publisher:
Software   (signed by Tuto4PC.com)

Product:
Block

Description:
Block Setup

MD5:
73d85c3627d59c1684308cd7e6258bb7

SHA-1:
517de7b12d463f1c081fdd40d18524278d8a7f94

SHA-256:
63a1fc90ed9acda745914b373d4124a29fc930fb290a706de83bcb9ba6bb7e12

Scanner detections:
26 / 68

Status:
Adware

Description:
This is an installer which may bundle legitimate applications with offers for additional 3rd-party applications that may be unwanted by the user. While the installer contains an 'opt-out' feature this is not set be defult and is usually overlooked.

Analysis date:
4/26/2024 4:43:23 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Eorezo.CB
356

AhnLab V3 Security
Win-PUP/EoRezo
2014.12.20

Avira AntiVirus
Adware/EoRezo.bond
7.11.196.218

avast!
Adware-ASG [PUP]
2014.9-160214

AVG
Generic
2017.0.2834

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.16214

Bitdefender
Adware.Eorezo.BZ
1.0.20.225

Bkav FE
W32.HfsAdware
1.3.0.6379

Clam AntiVirus
Win.Adware.Eorezo-91
0.98/21411

Dr.Web
Adware.Downware.3239
9.0.1.045

Emsisoft Anti-Malware
Adware.Eorezo.CB
8.16.02.14.09

ESET NOD32
Win32/AdWare.EoRezo.AW application
10.7.0.302.0

Fortinet FortiGate
Riskware/EoRezo
2/14/2016

F-Secure
Suspected infection: Adware.Eorezo.BZ
11.2016-14-02_1

G Data
Win32.Adware.Eorezo
16.2.24

IKARUS anti.virus
PUA.EoRezo
t3scan.1.7.5.0

K7 AntiVirus
Adware
13.183.13305

Kaspersky
not-a-virus:AdWare.Win32.Eorezo
14.0.0.663

Malwarebytes
PUP.Optional.Tuto4PC.A
v2016.02.14.09

MicroWorld eScan
Adware.Eorezo.BZ
17.0.0.135

Norman
Adware.Eorezo.BZ
11.20160214

nProtect
Adware.Eorezo.BZ
14.12.19.01

Quick Heal
PUA.AdwareEorezo.DC8
2.16.14.00

Reason Heuristics
PUP.Eorezo.Tuto4PC.Bundler (M)
16.2.14.9

Sophos
PUA 'EoRezo Adware' (of type Adware)
5.14

VIPRE Antivirus
Trojan.Win32.Generic
32766

File size:
416.1 KB (426,120 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Eorezo Downloader (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\package_block_installer_multilang.exe

Digital Signature
Signed by:
Tuto4PC.com

Authority:
GlobalSign nv-sa

Valid from:
11/5/2013 2:27:40 PM

Valid to:
11/6/2014 2:27:40 PM

Subject:
E=contact@tuto4pc.com, CN=Tuto4PC.com, O=Tuto4PC.com, L=Paris, S=Ile-De-France, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DD93F3AC652F954C795B593955887E31

File PE Metadata
Compilation timestamp:
6/19/1992 7:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:7QiGXCkNB5gatxlKhC2Iqjzva6WXd55yGMy:7QimCUBNXsItR

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

Remove package_block_installer_multilang.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.