home

package_optimizerprotl_installer_multilang.exe

optimizerprotl

Tuto4PC.com

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The application package_optimizerprotl_installer_multilang.exe, “optimizerprotl Setup ” by Tuto4PC.com has been detected as adware by 21 anti-malware scanners. The program is a setup application that uses the Eorezo Downloader installer. It is also typically executed from the user's temporary directory.
Publisher:
Software   (signed by Tuto4PC.com)

Product:
optimizerprotl

Description:
optimizerprotl Setup

MD5:
85a789894fd3252ad8b59b475edde4ee

SHA-1:
fa10083345efac8691e54e3bd7b45bf4ca268618

SHA-256:
9c83f2b49f80a3efb5bc4783b9102853c53682d68e7314915260b0a8b5fe5956

Scanner detections:
21 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 8:44:10 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Eorezo.BZ
800

AhnLab V3 Security
PUP/Win32.Eorezo
2014.11.14

Avira AntiVirus
ADWARE/EoRezo.Gen
7.11.185.62

avast!
Adware-ASG [PUP]
141119-1

AVG
Generic
2015.0.3278

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.141126

Bitdefender
Adware.Eorezo.BZ
1.0.20.1655

Dr.Web
Adware.Eorezo.414
9.0.1.05190

Emsisoft Anti-Malware
Adware.Eorezo.BZ
9.0.0.4570

ESET NOD32
Win32/AdWare.EoRezo.AW application
7.0.302.0

F-Secure
Adware.Eorezo.BZ
11.2014-27-11_5

G Data
Win32.Adware.Eorezo
14.11.24

IKARUS anti.virus
PUA.EoRezo
t3scan.1.8.3.0

K7 AntiVirus
Adware
13.185.14071

Malwarebytes
PUP.Optional.Tuto4PC.A
v2014.11.27.12

MicroWorld eScan
Adware.Eorezo.BZ
15.0.0.993

nProtect
Adware.Eorezo.BZ
14.11.26.01

Reason Heuristics
PUP.Installer.Tuto4PC.k
14.11.26.14

Sophos
Generic PUA PK
4.98

SUPERAntiSpyware
Trojan.Agent/Gen-RemoteAdmin
10213

VIPRE Antivirus
Threat.4895339
34232

File size:
433.3 KB (443,648 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Eorezo Downloader (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\package_optimizerprotl_installer_multilang.exe

Digital Signature
Signed by:
Tuto4PC.com

Authority:
GlobalSign nv-sa

Valid from:
10/27/2014 7:32:39 AM

Valid to:
12/7/2015 10:27:40 AM

Subject:
E=contact@tuto4pc.com, CN=Tuto4PC.com, O=Tuto4PC.com, L=Paris, S=Ile-de-France, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11214E18677190942D49073E30C52D17C351

File PE Metadata
Compilation timestamp:
6/19/1992 5:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
12288:6QiG0Ulk7ajj2tmDkIp+MBTlPadSfXioRcpMXVJo:6QiR6jFkIwMBTlP0QjcpMXVJo

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9254

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.