home

pctuto.exe

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application pctuto.exe by Agence Exclusive has been detected as a potentially unwanted program by 25 anti-malware scanners. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘pctuto’.
Publisher:
PcTuto  (signed by Agence Exclusive)

Product:
PcTuto

Version:
10.0.0.0

MD5:
5e0810a04d2c9ac2dc79d1e6885f5805

SHA-1:
03424e5e924e04aeadcc7bd8e29a9357e7d0be58

SHA-256:
ffe1b005659009e779e0684f0763b441a32e4d5a5f5616632a40e8112faa4bd6

Scanner detections:
25 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 10:27:29 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NHR
714

Avira AntiVirus
Adware/Agent.NHR.9
7.11.169.160

avast!
Win32:Eorezo-AU [PUP]
2014.9-150221

AVG
Generic4
2016.0.3192

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.15221

Bitdefender
Adware.Agent.NHR
1.0.20.260

Clam AntiVirus
Adware.Agent-5200
0.98/21411

Comodo Security
UnclassifiedMalware
19335

Emsisoft Anti-Malware
Adware.Agent.NHR
8.15.02.21.09

ESET NOD32
Win32/Adware.EoRezo (variant)
9.10326

Fortinet FortiGate
W32/Adware_fam.NB
2/21/2015

F-Secure
Adware.Agent.NHR
11.2015-21-02_7

G Data
Adware.Agent.NHR
15.2.24

IKARUS anti.virus
AdWare.Agent
t3scan.1.7.5.0

Malwarebytes
PUP.Tuto4PC
v2015.02.21.09

McAfee
Artemis!5E0810A04D2C
5600.6848

MicroWorld eScan
Adware.Agent.NHR
16.0.0.156

NANO AntiVirus
Riskware.Win32.Riskware.dachen
0.28.2.61861

nProtect
Adware.Agent.NHR
14.08.27.01

Qihoo 360 Security
Win32/Virus.Adware.7c8
1.0.0.1015

Reason Heuristics
PUP.Startup.AgenceExclusive
15.2.21.9

Sophos
EoRezo Adware
4.98

Trend Micro House Call
TROJ_GEN.R0CBB01G914
7.2.52

VIPRE Antivirus
Trojan.Win32.Generic
32608

Zillya! Antivirus
Adware.EoRezo.Win32.2
2.0.0.1903

File size:
1015.6 KB (1,040,000 bytes)

Product version:
10.0.0.0

Copyright:
(c) Agence-Exclusive. All rights reserved.

Original file name:
Agence.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\Program Files\agence-exclusive\pctuto.exe

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 1:00:00 AM

Valid to:
1/23/2012 12:59:59 AM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
9/27/2011 10:25:51 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:D1oJKl+agSNxce5FX+UFgKsSfDHnLsTsFyqnuglBzImfxkCeE/WiEF:Dwvap0e5FXZFPsSf8TMy+uglBzZkCOi0

Entry address:
0x5FC2A

Entry point:
E8, E3, 84, 00, 00, E9, 17, FE, FF, FF, 55, 8B, EC, 56, 8B, 75, 14, 57, 33, FF, 3B, F7, 75, 04, 33, C0, EB, 65, 39, 7D, 08, 75, 1B, E8, 7E, 47, 00, 00, 6A, 16, 5E, 89, 30, 57, 57, 57, 57, 57, E8, 80, 17, 00, 00, 83, C4, 14, 8B, C6, EB, 45, 39, 7D, 10, 74, 16, 39, 75, 0C, 72, 11, 56, FF, 75, 10, FF, 75, 08, E8, 24, 18, 00, 00, 83, C4, 0C, EB, C1, FF, 75, 0C, 57, FF, 75, 08, E8, E3, 0D, 00, 00, 83, C4, 0C, 39, 7D, 10, 74, B6, 39, 75, 0C, 73, 0E, E8, 2F, 47, 00, 00, 6A, 22, 59, 89, 08, 8B, F1, EB, AD, 6A, 16...
 
[+]

Code size:
500 KB (512,000 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
pctuto

Command:
"C:\Program Files\agence-exclusive\pctuto.exe"


Remove pctuto.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.