home

pctuto_01net_pdfcreator.exe

PCTuto

Agence Exclusive

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The application pctuto_01net_pdfcreator.exe, “PCTuto Setup ” by Agence Exclusive has been detected as a potentially unwanted program by 20 anti-malware scanners. The program is a setup application that uses the Inno Setup installer. This browser extension displays targeted advertising by monitoring the URLs viewed in the web browser. The file has been seen being downloaded from soft.telecharger.com.
Publisher:
Agence-Exclusive   (signed by Agence Exclusive)

Product:
PCTuto

Description:
PCTuto Setup

MD5:
2d5a1a64a8f1743a4cda536f9cf1f7d2

SHA-1:
ab094b3727a9fa214d758fa6aaad25fc396ef87c

SHA-256:
d5a1ee20fb36e97c96bb6fd4aec4daad7ab4687c83eb43e267b98b2b27629207

Scanner detections:
20 / 68

Status:
Potentially unwanted

Analysis date:
4/27/2024 3:34:28 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/EoRezo.P.1
7.11.67.200

avast!
Win32:Eorezo-AU [PUP]
2014.9-150221

AVG
Suspicion: unknown virus
2016.0.3192

Bitdefender
Adware.Agent.NHR
1.0.20.260

Clam AntiVirus
Adware.Agent-5200
0.98/18155

Emsisoft Anti-Malware
Adware.Agent.NHR
8.15.02.21.09

ESET NOD32
Win32/Adware.EoRezo (variant)
9.8173

Fortinet FortiGate
Adware/Adload
2/21/2015

F-Secure
Adware.Agent.NHR
11.2015-21-02_7

G Data
Adware.Agent.NHR
15.2.22

IKARUS anti.virus
AdWare.Eorezo
t3scan.2.0.0.0

Kaspersky
not-a-virus:AdWare.Win32.AdLoad
14.0.0.2453

Malwarebytes
Trojan.Eorezo
v2015.02.21.09

Microsoft Security Essentials
Adware:Win32/EoRezo
1.163.1557.0

MicroWorld eScan
Adware.Agent.NHR
16.0.0.156

nProtect
Adware.Agent.NHR
13.03.28.01

Reason Heuristics
PUP.Installer.AgenceExclusive
15.2.21.9

Trend Micro House Call
TROJ_GEN.RCBCDAG
7.2.52

Trend Micro
TROJ_GEN.RCBCDAG
10.465.21

VIPRE Antivirus
Trojan.Win32.Generic
16364

File size:
3.6 MB (3,725,368 bytes)

File type:
Executable application (Win32 EXE)

Installer:
Inno Setup

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\pctuto_01net_pdfcreator.exe

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 1:00:00 AM

Valid to:
1/23/2012 12:59:59 AM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
10/30/2010 10:54:54 PM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
98304:OqyLRPBwxUy6WyO5J8KCLLpm+MNLASdyjEu3ChQ5:D0UgqKLNm+zAuShA

Entry address:
0x16478

Entry point:
55, 8B, EC, 83, C4, A4, 53, 56, 57, 33, C0, 89, 45, C4, 89, 45, C0, 89, 45, A4, 89, 45, D0, 89, 45, C8, 89, 45, CC, 89, 45, D4, 89, 45, D8, 89, 45, EC, B8, B0, 52, 41, 00, E8, AC, 03, FF, FF, 33, C0, 55, 68, 45, 6B, 41, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 01, 6B, 41, 00, 64, FF, 32, 64, 89, 22, A1, 48, AB, 41, 00, E8, 4E, EC, FF, FF, E8, F5, E7, FF, FF, 8D, 55, EC, 33, C0, E8, 7F, 84, FF, FF, 8B, 55, EC, B8, AC, D6, 41, 00, E8, E2, E9, FE, FF, 6A, 02, 6A, 00, 6A, 01, 8B, 0D, AC, D6, 41, 00, B2, 01...
 
[+]

Developed / compiled with:
Microsoft Visual C++

Code size:
84 KB (86,016 bytes)

The file pctuto_01net_pdfcreator.exe has been seen being distributed by the following URL.

http://soft.telecharger.com/pctuto_01net_pdfcreator.exe

Remove pctuto_01net_pdfcreator.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.