home

pctutobho.dll

PcTutoBHO

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The module pctutobho.dll by Agence Exclusive has been detected as a potentially unwanted program by 24 anti-malware scanners.
Publisher:
PcTuto  (signed by Agence Exclusive)

Product:
PcTutoBHO

Description:
...

Version:
1.0.0.0

MD5:
9bf10ef23ced422f7c7db2ede5bfaa99

SHA-1:
0b75b217b6075f093dc711903250458e37375ebd

SHA-256:
bb24482d386234fabf6fa5a602569baa4356c2634a9ac5ca832ea32da1acf2cd

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
5/4/2024 9:25:56 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.EoRezo.P
544

Agnitum Outpost
Riskware.Adware
7.1.1

Avira AntiVirus
ADWARE/EoRezo.P.2
8.3.1.6

Arcabit
Adware.EoRezo.P
1.0.0.425

AVG
Adware
2016.0.3022

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.1589

Bitdefender
Adware.EoRezo.P
1.0.20.1105

Bkav FE
W32.HfsAdware
1.3.0.6979

Clam AntiVirus
Adware.Agent-5200
0.98/21511

Comodo Security
UnclassifiedMalware
22642

Emsisoft Anti-Malware
Adware.EoRezo.P
8.15.08.09.04

ESET NOD32
Win32/Adware.EoRezo.AE (variant)
9.11877

Fortinet FortiGate
Riskware/EoRezo
8/9/2015

F-Secure
Adware.EoRezo.P
11.2015-09-08_1

G Data
Adware.EoRezo
15.8.25

IKARUS anti.virus
AdWare.Eorezo
t3scan.1.9.5.0

Malwarebytes
Adware.Eorezo
v2015.08.09.04

McAfee
Artemis!9BF10EF23CED
5600.6678

MicroWorld eScan
Adware.EoRezo.P
16.0.0.663

nProtect
Adware.EoRezo.P
15.07.02.01

Qihoo 360 Security
Win32/Trojan.Adware.37e
1.0.0.1015

Reason Heuristics
PUP.Eorezo.AgenceExclusive (M)
15.8.9.16

Trend Micro
TROJ_GEN.R047C0ECA15
10.465.09

VIPRE Antivirus
Adware.Eorezo
41642

File size:
223.6 KB (228,992 bytes)

Product version:
1.0.0.0

Copyright:
(c) PcTuto SAS. All rights reserved.

Original file name:
AgenceBHO.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 1:00:00 AM

Valid to:
1/23/2012 12:59:59 AM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
2/18/2011 6:27:23 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:NEyz1cLdeX4BEjzZNlkKruufVTVfF58eIr/1+Lwr737amt5KnDj:MdeX4BmzZA6fhyxRaf

Entry address:
0x12C0A

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 00, 5B, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 5C, 69, 02, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 42, 02, 10, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28...
 
[+]

Code size:
140 KB (143,360 bytes)

Remove pctutobho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.