home

pctutobho.dll

PcTutoBHO

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The module pctutobho.dll by Agence Exclusive has been detected as a potentially unwanted program by 24 anti-malware scanners. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘PCTBHO’.
Publisher:
PcTuto  (signed by Agence Exclusive)

Product:
PcTutoBHO

Description:
...

Version:
1.0.0.0

MD5:
890f5943982eb7bfd6cbb8acea40dad1

SHA-1:
283513478076b87e93b59adb9c8df07c3ac732c4

SHA-256:
e14a33fb59e6cd078f7c14039eef96d6a69357c34f5932d5b29adc9ec8c152e4

Scanner detections:
24 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 10:20:57 AM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Adware.Agent.NHR
714

Agnitum Outpost
Riskware.Adware
7.1.1

Avira AntiVirus
Adware/Agent.NHR.4
7.11.125.70

AVG
MalSign.Adware
2016.0.3192

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.15221

Bitdefender
Adware.Agent.NHR
1.0.20.260

Bkav FE
W32.Clod539.Trojan
1.3.0.4613

Clam AntiVirus
Adware.Agent-5200
0.98/18155

Comodo Security
UnclassifiedMalware
17612

Emsisoft Anti-Malware
Adware.Agent.NHR
8.15.02.21.09

ESET NOD32
Win32/Adware.EoRezo.AE (variant)
9.9291

Fortinet FortiGate
W32/Adware_fam.NB
2/21/2015

F-Secure
Adware.Agent.NHR
11.2015-21-02_7

G Data
Adware.Agent.NHR
15.2.24

IKARUS anti.virus
AdWare.Agent
t3scan.2.2.29

K7 AntiVirus
Unwanted-Program
13.175.10837

Malwarebytes
Adware.Eorezo
v2015.02.21.09

McAfee
Artemis!890F5943982E
5600.6848

MicroWorld eScan
Adware.Agent.NHR
16.0.0.156

nProtect
Adware.Agent.NHR
14.01.14.02

Reason Heuristics
PUP.BHO.AgenceExclusive
15.2.21.9

Sophos
EoRezo Adware
4.96

Trend Micro House Call
TROJ_GEN.R006B01J513
7.2.52

VIPRE Antivirus
Adware.Eorezo
25448

File size:
223.6 KB (228,992 bytes)

Product version:
1.0.0.0

Copyright:
(c) PcTuto SAS. All rights reserved.

Original file name:
AgenceBHO.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\agence-exclusive\pctutobho.dll

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 1:00:00 AM

Valid to:
1/23/2012 12:59:59 AM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
9/27/2011 10:25:09 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:F5y2MBD+NKBqD/O/tJ6WugufQ8dpBpracAk9dUwr73xmb1t5u0Kfc:gD+NKBg/O/Tu4sagIhZd

Entry address:
0x12C9A

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 00, 5B, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, 74, 69, 02, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 42, 02, 10, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28...
 
[+]

Code size:
140 KB (143,360 bytes)

Internet Explorer BHO
Display name:
PCTBHO

CLSID:
{293A63F7-C3B6-423a-9845-901AC0A7EE6E}

CLSID name:
PCTBHO Class


Remove pctutobho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.