home

pctutobho.dll

PCTUTOBHO

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The module pctutobho.dll by Agence Exclusive has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat.
Publisher:
PCTUTO  (signed by Agence Exclusive)

Product:
PCTUTOBHO

Description:
...

Version:
1.0.0.0

MD5:
110dfb1dfa4280e689b2486241eb918e

SHA-1:
901aad7e27e150d162f3b134feac8688558682bf

SHA-256:
e48e7405e837970ec9fc7ace2a42d02917f09a94682f0a644ce8c1e8e0004198

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
4/25/2024 11:33:10 PM UTC  (a few moments ago)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Eorezo (M)
16.9.26.20

File size:
223.6 KB (228,992 bytes)

Product version:
1.0.0.0

Copyright:
(c) PCTUTO SAS. All rights reserved.

Original file name:
AgenceBHO.dll

File type:
Dynamic link library (Win32 DLL)

Language:
English (United States)

Common path:
C:\Program Files\pctuto\pctutobho.dll

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 12:00:00 AM

Valid to:
1/22/2012 11:59:59 PM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
3/2/2011 3:53:38 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
3072:jeJ/xAWrM79owALWOxXuiOMhMd3cl3FfQv+Gewr73Hxzft5bmkFiesu:ZWrM79xAJhVFiNzb/ku

Entry address:
0x12BFA

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 00, 5B, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, EC, 63, 02, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 38, 42, 02, 10, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28...
 
[+]

Code size:
140 KB (143,360 bytes)

Remove pctutobho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.