» setup_recover_fst_au_219.exe
Overview
Analysis
File Details

setup_recover_fst_au_219.exe

TUTO4PC COM INTERNATIONAL SL

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The application setup_recover_fst_au_219.exe by TUTO4PC COM INTERNATIONAL SL has been detected as adware by 22 anti-malware scanners. The program is a setup application that uses the Inno Setup installer.

File name:

Publisher:

TUTO4PC COM INTERNATIONAL SL (signed and verified)

MD5:

7f55fd5945a04e0705760463fa06add3

SHA-1:

27853d5f3469939669c7e93a6f158f9440afa560

SHA-256:

bdf3c2c0f9fc08b4874f2e9a2e645a8ac65a5bef1bccb227777692f452ed2a9c

Scanner detections:

22 / 68

Status:

Adware

Analysis date:

4/19/2024 2:04:33 AM UTC (today)

Scan engine

Detection

Engine version

Lavasoft Ad-Aware

Adware.Agent.OMA

836

AegisLab AV Signature

AdWare.W32.Eorezo

2.1.4+

AhnLab V3 Security

Win-PUP/EoRezo

2014.10.17

Avira AntiVirus

Adware/Agent.oma.4

7.11.179.12

avast!

Win32:Eorezo-CX [PUP]

2014.9-141022

AVG

Generic5

2015.0.3314

Baidu Antivirus

Adware.Win32.EoRezo

4.0.3.141022

Bitdefender

Adware.Agent.OMA

1.0.20.1475

Dr.Web

Adware.Downware.8084

9.0.1.0295

Emsisoft Anti-Malware

Adware.Agent.OMA

8.14.10.22.01

ESET NOD32

Win32/AdWare.EoRezo.AU (variant)

8.10576

Fortinet FortiGate

Riskware/EoRezo

10/22/2014

F-Secure

Adware.Agent.OMA

11.2014-22-10_4

G Data

Adware.Agent.OMA

14.10.24

Kaspersky

not-a-virus:AdWare.Win32.Eozo

14.0.0.3065

McAfee

Artemis!7F55FD5945A0

5600.6970

MicroWorld eScan

Adware.Agent.OMA

15.0.0.885

NANO AntiVirus

Trojan.Win32.EoRezo.dgguzh

0.28.2.62671

nProtect

Adware.Agent.OMA

14.10.16.01

Reason Heuristics

PUP.Installer.TUTO4PCCOMINTERNATIONALSL.Y

14.10.22.1

Sophos

Generic PUA GH

4.98

VIPRE Antivirus

Tuto4PC

33992

File size:

1.7 MB (1,745,168 bytes)

File type:

Executable application (Win32 EXE)

Installer:

Inno Setup

Language:

Language Neutral

Common path:

C:\users\{user}\appdata\local\fst_au_10\download\setup_recover_fst_au_219.exe

Digital Signature

Signed by:

TUTO4PC COM INTERNATIONAL SL

Authority:

GlobalSign nv-sa

Valid from:

6/3/2014 6:55:26 PM

Valid to:

7/28/2015 10:19:10 PM

Subject:

E=contact@tutoriales100.com, CN=TUTO4PC COM INTERNATIONAL SL, O=TUTO4PC COM INTERNATIONAL SL, L=BARCELONA, C=ES

Issuer:

CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:

1121C8382D4ADA7C0F9495915A4D5B4D8C97

File PE Metadata

Compilation timestamp:

6/20/1992 8:22:17 AM

OS version:

1.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

2.25

CTPH (ssdeep):

49152:A9x+iw7IInPKypEQQlJ1MHZSoN7Z9hvMgzkzJd:K45nPK3J69Z9hvqH

Entry address:

0xA5F8

Entry point:

55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55... 
[+]

Entropy:

7.9924

Packer / compiler:

Inno Setup v5.x - Installer Maker

Code size:

39.5 KB (40,448 bytes)

Remove setup_recover_fst_au_219.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.