home

tuto4pc.exe

Tuto4PC.com

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The application tuto4pc.exe, “Tuto4PC Setup ” by Tuto4PC.com has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Eorezo Downloader installer. This browser extension displays targeted advertising by monitoring the URLs viewed in the web browser. The file has been seen being downloaded from dlfr.tuto4pc.com.
Publisher:
Tuto4PC   (signed by Tuto4PC.com)

Product:
Tuto4PC

Description:
Tuto4PC Setup

MD5:
37a745394fb124b0dd85677e151365d9

SHA-1:
980a6f0c8741a0a7e279df9f1901201f8b8d0f0f

SHA-256:
36ce660e6e5094c2033d72b76a9e2d286e4da56cc4e3175e60c947d54e0fc469

Scanner detections:
19 / 68

Status:
Adware

Description:
This is also known as bundleware, or downloadware, which is an downloader designed to simply deliver ad-supported offers in the setup routine of an otherwise legitimate software.

Analysis date:
4/19/2024 10:09:19 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/PcTuto.A
7.11.84.204

avast!
Win32:Adware-ASG [PUP]
2014.9-131117

Bitdefender
Application.Generic.408133
1.0.20.1605

Boost by Reason
Optional.Tuto4PC.H
188838

Comodo Security
ApplicUnwnt
16432

Emsisoft Anti-Malware
Application.Generic.408133
8.13.11.17.12

ESET NOD32
Win32/Adware.EoRezo.AC (variant)
7.8450

Fortinet FortiGate
Riskware/EoRezo
11/17/2013

F-Secure
Application.Generic.408133
11.2013-17-11_1

G Data
Application.Generic.408133
13.11.22

IKARUS anti.virus
Win32.SuspectCrc
t3scan.2.0.3.0

Malwarebytes
Adware.Eorezo
v2013.11.17.12

Microsoft Security Essentials
Adware:Win32/EoRezo
1.163.1557.0

MicroWorld eScan
Application.Generic.408133
14.0.0.963

Panda Antivirus
Suspicious file
13.11.17.12

Reason Heuristics
PUP.Installer.Tuto4PC.H
14.8.8.3

SUPERAntiSpyware
Adware.Eorezo
10868

Trend Micro House Call
TROJ_GEN.F47V0613
7.2.321

VIPRE Antivirus
Trojan.Win32.Generic
18718

File size:
2.1 MB (2,233,760 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Eorezo Downloader (using Inno Setup)

Language:
Language Neutral

Common path:
C:\users\{user}\downloads\tuto4pc.exe

Digital Signature
Signed by:
Tuto4PC.com

Authority:
GlobalSign nv-sa

Valid from:
10/27/2011 8:26:43 AM

Valid to:
10/27/2013 8:26:43 AM

Subject:
CN=Tuto4PC.com, O=Tuto4PC.com, L=Paris, S=Ile-de-france, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217A044D9875AB5200314888C39C5486EF

File PE Metadata
Compilation timestamp:
6/19/1992 3:22:17 PM

OS version:
1.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:Y9DtOrn3tjrgX6mS+gGrdhyXPU1yb9xNp1Ucpxg5Z:SDtOxgXJSzyEPU1yzN4

Entry address:
0xA5F8

Entry point:
55, 8B, EC, 83, C4, C4, 53, 56, 57, 33, C0, 89, 45, F0, 89, 45, DC, E8, CE, 8A, FF, FF, E8, D5, 9C, FF, FF, E8, 64, 9F, FF, FF, E8, 07, A0, FF, FF, E8, A6, BF, FF, FF, E8, 11, E9, FF, FF, E8, 78, EA, FF, FF, 33, C0, 55, 68, C9, AC, 40, 00, 64, FF, 30, 64, 89, 20, 33, D2, 55, 68, 92, AC, 40, 00, 64, FF, 32, 64, 89, 22, A1, 14, C0, 40, 00, E8, 26, F5, FF, FF, E8, 11, F1, FF, FF, 80, 3D, 34, B2, 40, 00, 00, 74, 0C, E8, 23, F6, FF, FF, 33, C0, E8, C4, 97, FF, FF, 8D, 55, F0, 33, C0, E8, B6, C5, FF, FF, 8B, 55...
 
[+]

Entropy:
7.9949

Packer / compiler:
Inno Setup v5.x - Installer Maker

Code size:
39.5 KB (40,448 bytes)

The file tuto4pc.exe has been seen being distributed by the following URL.

http://dlfr.tuto4pc.com/clib/tuto4pc/fr/.../tuto4pc.exe

Remove tuto4pc.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.