home

tuto4pcbho.dll

Tuto4PCBHO

Tuto4PC.com

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The module tuto4pcbho.dll by Tuto4PC.com has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Eorezo Downloader installer. It is installed within the context of Internet Explore as a BHO (Browser Helper Object) under the name ‘Tuto4pcBHO’. This file is typically installed with the program Tuto4pc which is a potentially unwanted software program.
Publisher:
Tuto4PC  (signed by Tuto4PC.com)

Product:
Tuto4PCBHO

Description:
...

Version:
1.0.0.0

MD5:
c0c5903d963030a38cfbbeecc2c1267b

SHA-1:
49abaf069a796f26f90bf1b92ec81abb6acdc32b

SHA-256:
5ad1e4d6061f69ae7ef9641f0c2161869ec25c97b5fc6b87ece0202a5db6b86b

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/26/2024 3:51:53 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Eorezo.Tuto4PC.Bundler (M)
16.2.15.3

File size:
450.9 KB (461,672 bytes)

Product version:
1.0.0.0

Copyright:
(c) Tuto4PC SAS. All rights reserved.

Original file name:
AgenceBHO.dll

File type:
Dynamic link library (Win32 DLL)

Bundler/Installer:
Eorezo Downloader

Language:
English (United States)

Common path:
C:\Program Files\tuto4pc\tuto4pcbho.dll

Digital Signature
Signed by:
Tuto4PC.com

Authority:
GlobalSign nv-sa

Valid from:
10/27/2011 5:26:43 PM

Valid to:
10/27/2013 4:26:43 PM

Subject:
CN=Tuto4PC.com, O=Tuto4PC.com, L=Paris, S=Ile-de-france, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217A044D9875AB5200314888C39C5486EF

File PE Metadata
Compilation timestamp:
3/27/2012 2:16:59 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:g0yL4lKrZ+RMcTK6jKEJuZTTgp8KNWvMCP00VySBy2NCPT8aqu4:g06+q6GdTgp8WWXP0LSBy2Chqp

Entry address:
0x283AC

Entry point:
83, 7C, 24, 08, 01, 75, 05, E8, 05, B8, 00, 00, FF, 74, 24, 04, 8B, 4C, 24, 10, 8B, 54, 24, 0C, E8, ED, FE, FF, FF, 59, C2, 0C, 00, 55, 8B, EC, 83, EC, 20, 8B, 45, 08, 56, 57, 6A, 08, 59, BE, B8, 7C, 05, 10, 8D, 7D, E0, F3, A5, 89, 45, F8, 8B, 45, 0C, 85, C0, 5F, 89, 45, FC, 5E, 74, 0C, F6, 00, 08, 74, 07, C7, 45, F4, 00, 40, 99, 01, 8D, 45, F4, 50, FF, 75, F0, FF, 75, E4, FF, 75, E0, FF, 15, 04, 44, 05, 10, C9, C2, 08, 00, 50, 64, FF, 35, 00, 00, 00, 00, 8D, 44, 24, 0C, 2B, 64, 24, 0C, 53, 56, 57, 89, 28...
 
[+]

Code size:
332 KB (339,968 bytes)

Internet Explorer BHO
Display name:
Tuto4pcBHO

CLSID:
{7A66EB91-F7D3-4de2-8CA9-12C12AF3D5F2}

CLSID name:
Tuto4pcBHO Class


The file tuto4pcbho.dll has been discovered within the following program.

Tuto4pc  by Tuto4pc
This is an adware web browser extension that will display various popup and banner ads as well as modify the user's web browser search and home page settings.
my.tuto4pc.com
82% remove it
 
Powered by Should I Remove It?

Remove tuto4pcbho.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.