home

UpdatePctuto.exe

UpdatePctuto

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application UpdatePctuto.exe, “Application de mise à jour des produits Agence-Exclusive” by Agence Exclusive has been detected as a potentially unwanted program by 6 anti-malware scanners.
Publisher:
Agence-Exclusive  (signed by Agence Exclusive)

Product:
UpdatePctuto

Description:
Application de mise à jour des produits Agence-Exclusive

Version:
2.0.0.0

MD5:
6d699acc949d0829a6d6c0f0a2b5eb5f

SHA-1:
49621324baed1235a51ad61952dde8fd35ee95cc

SHA-256:
e691f0b62927d21b392f9d73dd97242eb11df9fc946983fbc50b643368122328

Scanner detections:
6 / 68

Status:
Potentially unwanted

Analysis date:
4/20/2024 3:27:56 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
Suspicion: unknown virus
2016.0.3192

Clam AntiVirus
Adware.Agent-5200
0.98/18155

Comodo Security
UnclassifiedMalware
13967

ESET NOD32
Win32/Adware.EoRezo (variant)
9.7623

Reason Heuristics
PUP.AgenceExclusive
15.2.21.9

Sophos
EoRezo Adware
4.82

File size:
759.6 KB (777,856 bytes)

Product version:
1.4.0.0

Copyright:
(c) Agence-Exclusive. All rights reserved.

Original file name:
UpdatePctuto.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\agence-exclusive\agence-exclusive\updatepctuto.exe

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 1:00:00 AM

Valid to:
1/23/2012 12:59:59 AM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
5/26/2011 10:34:44 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:mKNSZY9iDhRU47h0uRHRPl34HLeXcKnhf33LHKKBp5TIDEEsuLqnu1lBzImfxkC5:+CiDhRHhRll34reXcKnhf33LHJBp5TIx

Entry address:
0x23E38

Entry point:
E8, 5A, AF, 00, 00, E9, 16, FE, FF, FF, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, CC, 8B, 4C, 24, 04, F7, C1, 03, 00, 00, 00, 74, 24, 8A, 01, 83, C1, 01, 84, C0, 74, 4E, F7, C1, 03, 00, 00, 00, 75, EF, 05, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8D, A4, 24, 00, 00, 00, 00, 8B, 01, BA, FF, FE, FE, 7E, 03, D0, 83, F0, FF, 33, C2, 83, C1, 04, A9, 00, 01, 01, 81, 74, E8, 8B, 41, FC, 84, C0, 74, 32, 84, E4, 74, 24, A9, 00, 00, FF, 00, 74, 13, A9, 00, 00, 00, FF, 74, 02, EB, CD, 8D, 41, FF, 8B, 4C...
 
[+]

Code size:
332 KB (339,968 bytes)

Remove UpdatePctuto.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.