home

UpdatePctuto.exe

UpdatePctuto

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application UpdatePctuto.exe, “Application de mise à jour des produits Agence-Exclusive” by Agence Exclusive has been detected as a potentially unwanted program by 7 anti-malware scanners.
Publisher:
Agence-Exclusive  (signed by Agence Exclusive)

Product:
UpdatePctuto

Description:
Application de mise à jour des produits Agence-Exclusive

Version:
2.0.0.0

MD5:
97547c615c63033190d2c45344824cb4

SHA-1:
b09f98bbebda3054f9dc7567d35de6659a5c4950

SHA-256:
3c96ef588b91d84d4bf28ec289106d04cafd55e7702f16ce93a595a3571d9874

Scanner detections:
7 / 68

Status:
Potentially unwanted

Analysis date:
4/24/2024 11:39:32 AM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
Adware/EoRezo.N.3
7.11.79.30

Clam AntiVirus
Adware.Agent-5200
0.98/18155

Comodo Security
UnclassifiedMalware
16272

ESET NOD32
Win32/Adware.EoRezo (variant)
8.8345

Malwarebytes
PUP.Tuto4PC
v2014.10.10.01

Reason Heuristics
PUP.AgenceExclusive.M
14.10.10.13

Sophos
EoRezo Adware
4.89

File size:
751.6 KB (769,664 bytes)

Product version:
1.4.0.0

Copyright:
(c) Agence-Exclusive. All rights reserved.

Original file name:
UpdatePctuto.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\pctuto\pctuto\updatepctuto.exe

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 1:00:00 AM

Valid to:
1/23/2012 12:59:59 AM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
3/2/2011 4:25:48 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:xIgGMoQ6Np2eXTeos7GO6qnuSlBzImfxkCeE/WiEc:mMoWeXTdSS+uSlBzZkCOix

Entry address:
0x39D3E

Entry point:
E8, 64, AF, 00, 00, E9, 16, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, DC, AF, 00, 00, 83, C4, 14, C3, 8B, 44, 24, 04, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 44, 24, 04, D1, F8, 48, C3, CC, CC, CC, 68, E0, 9D, 43, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, D0, 77, 46, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00...
 
[+]

Code size:
328 KB (335,872 bytes)

Remove UpdatePctuto.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.