home

UpdatePctuto.exe

UpdatePctuto

Agence Exclusive

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application UpdatePctuto.exe, “Application de mise à jour des produits Agence-Exclusive” by Agence Exclusive has been detected as a potentially unwanted program by 10 anti-malware scanners.
Publisher:
Agence-Exclusive  (signed by Agence Exclusive)

Product:
UpdatePctuto

Description:
Application de mise à jour des produits Agence-Exclusive

Version:
2.0.0.0

MD5:
b90bd86fea484d139518b10b380a0911

SHA-1:
f026652f5a2ab4032a7b862fe1a6e889c36b5d93

SHA-256:
d3e612c182f1b02ba22fd0cbd82c83b70a7227cce97a4ec9df76d2f3b6853248

Scanner detections:
10 / 68

Status:
Potentially unwanted

Analysis date:
4/25/2024 8:05:10 PM UTC  (today)

Scan engine
Detection
Engine version

AVG
MalSign.Adware
2015.0.3520

Baidu Antivirus
AdWare.Win32.EoRezo
4.0.3.14330

Clam AntiVirus
Adware.Agent-5200
0.98/18155

Comodo Security
UnclassifiedMalware
17154

ESET NOD32
Win32/Adware.EoRezo (variant)
8.8963

K7 AntiVirus
Unwanted-Program
13.173.9980

Malwarebytes
PUP.Tuto4PC
v2014.03.30.04

Reason Heuristics
PUP.AgenceExclusive.M
14.7.27.14

Sophos
EoRezo Adware
4.94

Trend Micro House Call
TROJ_GEN.R0CBH0AJC13
7.2.89

File size:
751.6 KB (769,664 bytes)

Product version:
1.4.0.0

Copyright:
(c) Agence-Exclusive. All rights reserved.

Original file name:
UpdatePctuto.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\pctuto\updatepctuto\updatepctuto.exe

Digital Signature
Signed by:
Agence Exclusive

Authority:
VeriSign, Inc.

Valid from:
1/19/2011 1:00:00 AM

Valid to:
1/23/2012 12:59:59 AM

Subject:
CN=Agence Exclusive, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Agence Exclusive, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
612CB1F3C82CC0C69A0C351146C131A3

File PE Metadata
Compilation timestamp:
4/13/2011 6:13:13 PM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:gqSjLBIqVfqLuDpd27xhztqnuSlBzImfxkCeE/WiE9:gLBYLuDXU3t+uSlBzZkCOig

Entry address:
0x39D3E

Entry point:
E8, 64, AF, 00, 00, E9, 16, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, DC, AF, 00, 00, 83, C4, 14, C3, 8B, 44, 24, 04, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 44, 24, 04, D1, F8, 48, C3, CC, CC, CC, 68, E0, 9D, 43, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, D0, 77, 46, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00...
 
[+]

Code size:
328 KB (335,872 bytes)

Remove UpdatePctuto.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.