home

UpdateTutoriaisSftonicHP.exe

UpdateTutorialsHP

Tuto4PC.com

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The application UpdateTutoriaisSftonicHP.exe by Tuto4PC.com has been detected as adware by 1 anti-malware scanner with very strong indications that the file is a potential threat. The program is a setup application that uses the Eorezo Downloader installer.
Publisher:
Tuto4PC  (signed by Tuto4PC.com)

Product:
UpdateTutorialsHP

Version:
1.12.3.21

MD5:
d7b062e7060e97cb519f0f9f453a6baf

SHA-1:
0fe022cb5a5b258e1ca2038f8ad9b182f588ae5f

SHA-256:
41449903751a4d76a31e27792c853ee37822b60315e0dea1ba56e6ffe8d55131

Scanner detections:
1 / 68

Status:
Adware

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/18/2024 10:40:43 AM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Eorezo.Tuto4PC.Bundler (M)
16.2.10.21

File size:
966.9 KB (990,056 bytes)

Product version:
1.12.3.21

Copyright:
(c) Tuto4PC. All rights reserved.

Original file name:
UpdateTutoriaisSftonicHP.exe

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Eorezo Downloader

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\tuto4pc\tuto4pc\updatetutoriaissftonichp.exe

Digital Signature
Signed by:
Tuto4PC.com

Authority:
GlobalSign nv-sa

Valid from:
10/27/2011 1:26:43 PM

Valid to:
10/27/2013 1:26:43 PM

Subject:
CN=Tuto4PC.com, O=Tuto4PC.com, L=Paris, S=Ile-de-france, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11217A044D9875AB5200314888C39C5486EF

File PE Metadata
Compilation timestamp:
4/11/2012 9:16:40 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
12288:y5nWipBzv6ZqaeK4Cv4oMxPDbRyZj6qqnuiD:a5zBaeKFAoMdxycq+uiD

Entry address:
0x51548

Entry point:
E8, 33, E1, 00, 00, E9, 16, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, AB, E1, 00, 00, 83, C4, 14, C3, 56, 8B, 74, 24, 08, 0F, B6, 06, FF, 74, 24, 0C, 50, E8, FA, 51, 00, 00, 59, 46, 85, C0, 59, 74, 06, 80, 3E, 00, 74, 01, 46, 8B, C6, 5E, C3, 53, 56, 8B, 74, 24, 0C, 33, DB, 3B, F3, 75, 1C, E8, C5, 0C, 00, 00, 53, 53, 53, 53, 53, C7, 00, 16, 00, 00, 00, E8, 47, F1, FF, FF, 83, C4, 14, 33, C0, EB, 16, 0F, B6, 06, 50, E8, CD, 51, 00, 00, 46, 85, C0, 59, 74, 05, 38...
 
[+]

Code size:
504 KB (516,096 bytes)

Startup File (All Users Run Once)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce

Name:
UpdateTutorialsHP

Command:
C:\users\{user}\appdata\roaming\tuto4pc\tuto4pc\updatetutoriaissftonichp.exe -runonce


Remove UpdateTutoriaisSftonicHP.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.