home

upfst_de_77.exe

TUTO4PC COM INTERNATIONAL SL

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application upfst_de_77.exe by TUTO4PC COM INTERNATIONAL SL has been detected as adware by 11 anti-malware scanners.
Publisher:
TUTO4PC COM INTERNATIONAL SL  (signed and verified)

MD5:
839ab7d6c2a9ef88c1f1abc040281d81

SHA-1:
95cf9e31b010b4cc75090afd02f710002cad1247

SHA-256:
89c663793f2e74cb4bec3d110fcee3e29a91bb5d6c1a6096a569a727f24a7767

Scanner detections:
11 / 68

Status:
Adware

Explanation:
May modify the web browser's settings including changing the homepage and search provider in addition to delivering ads (by injecting banner and text-links directly in the webpage).

Analysis date:
4/23/2024 12:23:17 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
PUA.EoRezo
7.1.1

avast!
Win32:Eorezo-CP [PUP]
140813-1

AVG
Adware Generic5.AYNP
2014.0.4015

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.14829

ESET NOD32
Win32/Adware.EoRezo.AJ application
7.0.302.0

IKARUS anti.virus
AdWare.CrossRider
t3scan.1.7.5.0

NANO AntiVirus
Riskware.Win32.EoRezo.dbtxkn
0.28.2.61861

Reason Heuristics
PUP.TUTO4PCCOMINTERNATIONALSL.L
14.8.29.15

Sophos
TUTO4PC
4.98

VIPRE Antivirus
Threat.4895339
32210

Zillya! Antivirus
Adware.Eorezo.Win32.220
2.0.0.1906

File size:
3.2 MB (3,355,128 bytes)

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\local\fst_de_77\upfst_de_77.exe

Digital Signature
Signed by:
TUTO4PC COM INTERNATIONAL SL

Authority:
GlobalSign nv-sa

Valid from:
6/3/2014 10:55:26 AM

Valid to:
7/28/2015 2:19:10 PM

Subject:
E=contact@tutoriales100.com, CN=TUTO4PC COM INTERNATIONAL SL, O=TUTO4PC COM INTERNATIONAL SL, L=BARCELONA, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - SHA256 - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121C8382D4ADA7C0F9495915A4D5B4D8C97

File PE Metadata
Compilation timestamp:
7/1/2014 1:18:07 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:7miWLnUwYpC8Fz22lilX0I7gJvSNQ1sJzRNT407rVqwyvpMNj:SivcqJl1E7p7rVqXB4j

Entry address:
0x1F8B0F

Entry point:
E8, A4, BA, 00, 00, E9, 89, FE, FF, FF, 3B, 0D, F0, 35, 6F, 00, 75, 02, F3, C3, E9, 2B, BB, 00, 00, 8B, C1, 83, 60, 04, 00, C7, 00, 88, 9D, 69, 00, C6, 40, 08, 00, C3, 8B, FF, 55, 8B, EC, 8B, C1, 8B, 4D, 08, C7, 00, 88, 9D, 69, 00, 8B, 09, 89, 48, 04, C6, 40, 08, 00, 5D, C2, 08, 00, 8B, 41, 04, 85, C0, 75, 05, B8, 90, 9D, 69, 00, C3, 8B, FF, 55, 8B, EC, 83, 7D, 08, 00, 57, 8B, F9, 74, 2D, 56, FF, 75, 08, E8, A6, 33, 00, 00, 8D, 70, 01, 56, E8, 33, 0F, 00, 00, 59, 59, 89, 47, 04, 85, C0, 74, 11, FF, 75, 08...
 
[+]

Code size:
2.3 MB (2,438,144 bytes)

Remove upfst_de_77.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.