home

virutalmachinedetect.exe

TUTO4PC COM INTERNATIONAL SL

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application virutalmachinedetect.exe by TUTO4PC COM INTERNATIONAL SL has been detected as adware by 2 anti-malware scanners. Accoriding to the detections, it is a variant of Zbot (Zeus), a trojan that attempts to steal confidential information (online credentials, and banking details) from a compromised computer and send it to online criminals via a command-and-control server.
Publisher:
TUTO4PC COM INTERNATIONAL SL  (signed and verified)

MD5:
ff634f5cb9064887004bd95b5ea88c34

SHA-1:
63588eed9845eccbe71f6b21daec5af3dfb94cb1

SHA-256:
55470ad8f5c9f16624bc562fd3734767f8db215542c240e5538a802cafa085f3

Scanner detections:
2 / 68

Status:
Adware

Analysis date:
4/25/2024 9:03:54 PM UTC  (today)

Scan engine
Detection
Engine version

Comodo Security
TrojWare.Win32.Spy.Zbot.PPQD
17237

Reason Heuristics
PUP.TUTO4PCCOMINTERNATIONALSL.U
14.8.8.3

File size:
35.5 KB (36,336 bytes)

File type:
Executable application (Win32 EXE)

Common path:
C:\users\{user}\appdata\local\temp\{random}.tmp\virutalmachinedetect.exe

Digital Signature
Signed by:
TUTO4PC COM INTERNATIONAL SL

Authority:
GlobalSign nv-sa

Valid from:
6/26/2013 2:19:10 PM

Valid to:
6/27/2014 2:19:10 PM

Subject:
E=contact@tutoriales100.com, CN=TUTO4PC COM INTERNATIONAL SL, O=TUTO4PC COM INTERNATIONAL SL, L=BARCELONA, S=CATALUNYA, C=ES

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121E6FBF47B55F81EDBA70D3D2CA03E568F

File PE Metadata
Compilation timestamp:
10/30/2013 5:28:42 PM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows Console

Linker version:
10.0

CTPH (ssdeep):
768:HoWEjFh3sMO57UMEkEDMAnnmjhr2Ua1Vka9:HoWO3sMg7UjIr2Xjks

Entry address:
0x1273

Entry point:
E8, 87, 14, 00, 00, E9, 95, FE, FF, FF, 8B, FF, 55, 8B, EC, 81, EC, 28, 03, 00, 00, A3, 38, 9C, 40, 00, 89, 0D, 34, 9C, 40, 00, 89, 15, 30, 9C, 40, 00, 89, 1D, 2C, 9C, 40, 00, 89, 35, 28, 9C, 40, 00, 89, 3D, 24, 9C, 40, 00, 66, 8C, 15, 50, 9C, 40, 00, 66, 8C, 0D, 44, 9C, 40, 00, 66, 8C, 1D, 20, 9C, 40, 00, 66, 8C, 05, 1C, 9C, 40, 00, 66, 8C, 25, 18, 9C, 40, 00, 66, 8C, 2D, 14, 9C, 40, 00, 9C, 8F, 05, 48, 9C, 40, 00, 8B, 45, 00, A3, 3C, 9C, 40, 00, 8B, 45, 04, A3, 40, 9C, 40, 00, 8D, 45, 08, A3, 4C, 9C, 40...
 
[+]

Code size:
17.5 KB (17,920 bytes)

Remove virutalmachinedetect.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.