home

SoftwareUpdate.exe

SoftwareUpdate

Eorezo

This is part of the Eorezo downloader which may bundle additional offers on the PC, mostly adware and other potentially unwanted software. The application SoftwareUpdate.exe, “Application de mise à jour des produits EoRezo” by Eorezo has been detected as adware by 13 anti-malware scanners. This browser extension displays targeted advertising by monitoring the URLs viewed in the web browser.
Publisher:
Eorezo  (signed and verified)

Product:
SoftwareUpdate

Description:
Application de mise à jour des produits EoRezo

Version:
1.0.0.0

MD5:
a5de97601c97d5d337ccf4455ef63163

SHA-1:
925af25e2bd3b130cf94d14d4c5b1a4c9b97b659

SHA-256:
493262949b8b4c9c97f68d43fcaef616f68048654dde3cde06b325339e9d1177

Scanner detections:
13 / 68

Status:
Adware

Analysis date:
11/15/2024 9:46:42 PM UTC  (today)

Scan engine
Detection
Engine version

Agnitum Outpost
Adware.EoRezo
7.1.1

Avira AntiVirus
Adware/EoRezo.A.128
7.11.188.58

avast!
Win32:Eorezo-AI [PUP]
2014.9-150129

AVG
Generic5
2016.0.3215

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.15129

ESET NOD32
Win32/Adware.EoRezo.AC (variant)
9.10767

IKARUS anti.virus
AdWare.Win32.EoRezo
t3scan.1.8.3.0

Malwarebytes
Trojan.Eorezo
v2015.01.29.06

Microsoft Security Essentials
Adware:Win32/EoRezo
1.11202

NANO AntiVirus
Trojan.Win32.EoRezo.bbszix
0.28.6.63474

Reason Heuristics
PUP.Eorezo
15.1.29.6

Sophos
EoRezo Adware
4.98

VIPRE Antivirus
Adware.Eorezo.a
35046

File size:
487.6 KB (499,296 bytes)

Product version:
1.0.0.0

Copyright:
(c) EoRezo. All rights reserved.

Original file name:
SoftwareUpdate.exe

File type:
Executable application (Win32 EXE)

Language:
English (United States)

Common path:
C:\users\{user}\appdata\roaming\eorezo\softwareupdate\softwareupdate.exe

Digital Signature
Signed by:
Eorezo

Authority:
VeriSign, Inc.

Valid from:
10/14/2008 2:00:00 AM

Valid to:
10/15/2009 1:59:59 AM

Subject:
CN=Eorezo, OU=Digital ID Class 3 - Microsoft Software Validation v2, O=Eorezo, L=Paris, S=Ile de France, C=FR

Issuer:
CN=VeriSign Class 3 Code Signing 2004 CA, OU=Terms of use at https://www.verisign.com/rpa (c)04, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:
5158654305438A3E707630D3BFDE7C69

File PE Metadata
Compilation timestamp:
12/9/2008 10:11:42 AM

OS version:
4.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
8.0

CTPH (ssdeep):
6144:3/GXIJlw/QJnWeAq7NFPFS5Bk9ALQcS14MwRx0cZZDQ3qqDLuOEPVLPr:3/GXtIJ7H9ALQhwReGLqnuOEPp

Entry address:
0x3992C

Entry point:
E8, 46, AF, 00, 00, E9, 16, FE, FF, FF, 6A, 00, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, FF, 74, 24, 14, E8, BE, AF, 00, 00, 83, C4, 14, C3, 8B, 44, 24, 04, 66, 8B, 08, 40, 40, 66, 85, C9, 75, F6, 2B, 44, 24, 04, D1, F8, 48, C3, CC, 68, D0, 99, 43, 00, 64, FF, 35, 00, 00, 00, 00, 8B, 44, 24, 10, 89, 6C, 24, 10, 8D, 6C, 24, 10, 2B, E0, 53, 56, 57, A1, D0, 77, 46, 00, 31, 45, FC, 33, C5, 50, 89, 65, E8, FF, 75, F8, 8B, 45, FC, C7, 45, FC, FE, FF, FF, FF, 89, 45, F8, 8D, 45, F0, 64, A3, 00, 00, 00, 00...
 
[+]

Code size:
328 KB (335,872 bytes)

Remove SoftwareUpdate.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.