home

mbot_br_66.exe

Tuto4PC.com

This is the Eorezo installer which may include software offers for unwanted programs including toolbars. The application mbot_br_66.exe by Tuto4PC.com has been detected as adware by 19 anti-malware scanners. The program is a setup application that uses the Eorezo Downloader installer. It is set to automatically execute when any user logs into Windows (through the local user run registry setting) with the name ‘mbot_br_66’.
Publisher:
Tuto4PC.com  (signed and verified)

MD5:
3573f2c2d3db165293a52333e198b491

SHA-1:
3f7ee88aaf08d2c3582bad19bea1e635ad5bf3e9

SHA-256:
afe7588220e65d0d93f6be235d25cc1e8497e2be5ae3dcfd001714a7330f008a

Scanner detections:
19 / 68

Status:
Adware

Description:
This 'download manager' is also considered bundleware, a utility designed to download software (possibly legitimate or opensource) and bundle it with a number of optional offers including ad-supported utilities, toolbars, shopping comparison tools and browser extensions.

Analysis date:
4/24/2024 2:05:52 PM UTC  (today)

Scan engine
Detection
Engine version

Lavasoft Ad-Aware
Application.Generic.714283
792

AhnLab V3 Security
PUP/Win32.Eorezo
2014.09.11

Avira AntiVirus
Adware/Eozo.eo
7.11.172.102

avast!
Win32:Eorezo-CX [PUP]
2014.9-140922

AVG
Generic
2015.0.3343

Baidu Antivirus
Adware.Win32.EoRezo
4.0.3.14922

Bitdefender
Application.Generic.714283
1.0.20.1690

Comodo Security
ApplicUnwnt
19520

ESET NOD32
Win32/AdWare.EoRezo.AU (variant)
8.10420

Fortinet FortiGate
Adware/Eozo
12/4/2014

G Data
Application.Generic.714283
14.12.24

IKARUS anti.virus
AdWare.Win32.EoRezo
t3scan.1.7.8.0

Kaspersky
not-a-virus:AdWare.Win32.Eozo
14.0.0.2847

Malwarebytes
Adware.EoRezo
v2014.09.22.03

MicroWorld eScan
Application.Generic.714283
15.0.0.1014

NANO AntiVirus
Riskware.Win32.Eozo.dewgao
0.28.2.61942

Panda Antivirus
Trj/Genetic.gen
14.09.22.03

Reason Heuristics
PUP.Startup.Tuto4PC.K
14.9.22.15

Sophos
EoRezo Adware
4.98

File size:
3.8 MB (3,980,744 bytes)

File type:
Executable application (Win32 EXE)

Bundler/Installer:
Eorezo Downloader

Common path:
C:\Program Files\mbot_br_66\mbot_br_66.exe

Digital Signature
Signed by:
Tuto4PC.com

Authority:
GlobalSign nv-sa

Valid from:
11/5/2013 2:27:40 PM

Valid to:
11/6/2014 2:27:40 PM

Subject:
E=contact@tuto4pc.com, CN=Tuto4PC.com, O=Tuto4PC.com, L=Paris, S=Ile-De-France, C=FR

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
1121DD93F3AC652F954C795B593955887E31

File PE Metadata
Compilation timestamp:
9/10/2014 4:56:47 AM

OS version:
5.1

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
10.0

CTPH (ssdeep):
98304:KiMtfbLfFdfi1qSrmgJ4aXfNrykZNSLnn0IiWLPmTO2lozmDOMRsfQjJ8+:JidfX4HNSwIiW/hMRsfQ

Entry address:
0x1DBC94

Entry point:
E8, A9, B4, 00, 00, E9, 89, FE, FF, FF, 8B, FF, 55, 8B, EC, 53, 56, 8B, F1, 33, DB, 3B, F3, 75, 16, E8, 90, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 78, 87, 00, 00, 8B, C6, E9, B4, 00, 00, 00, 57, 39, 5D, 08, 77, 16, E8, 74, 41, 00, 00, 6A, 16, 5E, 89, 30, E8, 5C, 87, 00, 00, 8B, C6, E9, 97, 00, 00, 00, 33, C9, 39, 5D, 10, 66, 89, 0E, 0F, 95, C1, 41, 39, 4D, 08, 77, 09, E8, 4D, 41, 00, 00, 6A, 22, EB, D7, 8B, 4D, 0C, 83, C1, FE, 83, F9, 22, 77, C5, 8B, CE, 39, 5D, 10, 74, 0E, 6A, 2D, 59, 33, DB, 66, 89, 0E, 43...
 
[+]

Code size:
2.9 MB (2,989,056 bytes)

Startup File (All Users Run)
Registry location:
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Name:
mbot_br_66

Command:
"C:\Program Files\mbot_br_66\mbot_br_66.exe"


Remove mbot_br_66.exe - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.