home

loadcpd.dll

Eltwocompany

The module loadcpd.dll by Eltwocompany has been detected as adware by 7 anti-malware scanners.
Publisher:
Eltwocompany  (signed and verified)

MD5:
c16608ddd1257b7f189a7dcdf9a753cc

SHA-1:
91851f08790a8625969c8b54b59fe2bbbf12685f

SHA-256:
cd506d2eee22222f92a6b2d4d6cf09c456d3cbf52434f68121a1052922911aa9

Scanner detections:
7 / 68

Status:
Adware

Analysis date:
4/24/2024 9:19:19 PM UTC  (today)

Scan engine
Detection
Engine version

Avira AntiVirus
TR/ATRAPS.Gen
8.3.2.2

Bkav FE
W32.HfsAdware
1.3.0.7133

F-Prot
W32/Banker.T.gen
v6.4.7.1.166

McAfee
Artemis!C16608DDD125
5600.6585

NANO AntiVirus
Trojan.Win32.ATRAPS.cvbckl
0.30.24.3079

Reason Heuristics
PUP.Eltwocompany (M)
15.11.10.13

Rising Antivirus
PE:Trojan.Banload!6.10B3[F1]
23.00.65.151108

File size:
2.8 MB (2,927,984 bytes)

File type:
Dynamic link library (Win32 DLL)

Common path:
C:\users\{user}\appdata\roaming\certkey\loadcpd.dll

Digital Signature
Signed by:
Eltwocompany

Authority:
Thawte, Inc.

Valid from:
9/17/2013 9:00:00 AM

Valid to:
10/18/2014 8:59:59 AM

Subject:
CN=Eltwocompany, O=Eltwocompany, L=Seocho-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2EDC6D113F1BCA68A7DF78E66DC81620

File PE Metadata
Compilation timestamp:
1/16/2014 11:55:35 AM

OS version:
5.0

OS bitness:
Win32

Subsystem:
Windows GUI

Linker version:
2.25

CTPH (ssdeep):
49152:p3qnQpSdEuT1lWxd/bEgDSdVFINh6rJwNEJeq/07x9WBm:p3qlXQpEvYx

Entry address:
0xB1C74

Entry point:
55, 8B, EC, 83, C4, C0, B8, 38, BE, 4A, 00, E8, 5C, 88, F5, FF, E8, CB, 49, F5, FF, 8D, 40, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00...
 
[+]

Entropy:
6.6610

Developed / compiled with:
Microsoft Visual C++

Code size:
706.5 KB (723,456 bytes)

Remove loadcpd.dll - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.