Eltwocompany

Publisher Information

Eltwocompany is a software publisher located in Seocho-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. There is one additional code signing certificate issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
9/20/2012 9:00:00 AM

Valid to:
9/21/2013 8:59:59 AM

Subject:
CN=Eltwocompany, O=Eltwocompany, L=Seocho-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09d251f244da1f5db45ebd3c90b2568f

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.Eltwocompany.P, PUP.Eltwocompany, PUP.Eltwocompany (M), PUP.Eltwocompany.Installer (M), PUP.Eltwocom (M), PUP.Eltwocom.Installer (M), PUP (M)
100.00%

ESET NOD32
Win32/Adware.CloverPlus.AB (variant), Win32/VB.PBN (variant)
19.35%

IKARUS anti.virus
Backdoor.Win32.Runagry, Trojan.VB2, AdWare.Win32.Kwsearchguide
19.35%

VIPRE Antivirus
Trojan.Win32.Generic.pak!cobra
16.13%

Trend Micro House Call
TROJ_GEN.F47V0708, TROJ_GEN.F47V0212, Suspicious_GEN.F47V0321
12.90%

Malwarebytes
Adware.KorAd
9.68%

Comodo Security
TrojWare.Win32.TrojanDownloader.VB.PMEA, UnclassifiedMalware
9.68%

AVG
Generic9_c, Generic5
6.45%

Dr.Web
DLOADER.Trojan
6.45%

AhnLab V3 Security
PUP/Win32.HipPop
3.23%

1 / 68      (Adware)
wsupd.EXE  (4d2337fb45f4dedf54aa88214e8491c0)

1 / 68      (Adware)
windiscover.EXE  (220968764c48a9c7e89ba3365bff87b7)

1 / 68      (Adware)
windiscover6.exe  (20370d20a858e1ee7570d9ff54bfcba7)

1 / 68      (Adware)
windiscover.EXE  (bcd965a649f973760536e2c17ce177b0)

1 / 68      (Adware)
windiscover.EXE  (8dcc55bc520206c61af8f2d058f440c7)

1 / 68      (Adware)
cssares.exe  (b23a5273458a2ccfb0ea1c57473276d1)

1 / 68      (Adware)
qst84300xi.exe  (bf23266616a71e86c08aa0c523ec4121)

1 / 68      (Adware)
launc.exe  (4e7c7b45f5ab0d17b0ecc117f75444b2)

1 / 68      (Adware)
RollingPop_E.exe (RollingPop_E by LTOB)  (e9951fcb14f6d88ceae2d07f05eefa13)

1 / 68      (Adware)
RollingPop_E.exe (RollingPop_E by LTOB)  (d3407145c9e0710064ede6b9cee79104)

1 / 68      (Adware)
wsupd.EXE  (e5cbfcbca53ee7bb448efb7f9cff20b0)

1 / 68      (Adware)
windiscover.EXE  (a811afaf99788da68ec89845d5c16227)

1 / 68      (Adware)
windiscover.EXE  (8eaaa264cc81daad2f8338a0bf5d2e9f)

1 / 68      (Adware)
windiscover.dll  (d22fea3aee1d3ca6d847a1d17ecf13e0)

1 / 68      (Adware)
rollingpop_h_roll01.exe (by LTOB)  (2c01665f63785abb2f11becf4fb76fc7)

1 / 68      (Adware)
RollingPop_E.exe (RollingPop_E by LTOB)  (37c2e2c2927f5f0e84e42cf86e618bc8)

1 / 68      (Adware)
windiscover8.exe  (9aab1fc1c6418ae6fe277844615c7416)

1 / 68      (Adware)
windiscover2.exe  (f771f9e820f2961078c075ed9b5ad0ad)

1 / 68      (Adware)
RollingPop_E.exe (RollingPop_E by LTOB)  (2079a4b5e42861151da75ec131392df9)

1 / 68      (Adware)
wdc_uninstaller.exe  (0e9ac975f52e0d7f6ac223ffa21d0ade)

1 / 68      (Adware)
RollingPop_E.exe (RollingPop_E by LTOB)  (23120fe470bdab085478d85dc05f5c88)

1 / 68      (Adware)
RollingPop_U.exe (RollingPop_U by LTOB)  (6835767735143878f0cd4890b117455d)

1 / 68      (Adware)
windiscover7.exe  (d956b7e9cc2d4df806066ada4d993110)

5 / 68      (Adware)
setup_00002.exe  (1fcad3dc4562683288f018da9911a03e)

3 / 68      (Adware)
RollingPop_S.exe (RollingPop_S by LTOB)  (078b0e03b8d863315f63a813f44a7175)

5 / 68      (Adware)
windiscover1.exe  (df6bec3ee06d65a2cf1db8fddf89738c)

6 / 68      (Adware)
windiscover.EXE  (0cb421a0e5634e6d4ee752d1477092b8)

10 / 68    (Adware)
tmp00001103  (6846aed744da36bb25fb20069529be8a)

9 / 68      (Adware)
RollingPop_U.exe (RollingPop_U by LTOB)  (83fe37750c0faff74feaaa0f850019aa)

3 / 68      (Adware)
RollingPop_S.exe (RollingPop_S by LTOB)  (eedfe1a35eded5bac95c404b18d63a38)

 
Latest 30 of 31 files

The following certificate is also signed by Eltwocompany.

2EDC6D113F1BCA68A7DF78E66DC81620  (Sep 17, 2013 to Oct 18, 2014)

* Note, the details and description above are based on the code signing digital signature issued to Eltwocompany by Thawte, Inc. on September 20, 2012 with the serial number '09d251f244da1f5db45ebd3c90b2568f'.