Eltwocompany

Publisher Information

Eltwocompany is a software publisher located in Seocho-gu, Seoul in Korea*. The company is a primary distributor of unwanted software. There is one additional code signing certificate issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
9/17/2013 9:00:00 AM

Valid to:
10/18/2014 8:59:59 AM

Subject:
CN=Eltwocompany, O=Eltwocompany, L=Seocho-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2edc6d113f1bca68a7df78e66dc81620

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Eltwocompany.K, PUP.Eltwocompany.H, PUP.Eltwocompany.R, PUP.Eltwocompany (M), PUP.Eltwocom (M)
100.00%

nProtect
Adware/W32.Agent1.28016, Adware/W32.KrAdword.677376, Adware/W32.Agent1.123248, Adware/W32.KrAdword.208752, Adware/W32.KrAdword.128368
29.41%

Trend Micro House Call
TROJ_GEN.F47V1121, TROJ_GEN.F47V1221, TROJ_GEN.F47V0102, TROJ_GEN.F47V0217
29.41%

ViRobot
Adware.CertKey.28016, Adware.CertKey.127344, Adware.Windwstab.167792
17.65%

McAfee
Artemis!66918860CC02, Artemis!C16608DDD125
11.76%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-BAY.G, Artemis
11.76%

Bkav FE
W32.Cloda27.Trojan, W32.HfsAdware
11.76%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48, PE:Trojan.Banload!6.10B3[F1]
11.76%

MicroWorld eScan
Gen:Variant.Symmi.36013
5.88%

Bitdefender
Gen:Variant.Symmi.36013
5.88%

1 / 68      (Adware)
searchopen.dll  (eaaf81b3997f673c57c07ac6f98df8c2)

1 / 68      (Adware)
CertKey.exe (ELTWO)  (405c7afc2f4805fb323a29e9c3fef873)

1 / 68      (Adware)
certkey.dll  (e7191652342be338b9c3e4d5a9cc2bad)

1 / 68      (Adware)
CertKey.exe (ELTWO)  (221ba9cffdcf0966c6ae60f71fabe897)

1 / 68      (Adware)
news.dll  (3d85cf0863e13dfd2e39543ce8648d72)

1 / 68      (Adware)
loadcpd_new.dll  (10a8368059eec4b3feb276537862620a)

1 / 68      (Adware)
CertKey.exe (ELTWO)  (8a427bab0210b9ebf71d9d3e143d0171)

1 / 68      (Adware)
RollingPop_E.exe (RollingPop_E by LTOB)  (51f75c706855c1fb779568acf7b5a331)

8 / 68      (Adware)
loadcpd.dll  (c16608ddd1257b7f189a7dcdf9a753cc)

3 / 68      (Adware)
CertKey.exe (ELTWO)  (01f86f51ad0a1c49b9be44dfad5a63e2)

4 / 68      (Adware)
RollingPop_E.exe (RollingPop_E by LTOB)  (31e44acf8f3bea44b4b7625fb8b43688)

1 / 68      (Adware)
jisis.ntp  (971090cad4838199a0ea5f380c28ba10)

3 / 68      (Adware)
CertKey.exe (ELTWO)  (b3b4e1a3d7d0bee7e89721c9e380d459)

3 / 68      (Adware)
windowstab.dll (WindowsTab)  (6b32ff507b8306ecfa9392745e30d3c4)

15 / 68    (Adware)
certkey_pcessence.dll  (c2a2081cead06a98962ea9e017d966b7)

2 / 68      (Adware)
CertKey.exe (ELTWO)  (e34c0343d8e1ddd1185fea9f6c6b7c37)

4 / 68      (Adware)
CertKeySvc.exe (CertKeySvc by ELTWO)  (4ece80d354e6df69d56fec38b7887392)

The following certificate is also signed by Eltwocompany.

09D251F244DA1F5DB45EBD3C90B2568F  (Sep 19, 2012 to Sep 20, 2013)

* Note, the details and description above are based on the code signing digital signature issued to Eltwocompany by Thawte, Inc. on September 17, 2013 with the serial number '2edc6d113f1bca68a7df78e66dc81620'.