Eltwocompany

Publisher Information

Eltwocompany is a software publisher located in Seocho-gu, Seoul in Korea*. There is one additional code signing certificate issued to this publisher.
Remove Eltwocompany Malware - Powered by Reason Core Security
Authority:
Thawte, Inc.

Valid from:
9/17/2013 9:00:00 AM

Valid to:
10/18/2014 8:59:59 AM

Subject:
CN=Eltwocompany, O=Eltwocompany, L=Seocho-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
2edc6d113f1bca68a7df78e66dc81620

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Eltwocompany.K, PUP.Eltwocompany.H, PUP.Eltwocompany.R, PUP.Eltwocompany (M)
100.00%

nProtect
Adware/W32.Agent1.28016, Adware/W32.KrAdword.677376, Adware/W32.Agent1.123248, Adware/W32.KrAdword.208752, Adware/W32.KrAdword.128368
55.56%

Trend Micro House Call
TROJ_GEN.F47V1121, TROJ_GEN.F47V1221, TROJ_GEN.F47V0102, TROJ_GEN.F47V0217
55.56%

ViRobot
Adware.CertKey.28016, Adware.CertKey.127344, Adware.Windwstab.167792
33.33%

McAfee
Artemis!66918860CC02, Artemis!C16608DDD125
22.22%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-BAY.G, Artemis
22.22%

Bkav FE
W32.Cloda27.Trojan, W32.HfsAdware
22.22%

Rising Antivirus
PE:Malware.XPACK-HIE/Heur!1.9C48, PE:Trojan.Banload!6.10B3[F1]
22.22%

MicroWorld eScan
Gen:Variant.Symmi.36013
11.11%

Bitdefender
Gen:Variant.Symmi.36013
11.11%

8 / 68      (Adware)
loadcpd.dll  (c16608ddd1257b7f189a7dcdf9a753cc)

3 / 68      (Adware)
CertKey.exe (ELTWO)  (01f86f51ad0a1c49b9be44dfad5a63e2)

4 / 68      (Adware)
RollingPop_E.exe (RollingPop_E by LTOB)  (31e44acf8f3bea44b4b7625fb8b43688)

1 / 68      (Adware)
jisis.ntp  (971090cad4838199a0ea5f380c28ba10)

3 / 68      (Adware)
CertKey.exe (ELTWO)  (b3b4e1a3d7d0bee7e89721c9e380d459)

3 / 68      (Adware)
windowstab.dll (WindowsTab)  (6b32ff507b8306ecfa9392745e30d3c4)

15 / 68    (Adware)
certkey_pcessence.dll  (c2a2081cead06a98962ea9e017d966b7)

2 / 68      (Adware)
CertKey.exe (ELTWO)  (e34c0343d8e1ddd1185fea9f6c6b7c37)

4 / 68      (Adware)
CertKeySvc.exe (CertKeySvc by ELTWO)  (4ece80d354e6df69d56fec38b7887392)

The following certificate is also signed by Eltwocompany.

09D251F244DA1F5DB45EBD3C90B2568F  (Sep 19, 2012 to Sep 20, 2013)

Remove Eltwocompany Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to Eltwocompany by Thawte, Inc. on September 17, 2013 with the serial number '2edc6d113f1bca68a7df78e66dc81620'.