HOW SOFT

Publisher Information

HOW SOFT is a software publisher located in Guro-gu, Seoul in Korea*. The publisher primarily developes software that can be classified as adware. Thre are 2 additional code signing certificates issued to this publisher.
Authority:
Thawte, Inc.

Valid from:
12/16/2010 9:00:00 AM

Valid to:
12/17/2011 8:59:59 AM

Subject:
CN=HOW SOFT, O=HOW SOFT, L=Guro-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
3b9817fbe154b0346689e1852f9704a7

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.HOWSOFT.R, PUP.Installer.HOWSOFT.T, PUP.HOWSOFT.S, PUP.HOWSOFT.L, PUP.HOWSOFT.K, PUP.Hue Communication, PUP.Hue Communication.HOWSOFT.Installer (M), PUP.Hue Communication.HOWSOFT (M)
100.00%

avast!
Win32:PUP-gen [PUP], Win32:HowSoft-A [PUP]
50.00%

AhnLab V3 Security
PUP/Win32.DloadAgr, PUP/Win32.KTHOpenSearch, PUP/Win32.KOSearch, PUP/Win32.DownLoadGet, Trojan/Win32.Spreader
29.17%

McAfee
Artemis!226CDFD64630, Artemis!15E96A681A78, Artemis!3C18A1501126, Artemis!223DD7F88C12, Artemis!EBD2EC031CFA
20.83%

Trend Micro House Call
Suspicious_GEN.F47V0702, TROJ_DLOAD.JRO, TROJ_GEN.F47V1006, TROJ_DLOAD.PSV, Suspicious_GEN.F47V0711
20.83%

Avira AntiVirus
TR/Agent.375960, TR/ATRAPS.Gen2, TR/Gendal.A.581, TR/Gendal.6260580
20.83%

McAfee Web Gateway
Artemis!226CDFD64630, Artemis!Trojan, Artemis!3C18A1501126, Artemis!223DD7F88C12, Artemis!EBD2EC031CFA
20.83%

Antiy Labs AVL
Trojan/Win32.TSGeneric, Trojan/Win32.SGeneric, Trojan/Win32.Hupigon.gic
20.83%

VIPRE Antivirus
Trojan.Win32.Generic, Win32.Malware!Drop, Trojan.Win32.Generic!SB.0
20.83%

IKARUS anti.virus
Trojan.Agent, Trojan.ATRAPS, Trojan.Gendal
16.67%

1 / 68      (PUP)
howcodecopen.exe (by howsoft)  (c107e639cc776c118dbb0157c5e097d7)

1 / 68      (PUP)
howcodecsrv.exe  (c3f8a37947f831aaed364d45095a9b8e)

1 / 68      (PUP)
kosuninst.exe (KTHOpenSearch by NowSoft)  (1392af38217e73c0fdf795ff9e6af61c)

1 / 68      (PUP)
kosguide.dll (by HowSoft)  (ef8a12fed14d4fa4c4321e93d45f4d8e)

1 / 68      (PUP)
kosearchup.exe (KTHOpenSearch by NowSoft)  (f0b6b638cb24a81db1fd15700b0dc785)

1 / 68      (PUP)
kosearch.exe (KTHOpenSearch by HowSoft)  (da83b08c04100064c9caf98678a16b87)

1 / 68      (PUP)
kosearch.dll (KTHOpenSearch by NowSoft)  (e51b10adb36bbe4f70d9505fbcd73c01)

1 / 68      (PUP)
kos_earchup.exe (by HowSoft)  (217d6ed49b881560a339ea9bc09bdfa7)

1 / 68      (PUP)
kthopensearchsetup.exe (by HowSoft)  (6a630b790f5613fee093b8eb4778b3c4)

1 / 68      (PUP)
DownLoadGetInstall.exe  (b7948e697e305362d077edd013d2b04d)

24 / 68    (PUP)
DownLoadGetupHp.exe  (ebd2ec031cfa50b68498e1bd5c077314)

15 / 68    (PUP)
DownLoadGetUpgrade.exe  (47d426ddf8b8d91a092d25526e34f638)

13 / 68    (PUP)
DownLoadGetUnInstall.exe  (223dd7f88c125103cb8e0395f0cfd59e)

2 / 68      (PUP)
Down_LoadGetUnInstall.exe  (dd20c8e69d48e23b47714a83ca325593)

5 / 68      (PUP)
Down_LoadGet.exe  (d84a61109e2b927d2f56a9d019c7387d)

4 / 68      (PUP)
DLDownload.dll  (ecafa5a113a934ce33a60b38f21513db)

9 / 68      (PUP)
HowCodecSetup.exe (by HowSoft)  (3c18a15011267f44e99f486f457ec766)

1 / 68      (PUP)
DownLoadGetChange.exe  (77149d69cd78f7e9bfdd54d0e7c4676f)

4 / 68      (PUP)
DownLoadGet.exe  (36ba56f0715ef79f8598eb702204e6af)

15 / 68    (PUP)
DgDownload.dll  (15e96a681a78899cf1c11afd898dd568)

6 / 68      (PUP)
kos_earchch.exe  (bb0808d286ea9cc06b374f91cda6647b)

11 / 68    (PUP)
Down_LoadDownAgree.exe  (226cdfd6463090695b8aedfa93340662)

12 / 68    (PUP)
kth_opensearchsetup.exe  (22c76a26ad9add4442ab02f7056881f9)

3 / 68      (PUP)
DownLoadDownAgree.exe  (d7f1e01443a3e2a62efa0d71ae339ace)

The certificates below are also signed by HOW SOFT.

7BA3F775C5D05768F56F97039538592C  (Jan 30, 2013 to Mar 02, 2015)

567C8147E85208EFCE0495C1D8AC015F  (Nov 28, 2011 to Jan 27, 2013)

* Note, the details and description above are based on the code signing digital signature issued to HOW SOFT by Thawte, Inc. on December 16, 2010 with the serial number '3b9817fbe154b0346689e1852f9704a7'.