HOW SOFT

Publisher Information

HOW SOFT is a software publisher located in Guro-gu, Seoul in Korea*. The publisher primarily developes software that can be classified as adware. Thre are 2 additional code signing certificates issued to this publisher.
Remove HOW SOFT Malware - Powered by Reason Core Security
Authority:
Thawte, Inc.

Valid from:
1/31/2013 9:00:00 AM

Valid to:
3/3/2015 8:59:59 AM

Subject:
CN=HOW SOFT, OU=IT Team, O=HOW SOFT, L=Guro-gu, S=SEOUL, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
7ba3f775c5d05768f56f97039538592c

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.HOWSOFT.R, PUP.HOWSOFT.L, PUP.HOWSOFT.M, PUP.HOWSOFT.R, PUP.HOWSOFT.J, PUP.HOWSOFT.E, PUP.HOWSOFT.H, PUP.Installer.HOWSOFT.L, PUP.Hue Communication.HOWSOFT (M), PUP.Hue Communication.HOWSOFT.Installer (M)
100.00%

avast!
Win32:HowSoft-A [PUP], Win32:Installer-AA [PUP]
70.45%

McAfee Web Gateway
Heuristic.BehavesLike.Win32.Suspicious-BAY.G, Artemis!29D0C1BD78F1, Artemis!DD6E7F345EBD, Heuristic.BehavesLike.Win32.Suspicious-BAY.K
38.64%

CMC Antivirus
Hoax.Win32.BadJoke.ScreenFlicker!O
36.36%

AVG
Win32/DH, HowSoft, Generic10_c, Win32/DH{gQwuICQiJYESPA}
29.55%

Trend Micro House Call
TROJ_GEN.F47V0319, TROJ_GEN.F47V0416, TROJ_GEN.F47V0207, ADW_KRADDARE, Suspicious_GEN.F47V1028, TROJ_DELF.SXM, TROJ_GEN.F47V0326
25.00%

McAfee
Artemis!29D0C1BD78F1, Artemis!DD6E7F345EBD, Artemis!D45BDA60DB5F, Artemis!E92E8B70920E, Artemis!55EB892F7DCD, Artemis!9A7C7E70612E
25.00%

AhnLab V3 Security
PUP/Win32.WindowSearch, PUP/Win32.EveryToolbar, PUP/Win32.KTHOpenSearch, PUP/Win32.HowCodec, PUP/Win32.KOSearch, PUP/Win32.DownLoadGet
22.73%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h, AdWare.Kraddare, TrojanDownloader.Delf
20.45%

Bitdefender
Trojan.GenericKD.1681832, Gen:Variant.Strictor.38275, Application.Generic.571740, Application.Generic.571767, Application.Generic.858311
20.45%

1 / 68      (PUP)
howcodecsetup.exe  (fa97513667665623542913591a0b23b8)

1 / 68      (PUP)
timeAdd.dll  (59063205e6fc26287ea44890b853641a)

1 / 68      (PUP)
hka.dll (hka.dll by HowSoft)  (2b412e3683f38cbd3c646696e9e1d538)

1 / 68      (PUP)
wsstart.exe (WindowSearch Version Manager by HowSoft)  (cf584613f3ca98619fba0a7a9d6e46bd)

1 / 68      (PUP)
howcodec_update.exe (by HowSoft)  (8009c8e3338084dea94fda627f664103)

1 / 68      (PUP)
timeAdd.dll (by HowSoft)  (f41864210daaabd04bd612b550bdc044)

1 / 68      (PUP)
howcodecsetup.exe  (f59256f4cd1fbca2e8d4d28d76171a87)

1 / 68      (PUP)
timeAdd.exe  (1fe909b57405e6de87a6f9e13ad7793c)

1 / 68      (PUP)
Kos_open.exe (Kos_open by Howsoft)  (26e519dd6f1df39dec2dfc5669f49655)

1 / 68      (PUP)
howcodecsetup.exe  (245a1486d56691ad5a167740d5ab52a9)

1 / 68      (PUP)
howcodecsetup.exe  (37decea1fe72b9e349b958e819bfff75)

4 / 68      (PUP)

1 / 68      (PUP)
HowcodecAd.dll  (1845fbc87adecdb8268b73b8f3120ea7)

12 / 68    (PUP)
timeAdd.exe  (c6b6ce72b32c5aa47d0bb8781478ca49)

5 / 68      (PUP)
timeAdd.exe  (09489b018f1054bda5dd969cd6633101)

26 / 68    (PUP)
downloadgetinstall.exe (by HowSoft)  (00bc80eb82db29563ca3cdb636c8b785)

6 / 68      (PUP)
Kos_open.exe (Kos_open by Howsoft)  (feaa4d0b3ed122a01f9078c478c83473)

2 / 68      (PUP)
FiledownActProj.ocx (FiledownActProj.ocx by CIPHER LOGIS)  (b5f4695d5d910d21a0f81a8aebcbd005)

34 / 68    (PUP)
howcodecopen.exe  (25f0a24765392181924118bf5b981a8f)

13 / 68    (PUP)
howcodec_unins.exe (by HowSoft)  (1a7333b3482a175699b802722fa99800)

3 / 68      (PUP)
howcodecopen.exe  (30a71a75b780b996ba692ef038bb6484)

15 / 68    (PUP)
kos_earchch.exe  (f30b36b6ad0a5d41d5892de02079847e)

18 / 68    (PUP)
kos_earchup.exe  (dac0e20b7596063c390d678601a508da)

7 / 68      (PUP)
Kos_SL.dll (by HowSoft)  (1b642eb868c2292f4e57698e90a82166)

9 / 68      (PUP)
79345.malware (by HowSoft)  (9a7c7e70612eb98a0fe075f4818a3285)

11 / 68    (PUP)
15898.malware (by HowSoft)  (62d581389872b27c9beba6d57f374cc3)

30 / 68    (PUP)
15895.malware (howcodec by HowSoft)  (55eb892f7dcdfd6d6f769564a0077eea)

2 / 68      (PUP)
howcodecband.dll (howcodecband.dll by HOW SOFT)  (97d65e1cf62f062d727be0cb81cfd472)

23 / 68    (PUP)
howcodechper.exe (howcodec by HowSoft)  (e92e8b70920e3b5f13c847699c115507)

2 / 68      (PUP)
HowcodecAd.dll  (a8803447bcf907ff16b1910c1ac53815)

 
Latest 30 of 44 files

The certificates below are also signed by HOW SOFT.

567C8147E85208EFCE0495C1D8AC015F  (Nov 28, 2011 to Jan 27, 2013)

3B9817FBE154B0346689E1852F9704A7  (Dec 16, 2010 to Dec 17, 2011)

Remove HOW SOFT Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to HOW SOFT by Thawte, Inc. on January 31, 2013 with the serial number '7ba3f775c5d05768f56f97039538592c'.