torangcommunications

Publisher Information

torangcommunications is a software publisher located in kangnam, Seoul in Korea*. The company is a primary distributor of unwanted software. Thre are 2 additional code signing certificates issued to this publisher.
Remove torangcommunications Malware - Powered by Reason Core Security
Authority:
Thawte, Inc.

Valid from:
4/19/2013 9:00:00 AM

Valid to:
5/20/2014 8:59:59 AM

Subject:
CN=torangcommunications, O=torangcommunications, L=kangnam, S=seoul, C=KR

Issuer:
CN=Thawte Code Signing CA - G2, O="Thawte, Inc.", C=US

Serial number:
09827727bdb71cf128b5aeb47ce2c8ea

Scanner detections:
Detections  (100% detected)

Scan engine
Details
Detections

Reason Heuristics
PUP.Installer.torangcommunications.T, PUP.Startup.torangcommunications.O, PUP.torangcommunications.P, PUP.torangcommunications.K, PUP.torangcommunications (M), PUP.torangcommunications.Installer (M)
100.00%

Trend Micro House Call
ADW_KRADDARE, TROJ_GEN.F47V0106, TROJ_GEN.F47V1115, TROJ_GEN.F47V0417, TROJ_GEN.F47V0424, TROJ_GEN.F47V0513, Suspicious_GEN.F47V0610
46.15%

AhnLab V3 Security
PUP/Win32.WindViewer, PUP/Win32.Adware, Adware/Win32.BHO, PUP/Win32.Addendum, PUP/Win32.WindoSearch, PUP/Win32.WindoGuide
38.46%

Vba32 AntiVirus
suspected of Trojan.Downloader.gen.h
38.46%

McAfee
Artemis!5DCF84784F9A, Artemis!A14ACAC82FBE, Artemis!DEDDBA17B303, Artemis!94127B3B732E, Artemis!361504487151, Artemis!050A1C1F88F9
23.08%

McAfee Web Gateway
Artemis!5DCF84784F9A, Artemis!A14ACAC82FBE, Artemis!DEDDBA17B303, Artemis!361504487151
23.08%

VIPRE Antivirus
Trojan.Win32.Generic, Backdoor.Win32.Ircbot.gen, Trojan.Adclicker
23.08%

nProtect
Adware/W32.KrAdword.200264, Adware/W32.Agent.86088, Adware/W32.KrAdword.193096, Adware/W32.KrAdword.139848
19.23%

F-Prot
W32/Themida_Packed
19.23%

Trend Micro
ADW_KRADDARE
15.38%

1 / 68      (Adware)
windvo_uninstall.exe  (2d7f9be71ea9c03eec3f4387c61cb2ca)

1 / 68      (Adware)
windvo.dll  (9eb93a5212ec9bbd36f2fdca5b380189)

1 / 68      (Adware)
windvo_uninstall.exe  (7912c810d5a1c15183ba45e27b6df8ee)

1 / 68      (Adware)
windvo.dll  (76b4df95e5e1808a597f4593177da008)

1 / 68      (Adware)
windvo_uninstall.exe  (2c4cd218012095b3c779bd69fc5d50e5)

1 / 68      (Adware)
windvo.dll  (774a74bbf5318ee9350a98c7308546a9)

1 / 68      (Adware)
windvo.dll  (4a3141834873e713a21523233252cee3)

1 / 68      (Adware)
windvou.dll  (141cf7d777174139bc85136441a888df)

7 / 68      (Adware)
windviewerdesk.exe  (050a1c1f88f993621643d1f59708784b)

11 / 68    (Adware)
windschtmp_3579  (3feed166f981fb05bb3b7dba631dc22a)

21 / 68    (Adware)
windvieweragent.exe  (3615044871514b0d95fc3083590abe06)

16 / 68    (Adware)
windgdo_uninstall.exe  (94127b3b732e56806f5c4250ca6f249b)

9 / 68      (Adware)
setup_wsc.exe  (deddba17b3030feb87d6577156318e94)

12 / 68    (Adware)
windsch_uninstall.exe  (68600902427c5b4aeaf75b24d7a2119a)

5 / 68      (Adware)
setup_wsx001_silent.exe  (13f3a073aed42b1f72be047d4a66d181)

5 / 68      (Adware)
windsch.dll  (738e81baed63d592e82f2b54cfee7496)

2 / 68      (Adware)
windosearch.dll  (1421ada51ce734e330d2cefd0cba5529)

2 / 68      (Adware)
windosearch.exe  (990b8be1fa0162b289566b65d2acd54e)

2 / 68      (Adware)
windosearchagent.exe  (ea4bb81c0cc0405594e6ae94f80c12a9)

2 / 68      (Adware)
windosearchdesk.exe  (107634868d3f9b32e91e4db2bb785564)

2 / 68      (Adware)
setup_nid006_silent.exe  (a5025a00246d686a4f4ee51c67b95975)

5 / 68      (Adware)
windviewer.dll  (c768cc544115822b3a1e871008679c5f)

7 / 68      (Adware)
windviewer.exe  (748d558795272dec0470987bc90a9824)

9 / 68      (Adware)
windvieweragent.exe  (a14acac82fbe3e90b405bfe5c9d416ba)

4 / 68      (Adware)
windviewerdesk.exe  (7c70fc37c9dc45a76099c1b2c8062cec)

10 / 68    (Adware)
setup_nid006_silent.exe  (5dcf84784f9a6fe72c8326d1eb379c05)

The certificates below are also signed by torangcommunications.

4B8FEA32F931A6055DD3A6FBD2EFA432  (Mar 13, 2012 to Apr 13, 2013)

52ACAB754DEC6C8A2B35197339CD05F8  (Mar 08, 2010 to Mar 08, 2012)

The following publishers (by Authenticode signature organization name) are related.

Remove torangcommunications Malware - Powered by Reason Core Security
* Note, the details and description above are based on the code signing digital signature issued to torangcommunications by Thawte, Inc. on April 19, 2013 with the serial number '09827727bdb71cf128b5aeb47ce2c8ea'.