» twc_tb_ie_1111.exe
Overview
Analysis
File Details
Downloads (1)

twc_tb_ie_1111.exe

Road Runner HoldCo LLC

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The application twc_tb_ie_1111.exe by Road Runner HoldCo has been detected as adware by 2 anti-malware scanners. The file has been seen being downloaded from outwi1.twc.com.edgesuite.net.

File name:

twc_tb_ie_1111.exe

Publisher:

Visicom Media Inc. (signed by Road Runner HoldCo LLC)

Version:

1, 0, 0, 20

MD5:

36d702ec05db05aded517e5b08ca9b2b

SHA-1:

ecf0dffa6b96cacd6111456f30874eaa6e2d6813

SHA-256:

e5ba2cce34a635ae7b8d85a5f28859362730278a9a558edb094a8bb1e9620a79

Scanner detections:

2 / 68

Status:

Adware

Analysis date:

4/24/2024 1:50:52 PM UTC (today)

Scan engine

Detection

Engine version

IKARUS anti.virus

Trojan-PSW.Win32.Minari

t3scan.1.8.3.0

Reason Heuristics

PUP.RoadRunnerHoldCo.O

14.11.18.13

File size:

323.4 KB (331,176 bytes)

Product version:

1, 0, 0, 20

File type:

Executable application (Win32 EXE)

Language:

English (United States)

Common path:

C:\users\{user}\appdata\local\microsoft\windows\inetcache\content.ie5\qbyxrfy2\twc_tb_ie_1111.exe

Digital Signature

Signed by:

Road Runner HoldCo LLC

Authority:

VeriSign, Inc.

Valid from:

11/12/2013 7:00:00 PM

Valid to:

12/18/2014 6:59:59 PM

Subject:

CN=Road Runner HoldCo LLC, OU=Digital ID Class 3 - Microsoft Software Validation v2, OU=Herndon, O=Road Runner HoldCo LLC, L=Herndon, S=Virginia, C=US

Issuer:

CN=VeriSign Class 3 Code Signing 2010 CA, OU=Terms of use at https://www.verisign.com/rpa (c)10, OU=VeriSign Trust Network, O="VeriSign, Inc.", C=US

Serial number:

0915AD02E705A856F4BA27B68C57BB96

File PE Metadata

Compilation timestamp:

9/17/2014 10:45:18 AM

OS version:

5.0

OS bitness:

Win32

Subsystem:

Windows GUI

Linker version:

9.0

CTPH (ssdeep):

6144:pldiKb4WhLyGOAkzfnM06pw3daNpY2/fz/U6anLOG:pldRbdjAVAw3SzcNOG

Entry address:

0x3D50

Entry point:

E8, D6, 2A, 00, 00, E9, 79, FE, FF, FF, 8B, FF, 55, 8B, EC, 5D, E9, 0D, 03, 00, 00, 3B, 0D, 54, 01, 42, 00, 75, 02, F3, C3, E9, 4D, 2B, 00, 00, 8B, FF, 55, 8B, EC, 8B, 45, 08, 56, 8B, F1, C6, 46, 0C, 00, 85, C0, 75, 63, E8, 99, 27, 00, 00, 89, 46, 08, 8B, 48, 6C, 89, 0E, 8B, 48, 68, 89, 4E, 04, 8B, 0E, 3B, 0D, 68, 07, 42, 00, 74, 12, 8B, 0D, 84, 06, 42, 00, 85, 48, 70, 75, 07, E8, A5, 35, 00, 00, 89, 06, 8B, 46, 04, 3B, 05, 88, 05, 42, 00, 74, 16, 8B, 46, 08, 8B, 0D, 84, 06, 42, 00, 85, 48, 70, 75, 08, E8... 
[+]

Entropy:

6.9920

Code size:

84.5 KB (86,528 bytes)

The file twc_tb_ie_1111.exe has been seen being distributed by the following URL.

http://outwi1.twc.com.edgesuite.net/toolbar/benefits/benefit/.../TWC_TB_IE_1111.exe

Remove twc_tb_ie_1111.exe - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.