home

twc_antiphishingd.sys

TWC Anti-Phishing Domain Advisor (Powered by Panda Security)

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file twc_antiphishingd.sys by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. It runs as a Windows kernel mode device driver named “twc_antiphishingd driver”.
Publisher:
Time Warner Cable Enterprises LLC.  (signed by Visicom Media Inc.)

Product:
TWC Anti-Phishing Domain Advisor (Powered by Panda Security)

Version:
2, 0, 0, 0

MD5:
2743b738c8a7c6f771d941a694b5f10a

SHA-1:
379e27608e49e32de9bfdae3408f504e684230e3

SHA-256:
a4c5284e9df5916c84e14a8657d3c1db6ae2e45b99381f2c94f028628eff7c04

Scanner detections:
1 / 68

Status:
Potentially unwanted

Note:
Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:
11/14/2024 2:45:30 PM UTC  (today)

Scan engine
Detection
Engine version

Reason Heuristics
PUP.Visicom
15.2.2.17

File size:
41.1 KB (42,072 bytes)

Product version:
2.0

Copyright:
(C) 2014 Time Warner Cable Enterprises LLC.

File type:
Driver (Win32 SYS)

Language:
English (United States)

Common path:
C:\ProgramData\twc anti-phishing domain advisor\twc_antiphishingd.sys

Digital Signature
Signed by:
Visicom Media Inc.

Authority:
GlobalSign nv-sa

Valid from:
11/8/2013 9:44:29 AM

Valid to:
11/9/2014 9:44:29 AM

Subject:
E=sysadmin@vmn.net, CN=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:
CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:
11211539982821E53DCB554103CE4CFB4C45

File PE Metadata
Compilation timestamp:
6/23/2014 11:27:27 AM

OS version:
6.2

OS bitness:
Win32

Subsystem:
Native (none required)

Linker version:
11.0

CTPH (ssdeep):
768:VlCzZ8ndub490yQv1oOv1QP2BwswubrsGFqbMvDo6pBrmr7ZgQPrIN:VIqnQtfv1oO9QsR5bPcbWk6A7NPe

Entry address:
0xA06A

Entry point:
8B, FF, 55, 8B, EC, E8, 92, FF, FF, FF, 5D, E9, 8C, 6F, FF, FF, CC, CC, CC, CC, CC, CC, 8B, FF, 55, 8B, EC, 83, EC, 14, 53, 8D, 45, EC, 56, 89, 45, FC, B8, 00, 00, 00, 00, 8B, 75, FC, 33, DB, 33, C9, 33, D2, 0F, A2, 89, 06, 89, 5E, 04, 89, 4E, 08, 89, 56, 0C, 83, 7D, EC, 00, 75, 04, 32, C0, EB, 44, 81, 7D, F4, 6E, 74, 65, 6C, 74, 12, 81, 7D, F4, 63, 41, 4D, 44, 74, 09, 81, 7D, F4, 61, 75, 6C, 73, 75, E1, 8D, 45, EC, 89, 45, FC, B8, 01, 00, 00, 00, 8B, 75, FC, 33, DB, 33, C9, 33, D2, 0F, A2, 89, 06, 89, 5E...
 
[+]

Entropy:
6.6781

Code size:
28 KB (28,672 bytes)

Driver
Display name:
twc_antiphishingd driver

Service name:
twc_antiphishingd

Type:
Kernel device driver (KernelDriver)


Remove twc_antiphishingd.sys - Powered by Reason Core Security
herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.