» twc_antiphishingd.sys
Overview
Analysis
File Details
Programs (1)

twc_antiphishingd.sys

TWC Anti-Phishing Domain Advisor (Powered by Panda Security)

Visicom Media Inc.

This is part of the Visicom VMN web browser toolbar and extension that will modify the browser's default search provider, DNS, and home page functions. The file twc_antiphishingd.sys by Visicom Media has been detected as a potentially unwanted program by 1 anti-malware scanner with very strong indications that the file is a potential threat. This file is typically installed with the program TWC Anti-Phishing Domain Advisor by Time Warner Cable Enterprises LLC..

File name:

Publisher:

Time Warner Cable Enterprises LLC. (signed by Visicom Media Inc.)

Product:

TWC Anti-Phishing Domain Advisor (Powered by Panda Security)

Version:

2, 0, 0, 0

MD5:

36af90f7c6a4b3b043fcbd521baa81a4

SHA-1:

d4499db7e3de8ac768ae61cf8dc1460e06387dd5

SHA-256:

7b03f67c0e357584956f981d157ddd85c394724288742691f24c69352d6cf011

Scanner detections:

1 / 68

Status:

Potentially unwanted

Note:

Our current pool of anti-malware engines have not currently detected this file, however based on our own detection heuristics we feel that this file is unwanted.

Analysis date:

11/14/2024 3:11:27 PM UTC (today)

Scan engine

Detection

Engine version

Reason Heuristics

PUP.Visicom.VisicomMedia

15.6.1.18

File size:

49.1 KB (50,264 bytes)

Product version:

2.0

File type:

Driver (Win64 SYS)

Language:

English (United States)

Common path:

C:\ProgramData\application data\twc anti-phishing domain advisor\twc_antiphishingd.sys

Digital Signature

Signed by:

Visicom Media Inc.

Authority:

GlobalSign nv-sa

Valid from:

11/8/2013 6:44:29 AM

Valid to:

11/9/2014 6:44:29 AM

Subject:

E=sysadmin@vmn.net, CN=Visicom Media Inc., O=Visicom Media Inc., L=Brossard, S=Quebec, C=CA

Issuer:

CN=GlobalSign CodeSigning CA - G2, O=GlobalSign nv-sa, C=BE

Serial number:

11211539982821E53DCB554103CE4CFB4C45

File PE Metadata

Compilation timestamp:

6/23/2014 8:34:06 AM

OS version:

6.2

OS bitness:

Win64

Subsystem:

Native (none required)

Linker version:

11.0

CTPH (ssdeep):

768:Qj3vOPpVb/3dPo9Ib1qLV05xNtdVn4hx4tVGafmxJlC52rmbO24rm7gQPrI9VC:QbKfVoKbR4H4Cm52rmqYPeVC

Entry address:

0xC070

Entry point:

48, 89, 5C, 24, 08, 57, 48, 83, EC, 20, 48, 8B, DA, 48, 8B, F9, E8, 83, FF, FF, FF, 48, 8B, D3, 48, 8B, CF, 48, 8B, 5C, 24, 30, 48, 83, C4, 20, 5F, E9, 6E, 4F, FF, FF, CC, CC, 80, C2, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 8C, C6, 00, 00, 90, 91, 00, 00, 40, C1, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, DC, CA, 00, 00, 50, 90, 00, 00, F0, C0, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, D4, CB, 00, 00, 00, 90, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00, 00... 
[+]

Entropy:

6.2970

Code size:

34 KB (34,816 bytes)

The file twc_antiphishingd.sys has been discovered within the following program.

TWC Anti-Phishing Domain Advisor by Time Warner Cable Enterprises LLC.

About 6% of users remove it

Remove twc_antiphishingd.sys - Powered by Reason Core Security

herdProtect is a second line of defense malware removal platform powered by 68 anti-malware engines in the cloud. Since no single anti-malware program is perfect 100% of the time, herdProtect utilizes a 'herd' of multiple engines to guarantee the widest coverage and the earliest possible detection.