EbizNetWorks - 20% Detection Rate *

Did you just find a download or a file on your computer that has a digital signature from EbizNetWorks? Some of the security products refers to the detected files as Trojan.Adkor.194 and W32.HfsAdware.17FE. The detection rate for the EbizNetWorks files collected here is 20%. Please read on for more details.

You will probably notice EbizNetWorks when double-clicking to run the file. The publisher name is then displayed as the "Verified publisher" in the UAC dialog as the screengrab shows:

Screenshot where EbizNetWorks appears as the verified publisher in the UAC dialog

You can view the additional details from the EbizNetWorks digital signature with the following steps:

Open Windows Explorer and locate the EbizNetWorks file
Right-click the file and select Properties
Click the Digital Signatures tab
Click the View Certificate button

Here's a screenshot of a file digitally signed by EbizNetWorks:

Screenshot of the EbizNetWorks certificate

As you can see in the screenshot above, Windows reports that "This digital signature is OK". This implies that the file has been published by EbizNetWorks and that no one has tampered with the file.

If you click the View Certificate button shown in the screenshot above, you can see all the details of the certificate, such as when it was issued, who issued the certificate, how long it is valid, etc. You can also see the address for EbizNetWorks, such as the street name, city and country.

VeriSign Class 3 Code Signing 2010 CA, Symantec Class 3 SHA256 Code Signing CA and GlobalSign Extended Validation CodeSigning CA - SHA256 - G3 has issued the EbizNetWorks certificates. You can also view the details of the issuer by clicking the View Certificate button shown in the screengrab above.

EbizNetWorks Files

These are the EbizNetWorks files I've collected, thanks to the FreeFixer users.

Detection Ratio	File Name
6/57	AnCamCorder_UpdateVer_3.4.2.exe
4/54	ksmodule.dll
3/56	Cheonseo_favorites_starzip_n.exe
3/56	Cheonseo_favorites_ancam_nu.exe
8/55	ancamcorder_custom_simfile_3.0.exe
12/56	AnCamera3.0_LiteUP_Hide_Setup.exe
26/55	AnCamCorder_UpdateVer_3.3.3.exe
4/56	anca_lotto_bacon.exe
13/54	AntoolsUpdate_SetUp.exe
6/55	Cheonseo_favorites_starsee_n.exe
13/56	AnCamera_Setup_Lite.exe
37/65	AnTools_v3.5.exe
12/65	dtlite_update_150803.exe

Scanner and Detection Names

Here is the detection names for the EbizNetWorks files. I've grouped the detection names by each scanner engine. Thanks to VirusTotal for the scan results.

Scanner	Detection Names
AVG	Collected_c.BOKQ, Generic7.GQP, Generic.B39, Win32:Adware-gen [Adw]
AVware	Trojan.Win32.Generic!BT
AegisLab	Troj.Downloader.W32.Generic!c, Adwareare.Adware.Gen!c, Adwareare.Nieguide.Gen!c
Agnitum	PUA.Agent!
AhnLab-V3	PUP/Win32.BHO, PUP/Win32.EzSearch
Antiy-AVL	GrayWare[Downloader:not-a-virus]/Win32.Adload.gen, GrayWare[Downloader]/Win32.Adload.gen
Arcabit	Adware.Generic.D1D627B2
Avast	Win32:Adware-gen [Adw]
Avira	ADWARE/Adware.Gen, ADWARE/Nieguide.484560.1, ADWARE/Nieguide.jwpre, TR/Adkor.kgobo
BitDefender	Adware.GenericKD.30812082
Bkav	W32.HfsAdware.17FE
CAT-QuickHeal	Trojan.Niguide, PUA.Ebiznetwor1.Gen
Cyren	W32/Adware.BPTJ-2917, W32/Adware.YLBY-0955
DrWeb	Trojan.Adkor.194, Trojan.Adkor.290, Trojan.Adkor.449
ESET-NOD32	a variant of Win32/Adware.Nieguide.AE, a variant of Win32/Adware.Nieguide.AF
Emsisoft	Adware.GenericKD.30812082 (B)
Endgame	malicious (moderate confidence)
F-Secure	Adware.GenericKD.30486001, Trojan.TR/Adkor.kgobo
Fortinet	Riskware/Nieguide, W32/Snojan.EWPD!tr
GData	Win32.Application.Agent.MXY3T5, Win32.Application.Agent.SF3JZB
Ikarus	Win32.SuspectCrc, Win32.AdWare, not-a-virus:AdWare.Win32.EzSearch, PUA.Nieguide
Jiangmin	Downloader.Snojan.ax
K7AntiVirus	Adware ( 004d8e371 ), Adware ( 004d9d6f1 )
K7GW	Adware ( 004d8e371 ), Adware ( 004d9d6f1 )
Kaspersky	not-a-virus:Downloader.Win32.Snojan.ewpd
MAX	malware (ai score=98)
Malwarebytes	Adware.KorAd, Rogue.Ebiz.K
McAfee	Artemis!2DAD6135F6AB, Artemis!4FDBB9E31F59, Artemis!18181FC0C7B8, Artemis!FCE2CB65DB21, Artemis!344D13FD0FDD, Artemis!ADC839889627, Artemis!EBB686F9ECD6
McAfee-GW-Edition	BehavesLike.Win32.Suspicious.dc, BehavesLike.Win32.BadFile.dc, BehavesLike.Win32.BadFile.tc, BehavesLike.Win32.Trojan.bc, BehavesLike.Win32.Trojan.tc, Artemis!PUP, PUP-FKZ, Artemis
MicroWorld-eScan	Adware.GenericKD.30812082
Microsoft	PUA:Win32/Niguide
NANO-Antivirus	Riskware.Win32.MLW.dmuoib, Trojan.Win32.Adkor.elyxkn
Paloalto	generic.ml
Panda	Trj/CI.A
Qihoo-360	HEUR/QVM42.0.Malware.Gen, Win32/Virus.Downloader.da6
Rising	PE:Malware.Generic(Thunder)!1.A1C4 [F], Trojan.Win32.Generic.19A1C1AD (C64:YzY0Og0Vm3b0g0Cy)
Sophos	Generic PUA IO (PUA), Generic PUA DO (PUA), Generic PUA CM (PUA)
Symantec	Suspicious.Cloud.9, PUA.Gen.2
Tencent	Win32.Risk.Adware.Dwjo
TrendMicro	ADW_DOWNARE, TROJ_GEN.R007C0OEM18
TrendMicro-HouseCall	ADW_DOWNARE, TROJ_GEN.R007C0OEM18
VBA32	suspected of Trojan.Downloader.gen.h, BScope.Trojan.Adkor, Trojan.Adkor
VIPRE	Trojan.Win32.Generic!SB.0, Trojan.Win32.Generic!BT
ViRobot	Adware.Agent.1182504[h], Adware.Nieguide.2161880
Yandex	PUA.Downloader!
Zillya	Adware.OutBrowse.Win32.75816, Trojan.AdkorCRTD.Win32.1315, Trojan.AdkorCRTD.Win32.964, Trojan.AdkorCRTD.Win32.562
ZoneAlarm	not-a-virus:Downloader.Win32.Snojan.ewpd
nProtect	Trojan/W32.Badur.813920

* How the Detection Percentage is Calculated

The detection percentage is based on the fact that I've collected 740 scan results for the EbizNetWorks files. 147 of these scan reports came up with some sort of detection. You can review the full details of the scan reports by examining the files listed above.

Analysis Details

In the analysis on this page I grouped all certificates where the signer name is set to upper and lower case variants of EbizNetWorks. These are the signer names:

EbizNetWorks - 20% Detection Rate *

EbizNetWorks Files

Scanner and Detection Names

* How the Detection Percentage is Calculated

Analysis Details

Comments

Leave a reply