Welcome! Just a quick post on a publisher called Edward Kosar that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named “How I Met Your Mother S09E22 HDTV x264-KILLERS[ettv].exe”.
The certificate is issued by Certum Code Signing CA. According to the cert, Edward Kosar is located in Ukraine.
So, why did I put up this blog post? Well, the thing is that the Edward Kosar file is detected by many of the scanners, according to VirusTotal. F-Prot classifies How I Met Your Mother S09E22 HDTV x264-KILLERS[ettv].exe as W32/S-e70371e2!Eldorado, Kaspersky reports not-a-virus:AdWare.Win32.MultiPlug.oaqy, McAfee detects it as MultiPlug-FTW, Panda classifies it as Trj/Genetic.gen and VBA32 reports suspected of Heur.Malware-Cryptor.Multiplug.
Did you also run into a file that was digitally signed by Edward Kosar? What kind of download was it and was it detected by the anti-viruses at VirusTotal? Please share in posting comments below.
Thank you for reading.
This just happened to me, I was trying to download Nicki Minaj’s album “The Pinkprint” and Edward Kosar came up as the verified publisher. I did exactly what you did and looked at the certificate details before looking up “Edward Kosar” and finding this post. I obviously didn’t finish downloading it, I don’t want anything to do with Mr Kosar! Really though, how shady!