Hi there! Just wanted to give you the heads-up on suspicious file I found right now before having my lunch. The file is named FlashPlayer__6741_i1404957756_il13.exe and digitally signed by SVAN TRANS LLC.
You can also see the SVAN TRANS LLC certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, SVAN TRANS LLC is located in Kiev, Ukraine.
The issue is that FlashPlayer__6741_i1404957756_il13.exe is not an official Flash Player download. If it was, it would be digitally signed by Adobe Systems Incorporated, and not by some unknown company from Ukraine.
25% of the scanners detected the file. The FlashPlayer__6741_i1404957756_il13.exe file is detected as PUA.Amonetize! by Agnitum, Gen:Variant.Application.Jaik by F-Secure and PUP.Optional.Amonetize by Malwarebytes. Thanks to VirusTotal for the scan report.
Since some of the anti-virus programs detected the SVAN TRANS LLC file, I got curious and decided to test it to see what it installed. After stepping though the installer, Salus Net Protector, RocketTab and My Start Search were disclosed.
Did you also find an SVAN TRANS LLC? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.
Thanks for reading.