Category Archives: digital signature

Free-mium GmbH – 9% Detection Rate – Adware.Covus / DownloadGuide

digital signature,

Hello! Just a note on a publisher called Free-mium GmbH. The Free-mium GmbH download – vlc-media-player.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Free-mium GmbH? Was it also detected when you uploaded it to VirusTotal?

Free-mium GmbH publisher

By looking at the certificate we can see that Free-mium GmbH appears to be located in Berlin, Germany.

Free-mium GmbH cert

The scan result from VirusTotal below clearly shows why you probably should avoid the Free-mium GmbH file. The file is not the official VLC player, but detected under names such as Adware.Covus.6, a variant of Win32/DownloadGuide.D potentially unwanted, PUA.DownloadGuide and PE:Adware.DownloadGuide!1.A1DB [F].

Free-mium GmbH anti-virus report

If you want to download the official VLC player, you can do so from videolan.org.

Did you also find a file digitally signed by Free-mium GmbH? What kind of download was it and where did you find it?

Thank you for reading.

LLC “KIPER – SOFT” – 19% Detection Rate – PUP.Optional.Amonetize

digital signature

Hello! Just a short post on a publisher called LLC “KIPER – SOFT”. I just found a download  that was digitally by this publisher, and it turns out that it is detected by some anti-virus programs.

LLC KIPER - SOFT publisher

If you have a LLC “KIPER – SOFT” file on your computer you may have noticed that LLC “KIPER – SOFT” pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by COMODO RSA Code Signing CA. The company is located in Ukraine.

LLC KIPER - SOFT certificate

The scan result from VirusTotal below clearly shows why you should avoid the LLC “KIPER – SOFT” file. It is detected under names such as Generic.959, W32/Amonetize.AO.gen!Eldorado, PUP.Optional.Amonetize and Trojan.Win32.Amonetize.dytukr.

LLC KIPER SOFT anti-virus report

Did you also find a file digitally signed by LLC “KIPER – SOFT”? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thank you for reading.

DIGITAL PLUGIN S.L.U – 53% Detection Rate – SoftPulse / Mikey / AdPlugin

digital signature,

Hello! Just a short note on a publisher called DIGITAL PLUGIN S.L.U.

DIGITAL PLUGIN S.L.U publisher

You can also view the certificate by right-clicking on the file, and looking under the Digital Signature tab: According to the certificate we can see that DIGITAL PLUGIN S.L.U is located in Santa Cruz, Tenerife in Spain and that the certificate is issued by thawte SHA256 Code Signing CA.

DIGITAL PLUGIN S.L.U certificate

After uploading the DIGITAL PLUGIN S.L.U file – Setup(1).exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 53% and some of the detection names were: PUA.SoftPulse!, AdPlugin.FNB, Gen:Variant.Mikey.24388, Trojan.Domaiq.321, PUP.Optional.SoftPulse and HEUR/QVM11.1.Malware.Gen.

DIGITAL PLUGIN S.L.U anti-virus report

 

Did you also find a DIGITAL PLUGIN SLU file?

Thank you for reading.

LLC “TRUKONF SOFT” – 33% Detection Rate – AdLoad / PUP.Optional.Amonetize

digital signature, ,

Welcome! Just wanted to give you heads-up on suspicious file I found right now. The file is digitally signed by LLC “TRUKONF SOFT”.

LLC TRUKONF SOFT publisher

This is how it looks when double-clicking on the file and LLC “TRUKONF SOFT” appears as the publisher. Viewing the certificate information is also possible by looking under the digital signature tab for the file. Here the certificate says that LLC “TRUKONF SOFT” is located in Ukraine.

LLC TRUKONF SOFT certificate

The reason I’m writing this blog post is that the LLC “TRUKONF SOFT” file is detected by many of the antimalware progams at VirusTotal. VBA32 names it SScope.Trojan.Zbot.gen, Baidu-International detects the file as PUA.Win32.Amonetize.LI, Kaspersky calls it not-a-virus:Downloader.Win32.AdLoad.rppk, Sophos calls it Generic PUA JA (PUA), Panda reports PUP/Multitoolbar and Malwarebytes detects it as PUP.Optional.Amonetize.

LLC TRUKONF SOFT anti-virus report

Did you also find a LLC “TRUKONF SOFT” file?

Thank you for reading.

PremiumBeam (New Media Holdings Ltd.) – 15% Detection Rate – InstallCore

digital signature, ,

Hi there! Just a quick post today, since I’m busy working with the next release of FreeFixer. Did you see a file, such as vlc-media-player.exe, on your system signed by PremiumBeam (New Media Holdings Ltd.)? Then read on..

PremiumBeam (New Media Holdings Ltd.)

 

If you have a PremiumBeam (New Media Holdings Ltd.) file on your computer you may have noticed that PremiumBeam (New Media Holdings Ltd.) pops up as the publisher in the User Account Control dialog when running the file. The PremiumBeam (New Media Holdings Ltd.) certificate shows that the publisher is located in Tel Aviv, Israel.

These are the current VirusTotal detections for the file. PUP.Optional.InstallCore, HEUR/QVM06.1.Malware.Gen, Install Core Click run software (PUA), SScope.Malware-Cryptor.InstallCore and InstallCore (fs) as a few of the detection names for the vlc-media-player.exe file.

PremiumBeam New Media Holdings Ltd. anti-virus report

Did you also find a file signed by PremiumBeam (New Media Holdings Ltd.)? What kind of download was it and where did you find it?

Thanks for reading.

Adverts Technologies – 25% Detection Rate – PUP.Optional.Adverts / ToDownload

digital signature,

Hi there! Just a quick post on a file named mediaplayer_update.exe signed by Adverts Technologies.

Adverts Technologies publisher

You can also see the Adverts Technologies certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, Adverts Technologies is located in Moscow, Russia.

Adverts Technologies cert

The issue with the Adverts Technologies file is that it is detected by many of the antimalware progams. Here are some of the detection names: Generic.E4D, PUP.Optional.Adverts, HEUR/QVM06.1.Malware.Gen, InstallCore ToDownload (PUA), SAPE.InstallCore.2505, Trojan.Win32.Generic!BT and Adware.BrowseFox.Win32.128816.

Adverts Technologies anti-virus

Did you also find an Adverts Technologies? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

RUn apps fOrevEr Lld – 35% Detection Rate

digital signature, ,

Hi there! Just a quick post on a file named Medal Of Honour PC Game Full version Free Download.exe signed by RUn apps fOrevEr Lld.

The following screenshot shows the User Account Control dialog when running the RUn apps fOrevEr Lld file:

RUn apps fOrevEr Lld publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the RUn apps fOrevEr Lld certificate.

RUn apps fOrevEr Lld cert

The VirusTotal report shows that the RUn apps fOrevEr Lld file should be avoided, since Medal Of Honour PC Game Full version Free Download.exe is detected as Trojan.OutBrowse.1613 by DrWeb, Downloader.AAPP by AVG, SoftwareBundler:Win32/Outbrowse by Microsoft, OutBrowse by VIPRE and HEUR/QVM42.0.Malware.Gen by Qihoo-360.

RUn apps fOrevEr Lld anti-virus report

Did you also find a file that was digitally signed by RUn apps fOrevEr Lld? What kind of download was it and was it reported by the anti-malware scanners at VirusTotal? Please share by posting a comment.

Thanks for reading.

SaFE clIck LoL – 36% Detection Rate

digital signature, ,

Welcome! Just wanted to give you the heads up on files digitally signed by SaFE clIck LoL.

SaFE clIck LoL publisher

You will also see SaFE clIck LoL listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file: It’s possible to view additional information about the embedded certificate by right-clicking on the file, choosing properties and then clicking on the Digital Signatures tab. According to the certificate we can see that SaFE clIck LoL appears to be located in Dublin, Ireland and that the certificate is issued by thawte SHA256 Code Signing CA.

SaFE clIck LoL cert

The problem with the SaFE clIck LoL file is that it is detected by many of the antimalware scanners. Here are some of the detection names: Downloader.AAPP, PUA/Outbrowse.Gen, SoftwareBundler:Win32/Outbrowse and OutBrowse.

SaFE clIck LoL anti-virus report

Did you also find an SaFE clIck LoL? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

ClIck to StaRt – 24% Detection Rate – OutBrowse

digital signature, ,

Hello readers! Just a quick post on a publisher called ClIck to StaRt that I found while running some tests for the upcoming FreeFixer release. The suspicious file is named Animal Porn On Android.exe.

The following screenshot shows the User Account Control dialog when running the ClIck to StaRt file:

ClIck to StaRt publisher

To get more details on the publisher, you can view the certificate by right-clicking on the file, and looking under the Digital Signatures tab.. The screenshot below shows the Click to StaRt certificate. From the certificate info we can see that ClIck to StaRt appears to be located in Dublin, Ireland.

ClIck to StaRt certificate

The reason I’m writing this blog post is that the ClIck to StaRt file is detected by many of the anti-virus software at VirusTotal. AVG reports Luhe.Fiha.A, McAfee reports Adware-OutBrowse.h, Avast names Animal Porn On Android.exe as Win32:Malware-gen, ClamAV detects it as Win.Adware.Outbrowse-1167 and DrWeb detects it as Trojan.OutBrowse.1694.

ClIck to StaRt anti-virus report

Did you also find a ClIck to StaRt file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

BoxI DJV – 49% Detection Rate – OutBrowse / Downloader.YVA / W32.HfsAdware

digital signature,

Hi there! Ran into a BoxI DJV file about a week ago, but decided not to blog about it since I got the schedule full with other things. I’m currently working on improving the freefixer.com web site with some new features.

However, I changed my mind today about BoxI DJV since there currently a large number of files being distributed with the BoxI DJV signature. And since the Boxl DJV file is detected by many of the anti-virus programs out there I wanted to give you the heads up with a short blog post about it. Here’s BoxI DJV listed as the verified publisher:

BoxI DJV

You can see who the signer is when double-clicking on an executable file. BoxI DJV appears in the publisher field in the dialog that pops up. The certificate is issued by thawte SHA256 Code Signing CA.

Here’s the detections from VirusTotal for BoxI DJV:

BoxI DJV anti-virus report

The detection rate is 26/53. The Moborobo.exe file is detected as OutBrowse by VIPRE, Riskware/OutBrowse by Fortinet, PUA.Boxidjv1.Gen by CAT-QuickHeal, Trojan.OutBrowse.1215 by DrWeb, Downloader.YVA by AVG, W32.HfsAdware.9EC9 by Bkav and SAPE.Heur.BB351 by Symantec.

Did you also find a file digitally signed by BoxI DJV? What kind of download was it and where did you find it?

Thanks for reading.