Category Archives: digital signature

Vladimir Suvorov – 46% Detection – InstalleRex / MPlug / MultiPlug

digital signature,

Hi there! Just a note on a publisher called Vladimir Suvorov. The Vladimir Suvorov download – Download Uc Browser V Handler Zip.exe – was detected when I uploaded it to VirusTotal. Did you also find a download by Vladimir Suvorov? Was it also detected when you uploaded it to VirusTotal?

Here how Vladimir Suvorov appears in the UAC dialog when double-clicking on the Download Uc Browser V Handler Zip.exe file:

Vladimir Suvorov publisher

The certificate is issued by Certum Code Signing CA and mr. Suvorov is located in Poland:

Vladimir Suvorov certum Vladimir Suvorov certificate

The problem with the Vladimir Suvorov file is that it is detected by many of the anti-viruses. Here are some of the detection names: Generic6.BRAN, W32/S-a2e0b166!Eldorado, Gen:Variant.Adware.MPlug, SoftwareBundler:Win32/InstalleRex and MultiPlug (v).

Vladimir Suvorov anti-virus report

Did you also find a Vladimir Suvorov file?

Thank you for reading.

Taras Lapin – 16% Detection Rate According to VirusTotal

digital signature,

Hi there! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called Taras Lapin.

Taras Lapin publisher

If you have a Taras Lapin file on your machine you may have noticed that Taras Lapin is displayed as the publisher in the UAC dialog when double-clicking on the file.

Taras Lapin certificate

The certificate is issued by Certum Code Signing CA.

Taras Lapin certum

9 of the scanners detected the file. Some of the detection names for the Download Uc Browser V Handler Zip.exe file are Trojan.Crossrider1.45643, PUA.Multiplug, Multiplug-FAJ and MultiPlug (v).

Taras Lapin anti-virus report

Did you also find an Taras Lapin? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

MICHAIL SUDAREV – 16% Anti-Virus Detection Rate

digital signature

Hello readers! Did you just find a file that’s digitally signed by MICHAIL SUDAREV and came here to find more about it?

MICHAIL SUDAREV publisher

Windows will display MICHAIL SUDAREV as the publisher when running the file. The certificate is issued by Certum Code Signing CA.

MICHAIL SUDAREV SPD CGISOFT ltd. certificate

The cert mentions SPD CGISOFT ltd. Certum Trusted Network CA is the root in the certificate chain:

MICHAIL SUDAREV Certum

So, what does the anti-virus programs say about the MICHAIL SUDAREV file? No problem, I just uploaded the file to VirusTotal and it turned out that some of the anti-virus programs detects the MICHAIL SUDAREV file, with names such as Win32:Evo-gen [Susp], TR/Crypt.XPACK.Gen, SoftwareBundler:Win32/InstalleRex and MultiPlug (v).

MICHAIL SUDAREV anti-virus report

Did you also find a MICHAIL SUDAREV download? What kind of download was it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thank you for reading.

Roman Ershov – 18% Detection Rate Says VirusTotal

digital signature,

Welcome! Just wanted to give you the heads up on files digitally signed by Roman Ershov.

Roman Ershov pop up

The certificate is issued by Certum Code Signing CA. Mr Ershov appears to be located in Russia.

Roman Ershov certificate

The reason I’m writing this blog post is that the Roman Ershov file is detected by many of the anti-malware progams at VirusTotal. Avast classifies Download.exe as Win32:FakeDownload-G [PUP], Avira names it TR/Crypt.XPACK.Gen, Microsoft classifies it as SoftwareBundler:Win32/InstalleRex and VIPRE classifies it as MultiPlug (v).

Roman Ershov anti-virus report

Did you also find a Roman Ershov file? What kind of download was it?

Thanks for reading.

Ostap Hohlov – 39% Detection Rate – MultiPlug / MPlug / InstalleRex

digital signature,

Hello! Just wanted to give you the heads up on files digitally signed by Ostap Hohlov.

Ostap Hohlov publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Ostap Hohlov certificate.

Ostap Hohlov certificate

The problem with the Ostap Hohlov file is that it is detected by many of the anti-malware progams. Here are some of the detection names: Win32:FakeDownload-G [PUP], Gen:Variant.Adware.MPlug.62, PUP.Optional.MultiPlug, SoftwareBundler:Win32/InstalleRex and MultiPlug (v).

Ostap Hohlov anti-virus report

Did you also run into a download that was digitally signed by Ostap Hohlov? What kind of download was it and was it detected by the anti-malwares at VirusTotal? Please share by posting a comment.

Thank you for reading.

Oleg Odincov – VirusTotal Reports “MultiPlug”

digital signature,

Hello readers! Just a quick post on a publisher called Oleg Odincov that I found while running some tests for the upcoming FreeFixer release.

Here how Oleg Odincov appears in the UAC dialog when double-clicking on the file:

Oleg Odincov publisher

I’m still waiting on the results from VirusTotal, but it sure looks like another variant of the unwanted MultiPlug software.

Oleg Odincov certificate

Did you also find an Oleg Odincov? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Normands, LLC – Detected as Terkcop and MultiPlug

digital signature

Hello readers! I was playing around and testing some downloads when I found a file signed by Normands, LLC.

This is how Normands, LLC appears when running the file:

Normands LLC publisher

The certificate is issued by GlobalSign CodeSigning CA – SHA256 – G2. Normands seems to be located in Ukraine.

Normands, LLC certificate

21 of the scanners detected the file. The Download Uc Browser V Handler Zip.exe file is detected as Win32:FakeDownload-G [PUP] by Avast, Gen:Variant.Adware.Terkcop.32 by BitDefender, HW32.Packed.D625 by Bkav, a variant of Win32/Adware.MultiPlug.NI by ESET-NOD32, W32/S-a467db7e!Eldorado by F-Prot, Gen:Variant.Adware.Terkcop by F-Secure and Trojan.Win32.WebPick.dujvsa by NANO-Antivirus.

Normands, LLC anti-virus report

Did you also find an Normands, LLC? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Vladislav Mastenko – 38% Detection – Terkcop / MultiPlug

digital signature,

Welcome! Just a short note on a publisher called Vladislav Mastenko.

Vladislav Mastenko publisher

If you have a Vladislav Mastenko file on your computer you may have noticed that Vladislav Mastenko pops up as the publisher in the User Account Control dialog when running the file. To view more information about the embedded certificate you can right-click on the file, then choose Properties and then select the Digital Signatures tab. According to the certificate we can see that Vladislav Mastenko seems to be located in Ukraine and that the certificate is issued by DigiCert Assured ID Code Signing CA-1.

Vladislav Mastenko cert

I decided to upload the Vladislav Mastenko file to VirusTotal. Currently, the detection rate is 21/56. Gen:Variant.Adware.Terkcop.32, Win32:FakeDownload-G [PUP], Gen:Variant.Adware.Terkcop.32 and a variant of Win32/Adware.MultiPlug.NI are some of the detection names.

Vladislav Mastenko virustotal

Did you also find a file digitally signed by Vladislav Mastenko? What kind of download was it and where did you find it?

Thanks for reading.

SAfe downlOAd gtL – 52% Detection Rate – Outbrowse

digital signature, Uncategorized,

Hello readers! Just wanted to let you know about a publisher called SAfe downlOAd gtL before going back to writing some code for FreeFixer.

The following screenshot shows the User Account Control dialog when running the SAfe downlOAd gtL file:

SAfe downlOAd gtL publisher

By examining the certificate, we can see that SAfe downlOAd gtL is located in Dublin, Ireland. The certificate is issued by thawte SHA256 Code Signing CA.

SAfe downlOAd gtL cert

The reason I’m writing this blog post is that the SAfe downlOAd gtL file is detected by many of the anti-malwares at VirusTotal. ESET-NOD32 classifies Player.exe as a variant of Win32/OutBrowse.CB potentially unwanted, Malwarebytes detects it as PUP.Optional.Outbrowse and Sophos calls it Generic PUA OC.

SAfe downlOAd gtL anti-virus report

Did you also find an SAfe downlOAd gtL? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

VLADIMIR MASLOV – 54% Detection Rate – Adware.Terkcop / MultiPlug / Graftor / Eldorado

digital signature,

Hello readers! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called VLADIMIR MASLOV.

VLADIMIR MASLOV publisher

If you have a VLADIMIR MASLOV file on your computer you may have noticed that VLADIMIR MASLOV pops up as the publisher in the User Account Control dialog when running the file. The certificate information can also be viewed from Windows Explorer. The screenshot below shows the VLADIMIR MASLOV certificate. From the certificate info we can see that VLADIMIR MASLOV appears to be located in Minsk, Belarus.

VLADIMIR MASLOV cert

If you are considering to run the VLADIMIR MASLOV signed file, I’ll advice you not to. Delete it instead. Just check out detection list by some of the anti-virus program:

ClamAV classifies Download Uc Browser V Handler Zip.exe as Win.Adware.Graftor-1196, F-Prot calls it W32/S-bb33fd8b!Eldorado, F-Secure detects it as Gen:Variant.Adware.Terkcop, Microsoft classifies it as SoftwareBundler:Win32/InstalleRex and Sophos detects it as MultiPlug.

VLADIMIR MASLOV virus total

Did you also find a VLADIMIR MASLOV file? Do you remember where you downloaded it?

Thank you for reading.