Category Archives: digital signature

ALEKSANDR MOROZOV – 14% Detection Rate At VirusTotal

digital signature

Hello! Just wanted to give you the heads up on files digitally signed by ALEKSANDR MOROZOV.

ALEKSANDR MOROZOV publisher

You will also see ALEKSANDR MOROZOV listed as the verified publisher in the User Account Control dialog that pops up if you try to run the file: It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the ALEKSANDR MOROZOV certificate.

ALEKSANDR MOROZOV cert

Win32:MultiPlug-AAE [PUP], a variant of Win32/Adware.MultiPlug.MO, Unwanted-Program ( 0040f9681 ) and Suspicious.Cloud.5 are some detection names according to VirusTotal:

ALEKSANDR MOROZOV virus total

Did you also find a file digitally signed by ALEKSANDR MOROZOV? What kind of download was it and where did you find it?

Thanks for reading.

SERGEY NIKITIN – Detected as MultiPlug, Graftor, Qudamah etc

digital signature, , ,

Hello! Just a short post on a publisher called SERGEY NIKITIN. I just found a download named Download.exe that was digitally signed by this publisher, and it turns out that it is detected by some anti-virus programs.

SERGEY NIKITIN publisher

You can also look at the SERGEY NIKITIN certificate and digital signature by looking under the Digital Signatures tab on the file’s properties. According to the certificate, SERGEY NIKITIN is located in Zaporizhia, Zaporizhska in Ukraine.

SERGEY NIKITIN certificate

The VirusTotal report shows that the SERGEY NIKITIN file should be avoided, since Download.exe is detected as Gen:Variant.Adware.Graftor.198034 by BitDefender, PUP.Optional.MultiPlug by Malwarebytes, Suspicious.Cloud.5 by Symantec and Trojan.Win32.Qudamah.Gen.4 by Tencent.

SERGEY NIKITIN virus report

Did you also find a SERGEY NIKITIN file?

Thanks for reading.

OtOPIa Soft – 25% Detection Rate – OutBrowse / Artemis

digital signature

Hi there! Just wanted to give you the heads up on a publisher called OtOPIa SOft

OtOPIa SOft publisher

You can see who the signer is when double-clicking on an executable file. OtOPIa SOft appears in the publisher field in the dialog that pops up. To view more information about the certificate you can right-click on the file, then choose Properties and then select the Digital Signatures tab. According to the certificate we can see that OtOPIa SOft is located in Dublin, Ireland and that the certificate is issued by thawte SHA256 Code Signing CA.

OtOPIa SOft cert

So, why did I put up this blog post? Well, the thing is that the OtOPIa SOft file is detected by many of the anti-malware scanners, according to VirusTotal. AVG names Player.exe as Downloader.KAM, Malwarebytes calls it Trojan.Inject, McAfee-GW-Edition detects it as Artemis and VIPRE detects it as OutBrowse (fs)

OtOPIa SOft anti-virus report

Did you also find a file signed by OtOPIa SOft? What kind of download was it and where did you find it?

Thanks for reading.

IGOR MIHAYLOV – 35% Detection Rate at VirusTotal

digital signature, , ,

Hello! Just wanted to give you the heads up on files digitally signed by IGOR MIHAYLOV.

IGOR MIHAYLOV publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the IGOR MIHAYLOV certificate. It seems Igor is located in Russia.

IGOR MIHAYLOV cert

These are the current VirusTotal detections for the file. Trojan.Adware.Graftor.D30592, Generic6.BBOM, a variant of Win32/Adware.MultiPlug.MN, Gen:Variant.Adware.Graftor and SoftwareBundler:Win32/InstalleRex as a few of the detection names for the file I found.

IGOR MIHAYLOV anti-virus report

Did you also find a IGOR MIHAYLOV file? Do you remember where you downloaded it?

Hope this blog post helped you avoid some unwanted software on your machine.

Thanks for reading.

Rodion Bordin – 33% Anti-Virus Detection Rate

digital signature

Hello readers! Just a short note on a publisher called Rodion Bordin.

Rodion Bordin publisher

This is how it looks when double-clicking on the file and Rodion Bordin appears as the publisher. The certificate is issued by Certum Code Signing CA.

Rodion Bordin digital signature

So, why did I put up this blog post? Well, the thing is that the Rodion Bordin file is detected by many of the anti-malware scanners, according to VirusTotal. Ad-Aware detects the file as Trojan.Agent.BKMF, DrWeb names it Trojan.PWS.Qqpass.11207, Malwarebytes names it PUP.Optional.MultiPlug and Tencent classifies it as Trojan.Win32.Qudamah.Gen.0

Rodion Bordin anti-virus report

Did you also find a Rodion Bordin file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Danil Vlasov – 40% Detection at VirusTotal

digital signature

Hi there! Just a quick post on a file named Moborobo.exe signed by Danil Vlasov.

Danil Vlasov publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Danil Vlasov certificate.

Danil Vlasov certificate

The reason I’m writing this blog post is that the Danil Vlasov file is detected by many of the anti-malwares at VirusTotal. Avira reports Moborobo.exe as TR/Crypt.XPACK.Gen, BitDefender detects it as Gen:Variant.Strictor.88461, Fortinet detects it as Riskware/Generic.AC.4386 and Sophos detects it as MultiPlug.

Danil Vlasov virustotal report

Did you also find a Danil Vlasov file?

Thank you for reading.

Kiril Semyakov – 46% Detection Rate – Adware.Agent.PQH / Win32:FakeDownload-F

digital signature,

Hello readers! Just a quick post today, since I’m busy working with the next release of FreeFixer. Did you see a file on your system digitally signed by Kiril Semyakov? Then read on..

Kiril Semyakov publisher

Windows will display Kiril Semyakov as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Kiril Semyakov certificate.

Kiril Semyakov cert

According to this, Kiril is located in Ukraine.

The reason I’m writing this blog post is that the Kiril Semyakov file is detected by many of the anti-malwares at VirusTotal. Avast classifies the file as Win32:FakeDownload-F [PUP], F-Secure reports Adware.Agent.PQH, Ikarus detects it as PUA.Win32.InstalleRex, McAfee-GW-Edition detects it as MultiPlug-FYT and Sophos reports MultiPlug.

Kiril Semyakov anti-virus report

Did you also find a Kiril Semyakov file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.

EVGENIY NESTEROV – 24% Detection Rate At VirusTotal

digital signature

Welcome! Short on time today, but I just wanted to give you the heads up on a publisher called EVGENIY NESTEROV.

This is how EVGENIY NESTEROV appears when running the file:

EVGENIY NESTEROV publisher

The certificate is issued by Certum Code Signing CA. Evgeniy appears to be located in Russia.

EVGENIY NESTEROV digital signature

So, why am I writing about the EVGENIY NESTEROV file? Check out what the anti-malware software report about the file:

EVGENIY NESTEROV virustotal

Avast reports the file as Win32:FakeDownload-F [PUP], Ikarus detects it as PUA.Win32.InstalleRex, Sophos calls it MultiPlug and Tencent classifies it as Trojan.Win32.Qudamah.Gen.6 are a few of the detection names for [share_ebook] MediaWiki Administrators’ Tutorial Guide [ReUpload].exe.

Did you also find a EVGENIY NESTEROV download? What kind of download was it?

Thanks for reading.

ALEKSEY TIMOFEEV – 32% Detection Rate

digital signature,

Hello! Just a note on a publisher called ALEKSEY TIMOFEEV. The ALEKSEY TIMOFEEV download was detected when I uploaded it to VirusTotal. Did you also find a download by ALEKSEY TIMOFEEV? Was it also detected when you uploaded it to VirusTotal?

ALEKSEY TIMOFEEV publisher

If you have a ALEKSEY TIMOFEEV file on your computer you may have noticed that ALEKSEY TIMOFEEV pops up as the publisher in the User Account Control dialog when running the file. The certificate is issued by Certum Code Signing CA.

ALEKSEY TIMOFEEV certificate

Aleksey appears to be located in Russia.

The scan result from VirusTotal below clearly shows why you should avoid the ALEKSEY TIMOFEEV file. It is detected under names such as a variant of Win32/Adware.MultiPlug.LX, Gen:Variant.Adware.Mplug and Trojan.Win32.Qudamah.Gen.2.

ALEKSEY TIMOFEEV anti-virus report

Did you also find a ALEKSEY TIMOFEEV download? What kind of download was it?

Thank you for reading.

ALEKSANDR SHORNIKOV – 30% Detection Rate at VirusTotal

digital signature

Hi there! Just a quick post on a file digitally signed by ALEKSANDR SHORNIKOV.

ALEKSANDR SHORNIKOV publisher

If you have a ALEKSANDR SHORNIKOV file on your machine you may have noticed that ALEKSANDR SHORNIKOV is displayed as the publisher in the UAC dialog when double-clicking on the file. The certificate is issued by Certum Code Signing CA.

ALEKSANDR SHORNIKOV certificate

17 of the 56 anti-virus scanners detected the file. Avast classifies it as Win32:FakeDownload-E [PUP], Avira detects it as TR/Crypt.XPACK.Gen, F-Secure classifies it as Gen:Variant.Adware.MPlug, Tencent reports Trojan.Win32.Qudamah.Gen.2 and VBA32 detects it as suspected of Heur.Malware-Cryptor.Multiplug.

ALEKSANDR SHORNIKOV virus total report

Since you probably came here after finding a file that was digitally signed by ALEKSANDR SHORNIKOV, please share what kind of download it was and if it was detected by the anti-malware progams at VirusTotal.

Thank you for reading.