Category Archives: digital signature

SERGEY SEMENOV – 14% Detection Rate

digital signature

Welcome! Just a quick post on a publisher called SERGEY SEMENOV.

SERGEY SEMENOV publisher

It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the SERGEY SEMENOV certificate. Sergey appears to be located in Russia.

SERGEY SEMENOV cert

Fortinet detects the file as Riskware/Badur, Tencent classifies it as Trojan.Win32.Qudamah.Gen.2 and VBA32 detects it as suspected of Heur.Malware-Cryptor.Multiplug.

SERGEY SEMENOV anti virus report

Did you also find a SERGEY SEMENOV file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.

just accepT – 12% Detection Rate – OutBrowse

digital signature, ,

Hi there! Short on time today, but I just wanted to give you the heads up on a publisher called just accepT.

just accepT publisher

You can see who the signer is when double-clicking on an executable file. just accepT appears in the publisher field in the dialog that pops up. You can also see the just accepT certificate by looking under the Digital Signature tab on the file’s properties. According to the certificate, just accepT is located in Dublin in Ireland.

just accepT certificate

After uploading the just accepT file – Player.exe – to VirusTotal, it was clear that it’s probably better to delete the file than running it. The detection rate was 12% and some of the detection names were: Downloader.HFI and Artemis!83841CFEAEC6.

just accepT virus total

Did you also find a just accepT file?

Thank you for reading.

ALEKSANDR FEDOROV – 28% Detection Rate

digital signature,

Welcome! If you’ve been following me for the last year you know that I’ve been examining many software publishers that put a digital signature on their downloads. Today I found another publisher called ALEKSANDR FEDOROV.

ALEKSANDR FEDOROV publisher

You can see who the signer is when double-clicking on an executable file. ALEKSANDR FEDOROV appears in the publisher field in the dialog that pops up. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the ALEKSANDR FEDOROV certificate. According to that he is located in Russia.

ALEKSANDR FEDOROV certificate

The reason for posting about ALEKSANDR FEDOROV is that the file is detected by many of the anti-virus programs. Fortinet reports Download Uc Browser V Handler Zip.exe as Riskware/Badur, GData detects it as Gen:Variant.Adware.MPlug.42, Malwarebytes detects it as PUP.Optional.Multiplug and Tencent calls it Trojan.Win32.Qudamah.Gen.2.

ALEKSANDR FEDOROV

Since you probably came here after finding a download that was signed by ALEKSANDR FEDOROV, please share what kind of download it was and if it was reported by the anti-viruses at VirusTotal.

Thank you for reading.

Safemode Install (Fried Cookie Ltd) – 9% Detection Rate

digital signature,

Hi there! Just a short post on a publisher called Safemode Install (Fried Cookie Ltd) before going back to some coding on FreeFixer. The file is called chrome_setup.exe.

Safemode Install Fried Cookie Ltd certificate

By looking at the certificate we can see that Safemode Install (Fried Cookie Ltd) appears to be located in Tel Aviv in Israel.

The issue here is that if chrome_setup.exe really was an installer for Google Chrome, it should be signed by Google Inc. and not by some unknown company. Here’s how the authentic Google Chrome looks like when you double click on it. Notice that the “Verified publisher” says “Google Inc”.
Chrome Google Inc publisher

So, what’s the problem? Well, some of the anti-virus over at VirusTotal detects the Safemode Install file. Application.Win32.FriedCookie.CIRK, Trojan.InstallCore.844, a variant of Win32/InstallCore.ZM potentially unwanted and PUP.Optional.InstallCore.SID.C are some of the detection names.

Safemode Install anti-virus report

Did you also find an Safemode Install (Fried Cookie Ltd)? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thanks for reading.

Artem Leonidov – 18% Detection Rate – MultiPlug

digital signature,

Hello readers! Just a short note on a publisher called Artem Leonidov. This is how Artem Leonidov appears when running the file:

Artem Leonidov publisher

The certificate is issued by Certum Code Signing CA. And the publisher is located in Russia:

Artem Leonidov certificate

When I uploaded the file to VirusTotal – as I usually do when I find something that looks suspicious – 18% of the scanners detected the file. The file is detected as a variant of Win32/Adware.MultiPlug.LG by ESET-NOD32, PUP.Optional.Bundle by Malwarebytes, Trojan.Win32.Qudamah.Gen.6 by Tencent and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

Artem Leonidov virus total report

Did you also find a Artem Leonidov file? Do you remember where you downloaded it?

Thank you for reading.

VYACHESLAV KULOV – 30% Detection Rate at VirusTotal

digital signature,

Hello! Lately I’ve been looking on the digital signatures on those files that push various types of unwanted programs. This morning I found a new file called Medal Of Honour PC Game Full version Free Download.exe, digitally signed by VYACHESLAV KULOV.

VYACHESLAV KULOV publisher

You can see who the signer is when double-clicking on an executable file. VYACHESLAV KULOV appears in the publisher field in the dialog that pops up and he appears to be located in Russia. The certificate is issued by Certum Code Signing CA.

VYACHESLAV KULOV certificate

When I uploaded the VYACHESLAV KULOV file to VirusTotal, it came up with a 30% detection rate. The file is detected as a variant of Win32/Adware.MultiPlug.KU by ESET-NOD32, Gen:Variant.Adware.Mplug by F-Secure, MultiPlug by Sophos and suspected of Heur.Malware-Cryptor.Multiplug by VBA32.

VYACHESLAV KULOV anti-virus report

The download bundled a bunch of other software, such as PriceMinus and BestAdBlocker.

Did you also find a VYACHESLAV KULOV file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thanks for reading.

Arseniy Petrov – 39% Detection Rate – MultiPlug / InstalleRex / Qudamah

digital signature, ,

Hello readers! Sorry for the lack of posts during last week. I’ve been having a few days off.

This morning I playing around and testing some downloads when I found a file signed by Arseniy Petrov.

Arseniy Petrov publisher

Windows will display Arseniy Petrov as the publisher when running the file. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Arseniy Petrov certificate.

Arseniy Petrov certificate

Arseniy Petrov is located in Ukraine according to the cert.

22 of the anti-virus scanners detected the file. Avira names Download Uc Browser V Handler Zip.exe as TR/Crypt.XPACK.Gen, BitDefender reports Gen:Variant.Adware.Mplug.45, Malwarebytes detects it as PUP.Optional.MultiPlug, Microsoft detects it as SoftwareBundler:Win32/InstalleRex, Sophos reports MultiPlug and Tencent reports Trojan.Win32.Qudamah.Gen.2.

Arseniy Petrov anti-virus report

Did you also find a Arseniy Petrov file? Do you remember where you downloaded it?

Thank you for reading.

Setup Super (Fried Cookie Ltd.) – 16% Detection Rate – InstallCore

digital signature, ,

Hello! I was playing around and testing some downloads when I found a file digitally signed by Setup Super (Fried Cookie Ltd.).

This is how Setup Super (Fried Cookie Ltd.) appears when running the file:

Setup Super Fried Cookie Ltd publisher

By examining the certificate, we can see that Setup Super (Fried Cookie Ltd.) is located in Tel Aviv, Israel. The certificate is issued by GlobalSign CodeSigning CA – G2.

Setup Super Fried Cookie certificate

The reason I’m writing this blog post is that the Setup Super (Fried Cookie Ltd.) file is detected by some of the anti-virus scanners at VirusTotal. Comodo detects installer_jdownloader_English.exe as Application.Win32.InstallCore.UD, Malwarebytes reports PUP.Optional.InstallCore.SID.C and VIPRE detects it as InstallCore (fs).

Setup Super anti-virus report

Did you also find a file digitally signed by Setup Super (Fried Cookie Ltd.)? Where did you find it and are the anti-virus programs detecting it? Please share in the comments below.

Thanks for reading.

Igor Menyalo – 41% Detection Rate – MultiPlug / Qudamah / Kazy

digital signature, , ,

Hi there! Just a note on a publisher called Igor Menyalo. The Igor Menyalo download  was detected when I uploaded it to VirusTotal. Did you also find a download by Igor Menyalo? Was it also detected when you uploaded it to VirusTotal?

Igor Menyalo publisher

That’s how it looks when double-clicking on the file and Igor Menyalo appears as the publisher. It is also possible to check a digital signature by looking at a file’s properties. Here’s a screenshot of the Igor Menyalo certificate.

Igor Menyalo certificate

 

Igor Menyalo appears to be located in Russia.

TR/Crypt.XPACK.Gen, Gen:Variant.Adware.Kazy.611186, W32/S-0625bdde!Eldorado, PUP.Optional.MultiPlug and Trojan.Win32.Qudamah.Gen.0 are some detection names according to VirusTotal:

Igor Menyalo anti-virus report

I decided to run the Igor Menyalo signed file, and it offered three additional programs called PriceMinus, BestAdBlocker and MyPC Backup in the installer.

Did you also find an Igor Menyalo? Do you remember the download link? Please post it in the comments below and I’ll upload it to VirusTotal to see if that one is also detected.

Thank you for reading.

Download Verified – 9% Detection Rate – DownloadAdmin / Atraps / Qudamah

digital signature

Hello! Lately I’ve been looking on the digital signatures on those files that push various types of potentially unwanted programs. This morning I found a new file digitally signed by Download Verified.

Just wanted to let you know that the Download Verified file is that it is detected by some of the anti-malwares. Here are some of the detection names: Trojan.Win32.Atraps.b, Trojan.Win32.Qudamah.Gen.7 and DownloadAdmin (fs).

Download Verified anti-virus report

Did you also find a Download Verified file? What kind of download was it? If you remember the download link, please post it in the comments below.

Thank you for reading.